Probleme avec des pop up Résolu

Question

Salut, depuis plusieur jour j'ai des pop up incessant qui arrivent sans que je sois pour autant sur mon naviguateur. J'ai fais un scan avec ad-aware-se et spybot mais sans succés... J'ai vu que le logicielle hijackthis pouvé régler  mon probleme voici le scan :Logfile of HijackThis v1.99.1Scan saved at 15:30:12, on 24/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Apps\ActivBoard
hksrv.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\mnmsrvc.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Virtual CD v4 SDK\system\vcssecs.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\Virtual CD v4 SDK\system\vcsplay.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\mozilla.org\Mozilla\mozilla.exeC:\Program Files\Shareaza\Shareaza.exeC:\apps\ActivSurf\4448364\Program\backweb-4448364.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\eMule\emule.exeC:\WINDOWS\system32\slrundll.exeC:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exeC:\Documents and Settings\Charly\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=sslR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmpO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXEO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exeO4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -sO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version3/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/fileshar...O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player...O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - https://www.afternic.com/domains/downloadv3.comO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exeO23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXEO23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exeDonc si quelqun pouvait m'éclairer ça serait  pas de refus ^^ merci

green day · Answer

Salut

# Télécharge ceci: (merci a S!RI pour ce petit programme).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.

@+

charly40 · Answer

voila le raport :

SmitFraudFix v2.65

Rapport fait à 16:07:52,32, 24/06/2006
Executé à partir de C:\Documents and Settings\Charly\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe PRESENT !
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\hp???.tmp PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\regperf.exe PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charly\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charly\Favoris

C:\DOCUME~1\Charly\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.coupsdecoeur.net/indexwallpaper/films/belphegor.jpg"
"SubscribedURL"="http://www.coupsdecoeur.net/indexwallpaper/films/belphegor.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:/DOCUME~1/Charly/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Charly/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"

[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

green day · Answer

re

ok,

# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

Télécharge ceci :

Lien : http://www.infos-du-net.com/telecharger/HijackThis.html

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

bon courage; @+

charly40 · Answer

re,merci pour ton aide SmitFraudFix v2.65Rapport fait à 16:30:58,34, 24/06/2006Executé à partir de C:\Documents and Settings\Charly\Bureau\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600] - Windows_NTFix executé en mode sans echec»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]@="C:\WINDOWS\system32\acvgxw.dll"[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]@="C:\WINDOWS\system32\acvgxw.dll"»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!RiC:\WINDOWS\system32\acvgxw.dll -> Missing File»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectésC:\WINDOWS\system32\atmclk.exe suppriméC:\WINDOWS\system32\dcomcfg.exe suppriméC:\WINDOWS\system32\hp???.tmp suppriméC:\WINDOWS\system32\ld????.tmp suppriméC:\WINDOWS\system32\ot.ico suppriméC:\WINDOWS\system32egperf.exe suppriméC:\WINDOWS\system32\simpole.tlb suppriméC:\WINDOWS\system32\stdole3.tlb suppriméC:\WINDOWS\system32	s.ico suppriméC:\WINDOWS\system32\1024\ suppriméC:\DOCUME~1\Charly\Favoris\Antivirus Test Online.url supprimé»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé.  »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Finet Logfile of HijackThis v1.99.1Scan saved at 16:41:03, on 24/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Apps\ActivBoard
hksrv.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\mnmsrvc.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Virtual CD v4 SDK\system\vcssecs.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton Internet Security\NISSERV.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\Virtual CD v4 SDK\system\vcsplay.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\apps\ActivSurf\4448364\Program\backweb-4448364.exeC:\Apps\ActivBoard\MMKeybd.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Apps\ActivBoard\TrayMon.exeC:\WINDOWS\system32undll32.exeC:\Apps\ActivBoard\OSD.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\mozilla.org\Mozilla\mozilla.exeC:\Documents and Settings\Charly\Bureau\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Messenger\msmsgs.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=sslR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXEO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exeO4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -sO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htmO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version3/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/fileshar...O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player...O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - https://www.afternic.com/domains/downloadv3.comO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exeO23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXEO23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

green day · Answer

re #Désactiver la Restauration du système * Cliquez sur le bouton Démarrer. * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés. * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet
ewdotnet7_22.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe" -osboot O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -sO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO10 - Hijacked Internet access by New.NetO16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cabO16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version3/Applet/wchatsign.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/fileshar...O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player...O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - https://www.afternic.com/domains/downloadv3.comO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - https://www.afternic.com/domains/downloadv3.com ensuite cherche et supprime le fichier en gras :C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL de même cherche et supprime les programmes du même nom ainsi que celui-ci : New.net*Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs .*Relance Ccleaner ,vas dans l'onglet "nettoyeur" present sur la gauche, decoche la derniere case (Avancé si elleest cochée) puis clique sur "lancer le nettoyage" https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html tuto: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.phpet enfin fais le 1/ et 2/ de ce lien stp :virus methode preliminaire de desinfection version frbon courage, @+***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***

charly40 · Answer

re,J'ai fixé toutes les lignes mais un message d'erreur c'est affiché : Hijackthis cannot repair O10 Winsock LSPentries. J'ai desactivé la restauration systeme et supprimer les fichiers.ewido anti-spyware - Scan Report--------------------------------------------------------- + Created at:	13:05:24 25/06/2006 + Scan result:	[1072] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[1196] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[1928] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[2148] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[2308] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.[2720] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.[2956] C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL -> Adware.NewDotNet : No action taken.[3152] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[3560] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[572] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[804] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[872] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.[956] C:\Program Files\NewDotNet
ewdotnet7_22.dll -> Adware.NewDotNet : No action taken.::Report endIl me reste le scan de bitdefender mais c'est très long... tchao

green day · Answer

Salut   New.net  est encore là ... cherche et supprime le fichier en gras : C:\Program Files\NewDotNet
ewdotnet7_22.dll++***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***

charly40 · Answer

salut

J'arrive pas a supprimer le dossier newdonet...
Voila le rapport qui manquait :

BitDefender Online Scanner

Scan report generated at: Mon, Jun 26, 2006 - 07:35:25

Scan path: A:\;C:\;D:\;E:\;R:\;

Statistics

Time

13:46:07

Files

531632

Folders

9435

Boot Sectors

3

Archives

9005

Packed Files

43325

Results

Identified Viruses

40

Infected Files

56

Suspect Files

2

Warnings

0

Disinfected

0

Deleted Files

94

Engines Info

Virus Definitions

389421

Engine build

AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins

13

Archive plugins

39

Unpack plugins

5

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\4load.exe

Infected with: GenPack:Trojan.Swizzor.GI

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\4load.exe

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\4load.exe

Deleted

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\logo four.exe

Infected with: Trojan.Swizzor.AX

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\logo four.exe

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\logo four.exe

Deleted

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\MODELOVE.exe

Infected with: GenPack:Trojan.Swizzor.GI

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\MODELOVE.exe

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Soft More Memo Eggs\MODELOVE.exe

Deleted

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\block-checker-xp.exe=>(ZIP Sfx o)=>archstored:2

Infected with: Trojan.Muldrop.2788.A

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\block-checker-xp.exe=>(ZIP Sfx o)=>archstored:2

Disinfection failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\block-checker-xp.exe=>(ZIP Sfx o)=>archstored:2

Deleted

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\block-checker-xp.exe=>(ZIP Sfx o)

Update failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20041215.rar=>FUFU7BO.exe

Infected with: Worm.Drefir.E.Dam.2

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20041215.rar=>FUFU7BO.exe

Disinfection failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20041215.rar=>FUFU7BO.exe

Deleted

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20041215.rar

Update failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050109.rar=>QBB8JHM.exe

Infected with: Worm.Drefir.E.Dam.2

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050109.rar=>QBB8JHM.exe

Disinfection failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050109.rar=>QBB8JHM.exe

Deleted

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050109.rar

Update failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050110.rar=>TGMQs02.exe

Infected with: Worm.Drefir.E.Dam.2

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050110.rar=>TGMQs02.exe

Disinfection failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050110.rar=>TGMQs02.exe

Deleted

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\Flash GOLDEN INTERSTAR CI 8005 premium\King sat\mise.a jour chaines\multisat20050110.rar

Update failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\TP\jeux\ecran_on_off.exe

Infected with: Joke.Scrswitch

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\TP\jeux\ecran_on_off.exe

Disinfection failed

C:\Documents and Settings\Charly\Bureau\Raccourcis Bureau non utilisés\TP\jeux\ecran_on_off.exe

Deleted

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\Dragon Ball Z 1 à 72.rar=>Dragon Ball Z 1 … 72\DBZ - 036 - Une nouvelle destination.avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_141-145_[ARF].rar=>[DVDrip]_DragonBall_Z_141-145_[ARF]\[DVDrip]_DragonBall_Z_144_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_141-145_[ARF].rar=>[DVDrip]_DragonBall_Z_141-145_[ARF]\[DVDrip]_DragonBall_Z_145_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar=>[DVDrip]_DragonBall_Z_146-150_[ARF]\Thumbs.db

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar=>[DVDrip]_DragonBall_Z_146-150_[ARF]\[DVDrip]_DragonBall_Z_146_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar=>[DVDrip]_DragonBall_Z_146-150_[ARF]\[DVDrip]_DragonBall_Z_147_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar=>[DVDrip]_DragonBall_Z_146-150_[ARF]\[DVDrip]_DragonBall_Z_148_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_146-150_[ARF].rar=>[DVDrip]_DragonBall_Z_146-150_[ARF]\[DVDrip]_DragonBall_Z_149_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_151_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_152_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_153_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_154_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_155_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar=>[DVDrip]_DragonBall_Z_156-160_[ARF]\Thumbs.db

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar=>[DVDrip]_DragonBall_Z_156-160_[ARF]\[DVDrip]_DragonBall_Z_156_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar=>[DVDrip]_DragonBall_Z_156-160_[ARF]\[DVDrip]_DragonBall_Z_157_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar=>[DVDrip]_DragonBall_Z_156-160_[ARF]\[DVDrip]_DragonBall_Z_158_[ARF].avi

Clean

C:\Documents and Settings\Charly\Mes documents\Mes vidéos\DBZ\[DVDrip]_DragonBall_Z_156-160_[ARF].rar=>[DVDrip]_DragonBall_Z_156-160_[ARF]\[DVDrip]_DragonBall_Z_159_[ARF].avi

Clean

C:\Documents and Settings\mélody\Application Data\Adverts\uninst.exe

Infected with: Trojan.Lopad.K

C:\Documents and Settings\mélody\Application Data\Adverts\uninst.exe

Disinfection failed

C:\Documents and Settings\mélody\Application Data\Adverts\uninst.exe

Deleted

C:\Documents and Settings\mélody\Application Data\Blehtick\MFCD POP TITLE.exe

Infected with: GenPack:Trojan.Downloader.Swizzor.CB

C:\Documents and Settings\mélody\Application Data\Blehtick\MFCD POP TITLE.exe

Disinfection failed

C:\Documents and Settings\mélody\Application Data\Blehtick\MFCD POP TITLE.exe

Deleted

C:\Documents and Settings\mélody\Application Data\C2Media\Setup.exe

Infected with: Trojan.Lopad.C

C:\Documents and Settings\mélody\Application Data\C2Media\Setup.exe

Disinfection failed

C:\Documents and Settings\mélody\Application Data\C2Media\Setup.exe

Deleted

C:\Documents and Settings\mélody\Local Settings\Temp\spucbpnl.exe

Infected with: Trojan.Swizzor.CG

C:\Documents and Settings\mélody\Local Settings\Temp\spucbpnl.exe

Disinfection failed

C:\Documents and Settings\mélody\Local Settings\Temp\spucbpnl.exe

Deleted

C:\Documents and Settings\mélody\Local Settings\Temp\sta2.exe

Infected with: GenPack:Trojan.Swizzor.A

C:\Documents and Settings\mélody\Local Settings\Temp\sta2.exe

Disinfection failed

C:\Documents and Settings\mélody\Local Settings\Temp\sta2.exe

Deleted

C:\Documents and Settings\mélody\Local Settings\Temp\sta39.exe

Infected with: GenPack:Trojan.Swizzor.BT

C:\Documents and Settings\mélody\Local Settings\Temp\sta39.exe

Disinfection failed

C:\Documents and Settings\mélody\Local Settings\Temp\sta39.exe

Deleted

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Application Data\C2Media\Setup.exe

Infected with: Trojan.Lopad.B

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Application Data\C2Media\Setup.exe

Disinfection failed

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Application Data\C2Media\Setup.exe

Deleted

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Local Settings\Temp\UpdatedUpdaterInstall.exe

Infected with: MemScan:Trojan.Downloader.KeenValue.A

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Local Settings\Temp\UpdatedUpdaterInstall.exe

Disinfection failed

C:\Documents and Settings\sandrine2\Bureau\Sandrine\Local Settings\Temp\UpdatedUpdaterInstall.exe

Deleted

C:\Program Files\Adverts\uninst.exe

Infected with: Trojan.Lopad.K

C:\Program Files\Adverts\uninst.exe

Disinfection failed

C:\Program Files\Adverts\uninst.exe

Deleted

C:\Program Files\mozilla.org\Mozilla\ErrorSafeScannerInstall_fr.exe

Infected with: Trojan.Downloader.TS

C:\Program Files\mozilla.org\Mozilla\ErrorSafeScannerInstall_fr.exe

Disinfection failed

C:\Program Files\mozilla.org\Mozilla\ErrorSafeScannerInstall_fr.exe

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\02DC7FED=>(Quarantine-2)

Infected with: Joke.Jep.Russ

C:\Program Files\Norton AntiVirus\Quarantine\02DC7FED=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02DC7FED=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\02E029E9=>(Quarantine-2)

Infected with: Joke.Jep.Russ

C:\Program Files\Norton AntiVirus\Quarantine\02E029E9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02E029E9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\03583784=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.AG

C:\Program Files\Norton AntiVirus\Quarantine\03583784=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\03583784=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08B44082=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.Dam.2

C:\Program Files\Norton AntiVirus\Quarantine\08B44082=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\08B44082=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\09757778=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.AG

C:\Program Files\Norton AntiVirus\Quarantine\09757778=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\09757778=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0D5F28CB

Infected with: Win32.Netsky.C@mm

C:\Program Files\Norton AntiVirus\Quarantine\0D5F28CB

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\15053376=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.BQ

C:\Program Files\Norton AntiVirus\Quarantine\15053376=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\15053376=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\17B36A5F.dll=>(Quarantine-2)

Infected with: Trojan.Downloader.Wintrim.AI

C:\Program Files\Norton AntiVirus\Quarantine\17B36A5F.dll=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\17B36A5F.dll=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\18130D46

Infected with: JS.Trojan.Psyme.AX

C:\Program Files\Norton AntiVirus\Quarantine\18130D46

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\18130D46

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\18E23E54=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.DE

C:\Program Files\Norton AntiVirus\Quarantine\18E23E54=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\18E23E54=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1DB308F9=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.DA

C:\Program Files\Norton AntiVirus\Quarantine\1DB308F9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1DB308F9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\20956F75=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.AK

C:\Program Files\Norton AntiVirus\Quarantine\20956F75=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\20956F75=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\275A4EFC=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.Dam.2

C:\Program Files\Norton AntiVirus\Quarantine\275A4EFC=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\275A4EFC=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\27D11536=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.CN

C:\Program Files\Norton AntiVirus\Quarantine\27D11536=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\27D11536=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\294444F7=>(Quarantine-2)

Suspected of: BehavesLike:Trojan.HangUp

C:\Program Files\Norton AntiVirus\Quarantine\294444F7=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\294444F7=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32C004A3=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.Dam.2

C:\Program Files\Norton AntiVirus\Quarantine\32C004A3=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32C004A3=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\35ED207C=>(Quarantine-2)

Infected with: Trojan.Wintrim.BJ

C:\Program Files\Norton AntiVirus\Quarantine\35ED207C=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\35ED207C=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\3A0C7BAF=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.Z

C:\Program Files\Norton AntiVirus\Quarantine\3A0C7BAF=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\3A0C7BAF=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\40600291.exe=>(Quarantine-2)

Infected with: Worm.Padobot.M

C:\Program Files\Norton AntiVirus\Quarantine\40600291.exe=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\40600291.exe=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\412C4DAB=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.J

C:\Program Files\Norton AntiVirus\Quarantine\412C4DAB=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\412C4DAB=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\42885E62=>(Quarantine-2)

Suspected of: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\42885E62=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\42885E62=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4C5B6EFB=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.CR

C:\Program Files\Norton AntiVirus\Quarantine\4C5B6EFB=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4C5B6EFB=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\53EA41FE=>(Quarantine-2)

Infected with: Trojan.Download.Dyfuca.AD

C:\Program Files\Norton AntiVirus\Quarantine\53EA41FE=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\53EA41FE=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\57EB2AF9=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.DE

C:\Program Files\Norton AntiVirus\Quarantine\57EB2AF9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\57EB2AF9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\588E0112=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.BW

C:\Program Files\Norton AntiVirus\Quarantine\588E0112=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\588E0112=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\58987F08=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.BW

C:\Program Files\Norton AntiVirus\Quarantine\58987F08=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\58987F08=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\589E5300=>(Quarantine-2)

Infected with: Trojan.Downloader.Wintrim.BC

C:\Program Files\Norton AntiVirus\Quarantine\589E5300=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\589E5300=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\58A526F9=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.CQ

C:\Program Files\Norton AntiVirus\Quarantine\58A526F9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\58A526F9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\58AB7AF2=>(Quarantine-2)

Infected with: Trojan.NSearch.A

C:\Program Files\Norton AntiVirus\Quarantine\58AB7AF2=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\58AB7AF2=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\637B66F8=>(Quarantine-2)

Infected with: Trojan.NSearch.A

C:\Program Files\Norton AntiVirus\Quarantine\637B66F8=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\637B66F8=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\6A094CE9=>(Quarantine-2)

Infected with: Worm.Padobot.M

C:\Program Files\Norton AntiVirus\Quarantine\6A094CE9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\6A094CE9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\70972EFE=>(Quarantine-2)

Infected with: Trojan.Downloader.Small.DG

C:\Program Files\Norton AntiVirus\Quarantine\70972EFE=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\70972EFE=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\798867D9=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.BQ

C:\Program Files\Norton AntiVirus\Quarantine\798867D9=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\798867D9=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B837DAE=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.CR

C:\Program Files\Norton AntiVirus\Quarantine\7B837DAE=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B837DAE=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B8627AA=>(Quarantine-2)

Detected with: Application.Dialer.FI

C:\Program Files\Norton AntiVirus\Quarantine\7B8627AA=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B8627AA=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B8951A7=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.DE

C:\Program Files\Norton AntiVirus\Quarantine\7B8951A7=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B8951A7=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B8D7BA3=>(Quarantine-2)

Infected with: Trojan.Downloader.Dyfuca.DA

C:\Program Files\Norton AntiVirus\Quarantine\7B8D7BA3=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B8D7BA3=>(Quarantine-2)

Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7F6946D3=>(Quarantine-2)

Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\7F6946D3=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7F6946D3=>(Quarantine-2)

Deleted

C:\WINDOWS\system32\msdlupd.dll

Infected with: Trojan.Downloader.Dyfuca.DN

C:\WINDOWS\system32\msdlupd.dll

Deleted

C:\WINDOWS\system32\navshext1.dll

Infected with: Trojan.Click.AE

C:\WINDOWS\system32\navshext1.dll

Disinfection failed

C:\WINDOWS\system32\navshext1.dll

Deleted

green day · Answer

Salut J'arrive pas a supprimer le dossier newdonet... c'est à dire ??? poste un nouveau hijackthis stp @+***j'ai decidé d'être heureux parce que c'est bon pour la santé ! ( Voltaire )***

charly40 · Answer

SAlut,C'est bon je l'ai supprimé le dossier.Logfile of HijackThis v1.99.1Scan saved at 20:16:57, on 26/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Apps\ActivBoard
hksrv.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Virtual CD v4 SDK\system\vcssecs.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\Virtual CD v4 SDK\system\vcsplay.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\eMule\emule.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Charly\Bureau\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=sslR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXEO4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exeO4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htmO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dllO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exeO23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXEO23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exemerci

green day · Answer

re ok, pour ma part, ton log est ok ! où en sont tes soucis ??? @+

charly40 · Answer

re,C'est ok pour ma part aussi. Plus de pop up!!! Merci encore.

green day · Answer

de rien ;-)installe un parfeu si tu n'en as pas  pour la maintenance futur :https://sebsauvage.net/safehex.htmlsecurite proteger un ordinateur contre les malwares d internet@+

worshipper · Answer

Bonjour,

J'ai des soucis de pop up sur mon blog (moi et tout les utilisateurs et visiteurs de mon blog voient le meme soucis). Alors, je sais pas du tout si ça vient de moi ou pas... vu que les autres l'ont aussi... ou alors c moi qui le genererait étant la "webmaster" du blog en question ? Comprend rien... :'(

Par sécurité, je passe tout mes anti-spy et le reste... et je scan... pour le moment il ne trouve rien.

J'ai survolé les post précédent... c'est du charabia pour moi ! help !

Probleme avec des pop up

14 réponses

Votre réponse

Discussions similaires

Newsletters