Problemes avec NewDotNet voir plus Fermé

Question

Bonjour,

Le PC de ma copine est invite par le Malware: NewDotNet. Ayant deja ete infecte par ce malware j ai donc effectuer 6 differentes analyses ( tous les logiciels ont ete mis a jour avant analyse) et poster 3 rapports. Malheuresement, je ne sais pas encore lire les raports hijackthis donc merci de bien vouloir m aider et de me montrer la marche a suivre pour desinfecter le PC. Si vous avez besoin d ino techniques sur le PC demandez moi:

A. CCleaner: ok

B. Ad Aware: ok

C. Spybot 1.4: CEDPStealer et NewDotNet detecte mais impossible a supprimer

D. AVG Antispyware (Ewido): rapport 

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	23:31:31 14/07/2007

 + Scan result:	



HKU\S-1-5-21-3090229206-2167225936-2314788514-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignored.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignored.
C:\Program Files\NewDotNet
ewdotnet7_48.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125917.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125918.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Ignored.
HKLM\SOFTWARE\New.net -> Adware.NewDotNet : Ignored.
HKU\S-1-5-21-3090229206-2167225936-2314788514-1005\Software\New.net -> Adware.NewDotNet : Ignored.
[1360] C:\Program Files\NewDotNet
ewdotnet7_48.dll -> Adware.NewDotNet : Ignored.
[1712] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.
[2728] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.
[552] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.
[988] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : Ignored.
C:\Program Files\Mozilla Firefox\plugins
pclntax.dll -> Adware.Zango : Ignored.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignored.


::Report end

E. Scan online BitDefender

BitDefender Online Scanner
	

 
	

 

Scan report generated at: Sat, Jul 14, 2007 - 22:28:00

 
	

 
	

 

Scan path: C:\;D:\;E:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

00:32:13

Files
	

153754

Folders
	

4910

Boot Sectors
	

4

Archives
	

6967

Packed Files
	

5040
	

 
	

 

Results

Identified Viruses
	

4

Infected Files
	

7

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

5
	

 
	

 

Engines Info

Virus Definitions
	

672199

Engine build
	

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\WINDOWS\NDNuninstall7_48.exe
	

Detected with: Adware.Newdotnet.U

C:\WINDOWS\NDNuninstall7_48.exe
	

Disinfection failed

C:\WINDOWS\NDNuninstall7_48.exe
	

Delete failed

C:\Program Files\NewDotNet
ewdotnet7_48.dll
	

Detected with: Adware.Newdotnet.U

C:\Program Files\NewDotNet
ewdotnet7_48.dll
	

Disinfection failed

C:\Program Files\NewDotNet
ewdotnet7_48.dll
	

Delete failed

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Infected with: Generic.Adw.SaveNow.CE9170FE

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Disinfection failed

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Deleted

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)
	

Update failed

C:\Program Files\filesubmit\NNWDAC638.EXE
	

Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Program Files\filesubmit\NNWDAC638.EXE
	

Deleted

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Infected with: Generic.Adw.SaveNow.56AD4696

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Disinfection failed

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Deleted

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)
	

Update failed

C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125919.exe
	

Detected with: Adware.Newdotnet.U

C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125919.exe
	

Disinfection failed

C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125919.exe
	

Deleted

C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP434\A0125947.EXE
	

Detected with: Application.Adware.NewDotNet.B.Dropper

C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP434\A0125947.EXE
	

Deleted

F. Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:38:23, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Anna Rapca\My Documents\My Received Files\Freeware\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwiC273s2RLPlAK3sNwaWOyrUWzakH2/Huj9UY2oSZLt2c98raB1nHqu7HUIXGsxpQF7oSh8YjF+eJksPxCJYuJUlKltjcePDZ
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.port.ac.uk:81
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anarapca.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/Gadu-Gadu/skins/modern/mes_ico2.gif

Séb08 · Answer

slt,

Lance Spybot ,met le a jour et vaccine le comme indiqué ici

 voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

================
ensuite:

* Redémarres le PC en mode sans échec : Au démarrage tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le [mode sans échec] 

Voir ici si besoin d’aide
windows xp demarrage en mode sans echec

et relance Spybot 1.4 et vire tout ce qu'il te trouve.


ensuite remet un log hijack.

a+

M&M · Answer

Arrête le mode des restauration automatique du système (accessible en touchant Alt-Pause-break) car dans ton cas les points clés précédents ont servi à stocker des copies de spyware.) Tu pourras le relancer quand ton PC sera propre.
 _ç_§: 
(.)#(.)

fancheng · Answer

Merci Seb08 de ton aide, voila j'ai effectue toute les manips demandes. Bizarement il a reussi a suprimer NewDotNet en mpode normal mais je lest quand meme lance en sans echec et voila le log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:40:40, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\NetDrive\wdservice.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anna Rapca\My Documents\My Received Files\Freeware\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwiC273s2RLPlAK3sNwaWOyrUWzakH2/Huj9UY2oSZLt2c98raB1nHqu7HUIXGsxpQF7oSh8YjF+eJksPxCJYuJUlKltjcePDZ
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.port.ac.uk:81
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anarapca.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/Gadu-Gadu/skins/modern/mes_ico2.gif

Séb08 · Answer

ok

lance AVG antispyware 

Met le a jour avant de lancer le scan.

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

 -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

a+

M&M · Answer

on voir une bearshare en page de démarrage, c'est donc qu'il y a de la pollution;
vire les lignes suivantes, cetaines sont inoffensive comme quicktime mais franchement inutiles au fonctionnement de tous les jours:
Si tu n'utilises pas yahoo, pense à désinstaller le toolbar yahoo

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.port.ac.uk:81
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe" -osboot
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins
pchime.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab 

Stopper le lancement automatique avec hijackthis n'efface pas les virus, 
il faut y aller, fonce, quel que soit l'outil de scan
 _ç_§: 
(.)#(.)

fancheng · Answer

Merci Seb voila le rapport de  AVG Antispyware:

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	21:21:52 16/07/2007

 + Scan result:	



HKU\S-1-5-21-3090229206-2167225936-2314788514-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125917.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125918.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP434\A0126000.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP435\A0126118.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins
pclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.16:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.17:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.18:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.33:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.34:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.32:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

fancheng · Answer

Merci Seb, voila le rapport AVG Spyware, en effet j'ai pu apercevoir aue NewDotNet etait encore present mais apparement la mise en quarantaine a marche. 

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	21:21:52 16/07/2007

 + Scan result:	



HKU\S-1-5-21-3090229206-2167225936-2314788514-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125917.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP433\A0125918.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP434\A0126000.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{203A9C89-7A2C-419F-A40E-8C82E0800C2E}\RP435\A0126118.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins
pclntax.dll -> Adware.Zango : Cleaned with backup (quarantined).
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.28:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Anna Rapca\Cookies\anna_rapca@skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.16:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.17:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.18:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.33:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.34:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.32:C:\Documents and Settings\Anna Rapca\Application Data\Mozilla\Firefox\Profiles\4hcd3e3c.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

Séb08 · Answer

ok vide tes quarantaines d'AVG.

Ta resto est ou était infectée donc pour être sur de la rendre saine fais cette manip

¤Désactive ta restauration système (uniquement si tu es sous XP): 
Clic droit sur poste de travail puis, 
propriété, tu cliques sur onglet restauration système 
tu coches la case « désactiver la restauration » et applique. 

Puis, 

¤Réactive ta restauration système (uniquement si tu es sous XP): 
Clic droit sur poste de travail puis, 
propriété, tu cliques sur onglet restauration système 
tu décoches la case « désactiver la restauration » et applique.

http://www.libellules.ch/desactiver_restauration.php

======================
- > Ensuite pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) : 
http://www.bitdefender.fr/bd/site/search.php#
Clique sur « Bitdefender scan on line »  suis les instructions.
Démo (merci à balltrap pour cette démo) :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm

Et colle le rapport.

a+

fancheng · Answer

Merci Seb08 et M&M j'ai effecute a tous que vous m avez demandez voici le raport bitdefender suivi d'un log hijackthis apres analyse bitdefender.


Voici le rapport BitDefender: 
	

 

Statistics

Time
	

00:31:57

Files
	

154870

Folders
	

4903

Boot Sectors
	

4

Archives
	

6967

Packed Files
	

5210
	

 
	

 

Results

Identified Viruses
	

2

Infected Files
	

2

Suspect Files
	

0

Warnings
	

0

Disinfected
	

0

Deleted Files
	

2
	

 
	

 

Engines Info

Virus Definitions
	

672631

Engine build
	

AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
	

14

Archive plugins
	

38

Unpack plugins
	

6

E-mail plugins
	

6

System plugins
	

1
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Infected with: Generic.Adw.SaveNow.CE9170FE

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Disinfection failed

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)=>Ezthemes_WhenUSaveNow_Installer.exe
	

Deleted

C:\Program Files\filesubmit\autumn123.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe=>(CAB Sfx r)
	

Update failed

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Infected with: Generic.Adw.SaveNow.56AD4696

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Disinfection failed

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)=>VVSN.exe
	

Deleted

C:\Program Files\filesubmit\VVSNInst.exe=>(CAB Sfx r)
	

Update failed

Voici le log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:46:11, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Anna Rapca\My Documents\My Received Files\Freeware\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anarapca.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/Gadu-Gadu/skins/modern/mes_ico2.gif

Séb08 · Answer

Ou en sont tes probs ?

désolé pour le temps de réponse mais les vacances se préparent.. :-)

fancheng · Answer

Salut seb, désolé de ne pas avoir répondu tout de suite mais je ne suis plus en angleterre mais en france p'tite vacance de 3 semaines. Bon pour répondre à ta question il n'y a apparement plus de problème mais d'aprés ma copine l'internet est toujours assez lent. Je ne sais pas si c'est la connexion ou autre chose. Le log laisser dans mon précédent message est le dernier effectué après toutes tes indications. Donc comme je n'arrie pas à lire les logs Hijackthis, merci de me renseigner s'il on peut voir encore des problèmes ou de la pollution.

Ciao

Problemes avec NewDotNet voir plus

11 réponses

Discussions similaires