Sujet Précédent Sujet Suivant

[Virus] Pop-up sans arrêt virus -Bitcomet

Jean-Philippe Guérin -  
 Jean-Philippe -
Bon, je peux vous dire que c'est rare que je demande de l'aide car j'arrive généralement à me débrouiller, mais là je dois avouer que je sais plus quoi faire, j'ai lis des postes pour des problèmes semblable à moi, mais j'arrivais pas à comprendre. Donc voila mon problème; j'avais BitComet, une ancienne version, ils m'ont dit de télécharger une nouvelle version car il y a une chance de virus avec celle-ci, j'ai ignoré l'avertissement et j'ai terminé mon téléchargement, le problème est qu'il s'est passé je sais trop quoi et je me suis mis à avoir plein d'erreur pas rapport. Donc j'ai tout fermé, et j'ai fait un scan avec Avast!4, Spybot et Ad-Aware, çà m'a enlevé beaucoup de merde de spyware mais au bout de la ligne j'ai toujours des sacrés pop-up quand j'ouvre internet explorer principalement, et ce sont souvent des pop-up du genre; partypoker ... ! Merci énormement de votre aide !! :D
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
Jean-Philippe Guérin
 
Bonjour,

Ouais Marie, je fais tout ce que Kristopher me demande. Il ne me reste que BD a terminer dans ce qu'il m'a demandé et je peux dire tout suite que j'ai encore le virus.. ! Comment est-ce que je fais pour avoir le log complet de BitDefender? J'y arrive pas..! Pour ton programme Marie et bien il ne s'initialise pas; çà me dit:

F-Secure Blacklight could not acquire necessary privileges.(SeDebugPrivilege)

-Your computer settings may prevent acquiring these privileges.
-A malicious program might disabled these privileges.

J'ai désactivé mon firewall et mon anti-virus. Et çà n'a rien changé.

Je vous envoie mon BD log dans pas long.. si vous me dites comment car je n'y arrive pas ! :S
1
Réponse 2 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Bon...JOUR ? (pas étonnant que personne ne te réponde)

Pour commencer, rends toi ici :

virus methode preliminaire de desinfection version fr

Suis le tutoriel et effectue soigneusement ce qui est demandé.

N'oublie pas de copier/coller les 3 rapports à la fin.

Bonne après-midi, Kristopher
0
Réponse 3 / 32
Jean-Philippe Guérin
 
Bonjour, désolé pour mon manque de savoir vivre sur le fait de vous dire bonjour, je suis habitué d'être sur un forum de hockey ou nous parlons pas très bien ... complètement désolé. Donc pour mon problème j'ai fait 2 scans sur 3 car le 2ieme etant l'antivirus doit prendre environ 4h étant donné mon disque dur assez énorme. Je vous donne donc les résultats des 2 autres, et si vous devez avoir absolument le 3ieme, et bien je suis après le faire à l'instant même. Pour votre information, mon problème est toujours là après le scan sur les spywares.. merci ! Jean-Philippe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:30:58 2006-09-08

+ Scan result:

C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents\My Completed Downloads\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Temporary Internet Files\Content.IE5\OP894ZLG\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\UP87EXQ5\xpl[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\AN0FAZ2L\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\NXL2PN2M\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\T0OFLTCD\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Program Files\BitComet\Downloads\Google Earth Pro Map (Full Cracked).rar/GoogleEarthPro.exe/iexplorer.exe -> Hijacker.VB.ib : Cleaned with backup (quarantined).
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temporary Internet Files\Content.IE5\UP87EXQ5\new3[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Ignored.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\ICD4.tmp\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.
C:\Installation\Nudge.zip/Nudge.exe -> Not-A-Virus.IMFlooder.Win32.VB.dn : Ignored.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@homedepotca.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.10:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.44:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.263:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.111:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.113:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.251:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.252:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.12:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.7:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Cookies\jean-philippe guérin@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.254:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.255:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.256:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.231:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Temp\Cookies\jean-philippe guérin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\jean-philippe guérin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@e-2dj6wjloojazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@e-2dj6wjmiwlazihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@e-2dj6wjkoencjkcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.15:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.45:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.295:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.91:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.184:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.285:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.286:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.128:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.129:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.130:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.210:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.6:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.7:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.8:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.9:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.209:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.21:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.22:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.133:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.176:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.160:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.161:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.162:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.163:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.39:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.205:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.207:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.190:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.197:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.182:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.142:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.167:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.169:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.34:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.287:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.288:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.289:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.292:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.293:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.294:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.296:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Application Data\Mozilla\Firefox\Profiles\07iozjhe.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\MORT\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\jean-philippe guérin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\Documents and Settings\MORT\Application Data\Mozilla\Firefox\Profiles\633oxhmt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Cookies\jean-philippe guérin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\MORT\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-16edb09d-32913a8a.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup (quarantined).

::Report end

------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:56:55, on 2006-09-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

Merci et bonne journée !
0
Réponse 4 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Jean-Philippe,

Comme vous avez pu le constater, les moeurs de notre forum CCM diffèrent de votre forum de hockey ;)

Revenons à notre discussion initiale à présent...

Vous êtes plus qu'infecté, votre PC est une usine de malwares en fait lol

- Méthode à suivre dans l'ordre -

1/ Vide la quarantaine d'Ewido.

2/ Télécharge et nettoie ton PC avec CCLEANER :

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

Utilisation :
- Dans l'onglet "Nettoyeur" cliquer sur "Analyse". Une fois l'analyse terminée, cliquer sur "Lancer le Nettoyage".
- Dans l'onglet "Erreurs" cliquer sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuer une sauvegarde de votre registre (comme proposé). Recommencer jusqu’à qu’il n’y est plus d’erreurs détectés.

3/ Télécharge absolument un firewall qui va fermer les port(e)s aux hackers.
Par exemple, Sunbelt Kerio Personal Firewall : https://www.01net.com/telecharger/windows/Securite/firewall/fiches/22418.html
Tutorial là : https://forums.cnetfrance.fr

4/ Désinstalle AVG et remplace le par Avast! qui est plus performant (et également gratuit) :

- Télécharge, mets à jour et effectue un scan Minutieux de ton PC avec Avast! ici :
https://www.avast.com/free-antivirus-download

Tutoriel là :
http://www.tutopat.com/viewtopic.php?t=1541

5/ Scanne ton PC avec cet antivirus en ligne (uniquement sous IE) :
http://www.bitdefender.fr/scan8/ie.html
Clique sur "J'accepte" puis accepte également l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Ensuite, clique sur "Cliquez ici pour scanner".
Patiente jusqu'à la fin du scan...
Copie/colle le rapport sur le forum.

6/ Remets un nouveau log HijackThis.

PS : Ne fais pas attention au temps estimé par le scan de l'antivirus en ligne car très souvent, ça se finit bien plus vite.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Jean-Philippe Guérin
 
Bonjour, j'ai fais tout ce que tu m'a demandé, voici les rapports du Hijack et du Bitdefender:

Logfile of HijackThis v1.99.1
Scan saved at 12:54:04, on 2006-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

------------------------------------------------------------------------
Bit Defender:

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Infected with: Trojan.Spy.Keylogger.AI

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Disinfection failed

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Deleted

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)
Update failed

C:\Installation\SETUP\131468.exe=>wise0016
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Installation\SETUP\131468.exe=>wise0016
Deleted

C:\Installation\SETUP\131468.exe
Update failed

C:\Installation\SETUP\131468.exe=>wise0017
Infected with: Trojan.Downloader.Small.BKE

C:\Installation\SETUP\131468.exe=>wise0017
Disinfection failed

C:\Installation\SETUP\131468.exe=>wise0017
Deleted

C:\Installation\SETUP\131468.exe
Update failed

C:\Installation\SETUP\14410.exe=>wise0018
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Installation\SETUP\14410.exe=>wise0018
Deleted

C:\Installation\SETUP\14410.exe
Update failed

C:\Installation\SETUP\14410.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\Installation\SETUP\14410.exe=>wise0019
Disinfection failed

C:\Installation\SETUP\14410.exe=>wise0019
Deleted

C:\Installation\SETUP\14410.exe
Update failed

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
Deleted

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
Update failed

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Disinfection failed

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Deleted

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
Update failed

Je semble toujours avoir le problème de popup mais il semble être moins fréquent en apparence du moins.
0
Réponse 6 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Salut,

Il est incomplet ton rapport BitDefender.

En en plus je t'avais dit de le faire dans l'ordre, d'abord BD et ensuite HT.

Alors :

1/ Commencer par télécharger ces deux antispywares gratuits et complémentaires :

Ad-Aware :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

Correctif permettant d'utiliser le logiciel en français ici :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/25543.html

SpyBot Search & Destroy :
https://www.safer-networking.org/download/

2/ Exécuter Ad-Aware, le mettre à jour, effectuer une analyse complète du système et supprimer les infections trouvées.

Voir le tutoriel ici :

https://forums.cnetfrance.fr

3/ Exécuter Spybot Search & Destroy, le mettre à jour et effectuer une vaccination du système pour corriger les problèmes de sécurité. Puis, vérifier tout le système pour supprimer les spywares trouvés.

Voir le tutoriel ici :

https://forums.cnetfrance.fr

4/ Refais un scan avec BitDefender (tu colleras le rapport en entier) et ensuite un nouveau log HT.
0
Réponse 7 / 32
Jean-Philippe Guérin
 
Salut, en passant je te les simplement donné dans le mauvais ordre, pcq j'ai fait BD en premier ! Je tout suivi à la lettre, excepté pour BD, le logfile, je me trouve à l'avoir sauvegardé dans mon ordi, mais j'ai pas réussi a voir le logfile au complet, je sais pas trop comment !
0
Réponse 8 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Ok, fais un effort la prochaine fois si tu veux que ton PC soit bien désinfecté ;)

Fais ce que je t'ai marqué plus haut, on verra après pour le reste...

a+
0
Réponse 9 / 32
Jean-Philippe Guérin
 
Ouais, je fais mes 2 scans avec ad-aware, spybot, ensuite je repasse chez BD et je te montre tout sa !

Merci encore une fois ! :)
0
Réponse 10 / 32
Jean-Philippe Guérin
 
Salut,

Avast qui scan en continue vient de me trouver ce virus la:
Win32:KeyLogger-AU [Tool]

Je sais pas si çà te dis dequoi .. en tous cas.. ad-aware se fait a l'instant ou on jase !

JP!
0
Réponse 11 / 32
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Slt,

Pour avancer

As-tu fait ce que t'as demandé Kristopher ???

Perso je passerai un coup de

Télécharge Blacklight(de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exeet accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

A++

0
Réponse 12 / 32
Jean-Philippe Guérin
 
Salut,

Voici mes test BD et HIjack:

BitDefender Online Scanner

Scan report generated at: Mon, Sep 11, 2006 - 15:27:23

Scan path: C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Local Settings\Application Data\Microsoft\Messenger\mapledeck@hotmail.com\Sharing Folders;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents;C:\Documents and Settings\All Users.WINDOWS\Documents;C:\;E:\;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Mes documents;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\CEGEP;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Diane;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Entretien - Ordinateur;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Icones;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\KaTh-RyN;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Musique - Exercices;C:\Documents and Settings\Jean-Philippe Guérin.THEOXTRACK2\Bureau\Stage Basell;

Statistics

Time
01:28:57

Files
642329

Folders
8288

Boot Sectors
3

Archives
4992

Packed Files
66839

Results

Identified Viruses
3

Infected Files
7

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7

Engines Info

Virus Definitions
453688

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Infected with: Trojan.Spy.Keylogger.AI

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Disinfection failed

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)=>zlib_nsis0006
Deleted

C:\Documents and Settings\MORT\Local Settings\Temporary Internet Files\Content.IE5\E58F2HYD\keylogger-download[1].zip=>HomeKeyLogger-setup.exe=>(NSIS o)
Update failed

C:\Installation\SETUP\131468.exe=>wise0016
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Installation\SETUP\131468.exe=>wise0016
Deleted

C:\Installation\SETUP\131468.exe
Update failed

C:\Installation\SETUP\131468.exe=>wise0017
Infected with: Trojan.Downloader.Small.BKE

C:\Installation\SETUP\131468.exe=>wise0017
Disinfection failed

C:\Installation\SETUP\131468.exe=>wise0017
Deleted

C:\Installation\SETUP\131468.exe
Update failed

C:\Installation\SETUP\14410.exe=>wise0018
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Installation\SETUP\14410.exe=>wise0018
Deleted

C:\Installation\SETUP\14410.exe
Update failed

C:\Installation\SETUP\14410.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\Installation\SETUP\14410.exe=>wise0019
Disinfection failed

C:\Installation\SETUP\14410.exe=>wise0019
Deleted

C:\Installation\SETUP\14410.exe
Update failed

:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0018
Deleted

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
Update failed

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Infected with: Trojan.Downloader.Small.BKE

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Disinfection failed

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe=>wise0019
Deleted

C:\System Volume Information\_restore{1AB599C8-4C69-40F9-ADF8-5918FCD00B50}\RP268\A0042631.exe
Update failed

------------------------------------------------------------------------
Autre parti du BD:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Mon, Sep 11, 2006 - 16:59:45

--------------------------------------------------------------------------------

Scan Info

Scanned Files
642809

Infected Files
7

Virus Detected

Application.Adware.NewDotNet.B.Dropper
3

Trojan.Downloader.Small.BKE
3

Trojan.Spy.Keylogger.AI
1

------------------------------------------------------------------------

Hijack maintenant:

Logfile of HijackThis v1.99.1
Scan saved at 17:00:52, on 2006-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O15 - Trusted Zone: *.dollarrevenue.com
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

------------------------------------------------------------------------

Juste pour t'informer, j'ai toujours mon problème, je veux pas te mettre de pression du tout, juste t'en informer, et encore merci pour tout ton aide! :D

JP
0
Réponse 13 / 32
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Slt,

Essaie ça
Stp
Merci
# Télécharger l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Dézipper l2mfix.exe sur le bureau ;
- Dans le dossier du programme, double-cliquer sur l2mfix.bat ;
- Choisir OPTION 1 (Run find log) et valider par la touche [Entrée] ;
=> Un rapport sera généré dans le Bloc-notes, se reconnecter pour le poster au forum.

ensuite :

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

refais un hitjackthis

A++

0
Réponse 14 / 32
Jean-Philippe Guérin
 
Voici mon premier test:

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wbhext.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\pGpnetsh.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\cZrds.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A280CDEB-7B1F-0C09-34C2-DA18B332C24E}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{1EBC3533-B289-409F-9924-B84B3F0717D2}"="AceFTP Context Menu Shell Extension"
"{3AC7D292-2B27-47FC-BB9D-8C3FE7977CAA}"=""
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{67F38264-AEF8-450E-9823-24A25B3C57EC}"=""
"{AD1EBA9D-D626-4951-A288-27CC199D9F92}"=""
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
bitcom~1.dll Fri 2006-09-01 1:48:26 A.... 2 560 2,50 K
nsy6d.dll Mon 2006-08-14 20:52:34 A.... 78 848 77,00 K
sirenacm.dll Sat 2006-07-29 19:32:50 A.... 48 936 47,79 K

3 items found: 3 files, 0 directories.
Total of file sizes: 130 344 bytes 127,29 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est CC34-2477

R‚pertoire de C:\WINDOWS\System32

2006-06-04 12:22 <REP> dllcache
2005-12-11 19:43 <REP> Microsoft
0 fichier(s) 0 octets
2 R‚p(s) 111ÿ151ÿ628ÿ288 octets libres
0
Réponse 15 / 32
Jean-Philippe Guérin
 
Rebonjour,
Et voici la deuxième partie:

L2mfix 051206
Creating Account.
La commande s'est termin‚e correctement.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)

Merci infiniment de m'aider à résoudre ce sacré problème !! :(
0
Réponse 16 / 32
Jean-Philippe Guérin
 
Bonjour, après tout ces essaies de programme et anti-virus, firewall, ce qui s'est amélioré est le fait que mes popups sont maintenant moins fréquentes et les pop-ups sont a 80% du temps des pages blanches bloqué par le firewall, mais parfois quelques unes déjouent le firewall, bizaremment, souvent celle de Party Poker.. !

Merci
Jean-Philippe
0
Réponse 17 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Salut,

Supprime le dossier en gras :

C:\Program Files\PartyGaming

Puis coche et fixe ces lignes avec HijackThis :

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O15 - Trusted Zone: *.dollarrevenue.com

Ensuite :

Télécharge LSPFix :
http://cexx.org/LSPFix.exe
Ou là si ça ne fonctionne pas :
http://www.downloads.subratam.org/lspfix.zip

Exécute "LSPFix.exe".

Coche : "I Know what I'm doing".

Dans la colonne de gauche (Keep), sélectionne l'entrée nvappfilter.dll (seulement celle là) et place la dans la colonne de droite (remove) avec le bouton ">>".

Clique sur "Finish >>".

Puis remets un nouveau log HT à la fin.

a+
0
Réponse 18 / 32
Jean-Philippe Guérin
 
Salut,
Voici le log après ce que tu m'as demandé!

Logfile of HijackThis v1.99.1
Scan saved at 11:29:14, on 2006-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AutoCAD 2005\acad.exe
C:\DOCUME~1\JEAN-P~1.THE\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)
O23 - Service: app_filter - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
0
Réponse 19 / 32
Jean-Philippe Guérin
 
Salut Kristopher,

Selon moi tu touches au bobo ! Mais j'ai toujours les pop-ups, mais on est pas loin d'après moi! Merci de m'aider tant !!!

JP
0
Réponse 20 / 32
Kristopher Messages postés 3752 Statut Contributeur 106
 
Re,

1/ Coche et fixe ces lignes :

O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsy6D.dll

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://k4tl-lryn-26.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\wbhext.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\pGpnetsh.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cZrds.dll (file missing)

2/ Scanne ton PC avec cet antispyware en ligne :
https://www.trendmicro.com/en_us/forHome/products/housecall.html
Clique sur "I Accept" et patiente un peu…
Ensuite, clique sur "Start Scan"
À la fin du scan "Scan Results" -> "Clean Threats Now"

3/ - Télécharge le logiciel SmitfraudFix crée par S!Ri :
http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le.

- Ouvre le dossier "SmitfraudFix" qui sera apparu, double clic sur "Smitfraudfix.cmd", choisis l’option 1, un log va être généré…

Copie et colle le rapport sur le forum.

Ensuite

Fais cette manipulation :

- Redémarre le PC en mode "sans échec" : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode "sans échec".

- Tu relances SmitfraudFix cette fois-ci en choisissant l'option 2 et tu réponds oui à tout.

Colle le nouveau rapport après.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses