Adware-gen...
Résolu
sofi
-
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Séb08 Messages postés 18169 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
Mon pc est infecte de virus... : adware-gen, lookme-gen, spyware-gen, trojan-gen, trojano-2873
j'ai scanne avec avast...
je ne sais pas trop quoi faire vu que je m'y connais pas trop en informatique...
voici mon rapport avec hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:31:28, on 06/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Jun\Bureau\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.proximus.be/pickx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\g8jo0i13e8.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINNT\system32\en40l1hm1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
merci de votre aide!
Mon pc est infecte de virus... : adware-gen, lookme-gen, spyware-gen, trojan-gen, trojano-2873
j'ai scanne avec avast...
je ne sais pas trop quoi faire vu que je m'y connais pas trop en informatique...
voici mon rapport avec hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:31:28, on 06/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\dfndrff_e24.exe
C:\kybrdff_e24.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\Jun\Bureau\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.proximus.be/pickx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O20 - Winlogon Notify: Reliability - C:\WINNT\system32\g8jo0i13e8.dll (file missing)
O20 - Winlogon Notify: Setup - C:\WINNT\system32\en40l1hm1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
merci de votre aide!
A voir également:
- Adware-gen...
- Adware cleaner - Télécharger - Antivirus & Antimalwares
- Adware - Guide
- Oxy-gen - Télécharger - Généalogie
- Win32:malware-gen ✓ - Forum Virus
- Mi box s 1st gen vs 2nd gen - Accueil - TV & Vidéo
15 réponses
Salut,
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp avec un nouveau rapport hijackthis
A++
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp avec un nouveau rapport hijackthis
A++
hello,
alors ca y est jai fait smitfraudfix et look2me-destroyer,
voici les rapports:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 07/10/2006 21:46:10
Infected! C:\WINNT\system32\dnn8015ue.dll
Infected! C:\WINNT\system32\szmatmsg.dll
Infected! C:\WINNT\system32\dnn8015ue.dll
Infected! C:\WINNT\system32\ooedlg.dll
Infected! C:\WINNT\system32\dnj0011me.dll
Infected! C:\WINNT\system32\ir68l5ju1.dll
Infected! C:\WINNT\system32\mcvbvm60.dll
Attempting to delete infected files...
Attempting to delete: C:\WINNT\system32\dnn8015ue.dll
C:\WINNT\system32\dnn8015ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\szmatmsg.dll
C:\WINNT\system32\szmatmsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dnn8015ue.dll
C:\WINNT\system32\dnn8015ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ooedlg.dll
C:\WINNT\system32\ooedlg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dnj0011me.dll
C:\WINNT\system32\dnj0011me.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir68l5ju1.dll
C:\WINNT\system32\ir68l5ju1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mcvbvm60.dll
C:\WINNT\system32\mcvbvm60.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{805020EB-58FB-4C4F-B760-F9BEE414E60B}"
HKCR\Clsid\{805020EB-58FB-4C4F-B760-F9BEE414E60B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E7D67B2-9C04-4A2C-8173-16D0C54D6213}"
HKCR\Clsid\{7E7D67B2-9C04-4A2C-8173-16D0C54D6213}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7383595-6891-4CB1-9F13-958D921E731F}"
HKCR\Clsid\{D7383595-6891-4CB1-9F13-958D921E731F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6D7C5DE0-9F93-48C4-BE84-130ECA2642C8}"
HKCR\Clsid\{6D7C5DE0-9F93-48C4-BE84-130ECA2642C8}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{843F2DA7-FAF8-46F2-8080-24B6F6BE4E1D}"
HKCR\Clsid\{843F2DA7-FAF8-46F2-8080-24B6F6BE4E1D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1B4BFF06-4C0C-4952-A08C-D32AA2A7CD61}"
HKCR\Clsid\{1B4BFF06-4C0C-4952-A08C-D32AA2A7CD61}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB5B5FA9-D61A-4A29-82B3-1B14F75F6A8E}"
HKCR\Clsid\{EB5B5FA9-D61A-4A29-82B3-1B14F75F6A8E}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 22:10:39, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TextPad 4\TextPad.exe
C:\Documents and Settings\Jun\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila a +!
alors ca y est jai fait smitfraudfix et look2me-destroyer,
voici les rapports:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 07/10/2006 21:46:10
Infected! C:\WINNT\system32\dnn8015ue.dll
Infected! C:\WINNT\system32\szmatmsg.dll
Infected! C:\WINNT\system32\dnn8015ue.dll
Infected! C:\WINNT\system32\ooedlg.dll
Infected! C:\WINNT\system32\dnj0011me.dll
Infected! C:\WINNT\system32\ir68l5ju1.dll
Infected! C:\WINNT\system32\mcvbvm60.dll
Attempting to delete infected files...
Attempting to delete: C:\WINNT\system32\dnn8015ue.dll
C:\WINNT\system32\dnn8015ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\szmatmsg.dll
C:\WINNT\system32\szmatmsg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dnn8015ue.dll
C:\WINNT\system32\dnn8015ue.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ooedlg.dll
C:\WINNT\system32\ooedlg.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\dnj0011me.dll
C:\WINNT\system32\dnj0011me.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\ir68l5ju1.dll
C:\WINNT\system32\ir68l5ju1.dll Deleted successfully!
Attempting to delete: C:\WINNT\system32\mcvbvm60.dll
C:\WINNT\system32\mcvbvm60.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{805020EB-58FB-4C4F-B760-F9BEE414E60B}"
HKCR\Clsid\{805020EB-58FB-4C4F-B760-F9BEE414E60B}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E7D67B2-9C04-4A2C-8173-16D0C54D6213}"
HKCR\Clsid\{7E7D67B2-9C04-4A2C-8173-16D0C54D6213}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7383595-6891-4CB1-9F13-958D921E731F}"
HKCR\Clsid\{D7383595-6891-4CB1-9F13-958D921E731F}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6D7C5DE0-9F93-48C4-BE84-130ECA2642C8}"
HKCR\Clsid\{6D7C5DE0-9F93-48C4-BE84-130ECA2642C8}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{843F2DA7-FAF8-46F2-8080-24B6F6BE4E1D}"
HKCR\Clsid\{843F2DA7-FAF8-46F2-8080-24B6F6BE4E1D}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1B4BFF06-4C0C-4952-A08C-D32AA2A7CD61}"
HKCR\Clsid\{1B4BFF06-4C0C-4952-A08C-D32AA2A7CD61}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EB5B5FA9-D61A-4A29-82B3-1B14F75F6A8E}"
HKCR\Clsid\{EB5B5FA9-D61A-4A29-82B3-1B14F75F6A8E}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrateurs - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 22:10:39, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TextPad 4\TextPad.exe
C:\Documents and Settings\Jun\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
voila a +!
OK !
Fais un clic droit sur l'outil HijackThis! >> "Renommer", puis renomme-le en scan.exe
Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici.
a+
Fais un clic droit sur l'outil HijackThis! >> "Renommer", puis renomme-le en scan.exe
Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici.
a+
ok ca yest,
Logfile of HijackThis v1.99.1
Scan saved at 22:18:37, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jun\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:18:37, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashWebSv.exe
C:\anti virus 2\ashMaiSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jun\Bureau\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A6B8086-4F0F-4640-9A31-827C885E91F5}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok c'etait juste pour vérif , tu pourras le renommer ...
Je ne vois pas le rapport de smitfraudfix et tu as encore du smitfraud de présent dans ton log Hijack donc ...
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp avec un nouveau rapport hijackthis
Je vois aussi que tu as 3 antivirus (McAfee; Norton, Avast!) donc vires en 2 car 1 te suffit largement sinon ca cré des conflits. Si tu payes pour Norton garde le jusqu'au terme de ton abonnement.
A++
Je ne vois pas le rapport de smitfraudfix et tu as encore du smitfraud de présent dans ton log Hijack donc ...
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Copie/colle le rapport sur le forum stp avec un nouveau rapport hijackthis
Je vois aussi que tu as 3 antivirus (McAfee; Norton, Avast!) donc vires en 2 car 1 te suffit largement sinon ca cré des conflits. Si tu payes pour Norton garde le jusqu'au terme de ton abonnement.
A++
alors voici les rapports:
SmitFraudFix v2.105
Rapport fait à 23:48:02,81, sam. 07/10/2006
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 23:55:30, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashMaiSv.exe
C:\anti virus 2\ashWebSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Documents and Settings\Jun\Bureau\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
et je vais enlever les 2antivirus..
en tout cas je nai plus de pub ki saffichent tout le temps, c'est cool merci beaucoup!
SmitFraudFix v2.105
Rapport fait à 23:48:02,81, sam. 07/10/2006
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 23:55:30, on 07/10/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\anti virus 2\aswUpdSv.exe
C:\anti virus 2\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InCD\InCDsrv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\anti virus 2\ashMaiSv.exe
C:\anti virus 2\ashWebSv.exe
C:\WINNT\Explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\ANTIVI~2\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Documents and Settings\Jun\Bureau\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\ANTIVI~2\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [ntdll.dll] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\anti virus 2\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\anti virus 2\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\anti virus 2\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\anti virus 2\ashWebSv.exe" /service (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\InCD\InCDsrv.exe
O23 - Service: McShield - Network Associates, Inc. - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
et je vais enlever les 2antivirus..
en tout cas je nai plus de pub ki saffichent tout le temps, c'est cool merci beaucoup!
Salut,
clic sur démarrer, poste de travail, C:, program files et supprime ces dossiers
Deskbar
MSN Apps
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
Cherche et supprime ce fichier si encore présent:
scorti.exe
**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici
Ewido: (reste gratuit après la période d'essai)
Ewido
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
clic sur démarrer, poste de travail, C:, program files et supprime ces dossiers
Deskbar
MSN Apps
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
Cherche et supprime ce fichier si encore présent:
scorti.exe
**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici
Ewido: (reste gratuit après la période d'essai)
Ewido
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
alors voila les rapports:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:13:44 08/10/2006
+ Scan result:
C:\WINNT\SnVu\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINNT\SnVu\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WX4NODQF\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\SMHANNEL.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINNT\iconu.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_27785.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_55043.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_80874.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_87878.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\dfndrff_e20.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\dfndrff_e22.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\nwnmff_e22.exe -> Downloader.Adload.fs : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload45a[1].exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\kybrdff_e18.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\kybrdff_e20.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\kybrdff_e22.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WX4NODQF\kybrdff_e[2].exe -> Downloader.Adload.gb : Cleaned with backup (quarantined).
C:\kybrdff_e21.exe -> Downloader.Adload.gb : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\loader[2].exe -> Downloader.Adload.gf : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\dfndrff_e_uit[1].exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\dfndrff_e21.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\Documents and Settings\Jun\Cookies\jun@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
BitDefender Online Scanner
Scan report generated at: Sun, Oct 08, 2006 - 13:39:08
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
03:20:29
Files
265425
Folders
3528
Boot Sectors
2
Archives
4115
Packed Files
29222
Results
Identified Viruses
12
Infected Files
16
Suspect Files
4
Warnings
0
Disinfected
0
Deleted Files
21
Engines Info
Virus Definitions
474418
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINNT\system32\lsyss.exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\WINNT\system32\lsyss.exe
Disinfection failed
C:\WINNT\system32\lsyss.exe
Deleted
C:\WINNT\system32\TFTP1316
Infected with: Backdoor.Rbot.XN
C:\WINNT\system32\TFTP1316
Disinfection failed
C:\WINNT\system32\TFTP1316
Deleted
C:\WINNT\system32\TFTP1016
Infected with: Backdoor.Rbot.XN
C:\WINNT\system32\TFTP1016
Disinfection failed
C:\WINNT\system32\TFTP1016
Deleted
C:\WINNT\system32\i
Infected with: Generic.Botget.D7B4734B
C:\WINNT\system32\i
Deleted
C:\WINNT\Temp\eraseme_15655.exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\WINNT\Temp\eraseme_15655.exe
Disinfection failed
C:\WINNT\Temp\eraseme_15655.exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Infected with: Trojan.Proxy.493
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Suspected of: BehavesLike:Trojan.Downloader
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Infected with: Trojan.Downloader.Adload.EE
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Infected with: Generic.Malware.dld!!.2CB32F80
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>HEIGHT.exe
Infected with: Win32.Klez.H@mm
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>HEIGHT.exe
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx
Update failed
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Suspected of: Macro.VBA
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Disinfection failed
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Infected with: Backdoor.RBot.CJC
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Deleted
C:\doc.exe
Suspected of: BehavesLike:Trojan.Downloader
C:\doc.exe
Disinfection failed
C:\doc.exe
Deleted
C:\dfndrff_e23.exe
Detected with: Adware.Softomate.R
C:\dfndrff_e23.exe
Disinfection failed
C:\dfndrff_e23.exe
Deleted
C:\kybrdff_e23.exe
Infected with: Trojan.Downloader.Adload.DT
C:\kybrdff_e23.exe
Disinfection failed
C:\kybrdff_e23.exe
Deleted
C:\nwnmff_e20.exe
Infected with: Trojan.Downloader.Adload.EH
C:\nwnmff_e20.exe
Disinfection failed
C:\nwnmff_e20.exe
Deleted
C:\nwnmff_e21.exe
Infected with: Trojan.Downloader.Adload.EE
C:\nwnmff_e21.exe
Disinfection failed
C:\nwnmff_e21.exe
Deleted
C:\nwnmff_e23.exe
Infected with: Trojan.Downloader.Adload.FS
C:\nwnmff_e23.exe
Disinfection failed
C:\nwnmff_e23.exe
Deleted
a +!
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:13:44 08/10/2006
+ Scan result:
C:\WINNT\SnVu\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINNT\SnVu\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WX4NODQF\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\system32\SMHANNEL.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINNT\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINNT\iconu.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_27785.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_55043.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_80874.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\WINNT\system32\setup_87878.exe -> Backdoor.SdBot.axn : Cleaned with backup (quarantined).
C:\dfndrff_e20.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\dfndrff_e22.exe -> Downloader.Adload.fk : Cleaned with backup (quarantined).
C:\nwnmff_e22.exe -> Downloader.Adload.fs : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload45a[1].exe -> Downloader.Adload.fu : Cleaned with backup (quarantined).
C:\kybrdff_e18.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\kybrdff_e20.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\kybrdff_e22.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WX4NODQF\kybrdff_e[2].exe -> Downloader.Adload.gb : Cleaned with backup (quarantined).
C:\kybrdff_e21.exe -> Downloader.Adload.gb : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\loader[2].exe -> Downloader.Adload.gf : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\dfndrff_e_uit[1].exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\dfndrff_e21.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\Documents and Settings\Jun\Cookies\jun@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Jun\Cookies\jun@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
BitDefender Online Scanner
Scan report generated at: Sun, Oct 08, 2006 - 13:39:08
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
03:20:29
Files
265425
Folders
3528
Boot Sectors
2
Archives
4115
Packed Files
29222
Results
Identified Viruses
12
Infected Files
16
Suspect Files
4
Warnings
0
Disinfected
0
Deleted Files
21
Engines Info
Virus Definitions
474418
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINNT\system32\lsyss.exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\WINNT\system32\lsyss.exe
Disinfection failed
C:\WINNT\system32\lsyss.exe
Deleted
C:\WINNT\system32\TFTP1316
Infected with: Backdoor.Rbot.XN
C:\WINNT\system32\TFTP1316
Disinfection failed
C:\WINNT\system32\TFTP1316
Deleted
C:\WINNT\system32\TFTP1016
Infected with: Backdoor.Rbot.XN
C:\WINNT\system32\TFTP1016
Disinfection failed
C:\WINNT\system32\TFTP1016
Deleted
C:\WINNT\system32\i
Infected with: Generic.Botget.D7B4734B
C:\WINNT\system32\i
Deleted
C:\WINNT\Temp\eraseme_15655.exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\WINNT\Temp\eraseme_15655.exe
Disinfection failed
C:\WINNT\Temp\eraseme_15655.exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Infected with: Trojan.Proxy.493
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\installer[1].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Suspected of: BehavesLike:Trojan.Downloader
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\CDAVSPAB\drsmartload1022a[1].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Infected with: Trojan.Downloader.Adload.EE
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\nwnmff_e[2].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Infected with: GenPack:Generic.Sdbot.588E1C41
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\09M7OLA7\f5[2].exe
Deleted
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Infected with: Generic.Malware.dld!!.2CB32F80
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Disinfection failed
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\4TAZWDQF\power[1].exe
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Disinfection failed
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>(message body)
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>HEIGHT.exe
Infected with: Win32.Klez.H@mm
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)=>HEIGHT.exe
Deleted
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)=>[Subject: Language][Date: Wed, 15 May 2002 08:55:42 +0900]=>(MIME part)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx=>(message 125)
Updated
C:\Documents and Settings\Jun\Local Settings\Application Data\Identities\{77BAE2E6-29E5-42D0-85C5-E7C84DFA2EF0}\Microsoft\Outlook Express\Boîte de réception.dbx
Update failed
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Suspected of: Macro.VBA
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Disinfection failed
C:\Documents and Settings\Jun\Bureau\FRASKT00.DOC
Deleted
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Infected with: Backdoor.RBot.CJC
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\355F46A4.exe=>(Quarantine-1)
Deleted
C:\doc.exe
Suspected of: BehavesLike:Trojan.Downloader
C:\doc.exe
Disinfection failed
C:\doc.exe
Deleted
C:\dfndrff_e23.exe
Detected with: Adware.Softomate.R
C:\dfndrff_e23.exe
Disinfection failed
C:\dfndrff_e23.exe
Deleted
C:\kybrdff_e23.exe
Infected with: Trojan.Downloader.Adload.DT
C:\kybrdff_e23.exe
Disinfection failed
C:\kybrdff_e23.exe
Deleted
C:\nwnmff_e20.exe
Infected with: Trojan.Downloader.Adload.EH
C:\nwnmff_e20.exe
Disinfection failed
C:\nwnmff_e20.exe
Deleted
C:\nwnmff_e21.exe
Infected with: Trojan.Downloader.Adload.EE
C:\nwnmff_e21.exe
Disinfection failed
C:\nwnmff_e21.exe
Deleted
C:\nwnmff_e23.exe
Infected with: Trojan.Downloader.Adload.FS
C:\nwnmff_e23.exe
Disinfection failed
C:\nwnmff_e23.exe
Deleted
a +!
Salut,
merci, c'est mieux ..maitenant
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp
et
Fait ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
merci, c'est mieux ..maitenant
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp
et
Fait ce nettoyage: (à faire réguliérement)
¤Telecharges et installes ceci:
CCleaner:
Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Ca y est jai fais smitfraudfix et ccleaner...
SmitFraudFix v2.105
Rapport fait à 21:53:00,44, dim. 08/10/2006
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jun
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jun\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUN\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="NVDESK32.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.105
Rapport fait à 21:53:00,44, dim. 08/10/2006
Executé à partir de C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jun
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jun\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JUN\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="NVDESK32.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
alors, jai essaye avec smitfraudfix mais ya norton qui me dit "script malveillant detecte"
qu'est ce que je dois faire???
a +!
alors, jai essaye avec smitfraudfix mais ya norton qui me dit "script malveillant detecte"
qu'est ce que je dois faire???
Ignore ce message !Et fais la manip indiquée.
Ensuite :
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
www.atribune.org/ccount/click.php?id=7
* Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
* Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
* Coche Run this program as a task
* Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
* Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
* Lorsque le scan termine, clique sur le bouton Remove L2M
* Un message Done Scanning apparaîtra, clique OK.
* Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
* Ton PC va maintenant s'éteindre.
* Démarre ton PC normalement.
* Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
#Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
##Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.
###Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
a+