Tom's Guide > Forum > Sécurité - Virus > ouverture intempestive pages WEB publicitaire

ouverture intempestive pages WEB publicitaire

Forum Sécurité - Virus : ouverture intempestive pages WEB publicitaire

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Benadsl   19-11-2005 à 14:35:54

Bonjour, depuis quelques jours j'ai des ouverture de page WEB de pub intempestives; j'ai utilisé spybot, cccleaner et ad-aware, mais rien n'y fait; avez vous une idée; voici le rapport HijackThis
Merci de votre aide

Logfile of HijackThis v1.99.1
Scan saved at 14:34:20, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\APPS\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Téléchargement\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: .com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F17A09-1701-C48B-40CD-B7DF88C45CA3} - C:\DOCUME~1\RMI~1\APPLIC~1\RealMore\FLAW TOOL.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TALVG] C:\WINDOWS\TALVG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ITDQISA] C:\WINDOWS\ITDQISA.exe
O4 - HKLM\..\Run: [HRN] C:\WINDOWS\HRN.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [gpA5T] C:\WINDOWS\kdyewdpd.exe
O4 - HKLM\..\Run: [GMTDKQXE] C:\WINDOWS\GMTDKQXE.exe
O4 - HKLM\..\Run: [bub] C:\WINDOWS\bub.exe
O4 - HKLM\..\Run: [BLYG] C:\WINDOWS\BLYG.exe
O4 - HKLM\..\Run: [Á³#  K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kdyewdpd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Four Name Does Scr] C:\Documents and Settings\All Users\Application Data\uploaddeaffourname\Store size.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Acrobat Assistant.lnk = C:\APPS\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)
O9 - Extra 'Tools' menuitem: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)
O9 - Extra button: Mp3tout - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\Mp3tout (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Mp3tout - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ [...] /setup.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.rencontre-fr.com/acces/002/rencontre-fr.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesui [...] tector.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/reg [...] veData.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/fil [...] inder2.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: EpgSpooler - Elaborate Bytes AG - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
farve   19-11-2005 à 14:41:10
- 0 +

Ca va pas t'aider mais g le meme probleme mais seulement avec internet explorer et pas avec Mozilla est il pssible que je me sois chopé un trojan ou cela vient d'ailleurs

Répondre à farve
OmaR   19-11-2005 à 20:21:09
- 0 +

Salut,

1/ Redémarrer en mode sans échec

Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.

Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).

Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience. ;-)


2/ Fixer des lignes

Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: .com

O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O4 - HKLM\..\Run: [TALVG] C:\WINDOWS\TALVG.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe <-- tiens malin lui ! première fois que je le vois ce virus là :-)

O4 - HKLM\..\Run: [ITDQISA] C:\WINDOWS\ITDQISA.exe

O4 - HKLM\..\Run: [HRN] C:\WINDOWS\HRN.exe

O4 - HKLM\..\Run: [gpA5T] C:\WINDOWS\kdyewdpd.exe
O4 - HKLM\..\Run: [GMTDKQXE] C:\WINDOWS\GMTDKQXE.exe
O4 - HKLM\..\Run: [bub] C:\WINDOWS\bub.exe
O4 - HKLM\..\Run: [BLYG] C:\WINDOWS\BLYG.exe
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\kdyewdpd.exe

O4 - HKLM\..\Run: [Four Name Does Scr] C:\Documents and Settings\All Users\Application Data\uploaddeaffourname\Store size.exe

O9 - Extra button: Mp3tout - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\Mp3tout (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Mp3tout - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ [...] /setup.exe

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx

O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.rencontre-fr.com/acces/002/rencontre-fr.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesui [...] tector.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://services.moviesystem.com/cabs/msway.cab



3/ Afficher tous les fichiers

Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage

Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation


6/ Supprimer des fichiers

Supprime les fichiers / dossiers en gras suivants :

C:\WINDOWS\TALVG.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\ITDQISA.exe
C:\WINDOWS\HRN.exe
C:\WINDOWS\kdyewdpd.exe
C:\WINDOWS\GMTDKQXE.exe
C:\WINDOWS\bub.exe
C:\WINDOWS\BLYG.exe
C:\WINDOWS\kdyewdpd.exe
C:\Program Files\ISTsvc\ (suppr. ce dossier)
C:\Documents and Settings\All Users\Application Data\uploaddeaffourname\ (suppr. ce dossier)


7/ Redémarrer normalement

Redémarre normalement l'ordinateur.


8/ Remettre la configuration de l'affichage des fichiers comme avant

Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).

Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation


9/ Nettoyer les traces avec CCleaner et Kaspersky

Fais des analyses avec CCleaner et Kaspersky.

Si tu ne sais pas utiliser Kaspersky :

Citation :

Alors, pour le scan online de Kaspersky, fais ceci :
- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final




10/ Reposter un log

Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.

Répondre à OmaR
Benadsl   20-11-2005 à 08:53:20
- 0 +

Mon Pb semble résolu; voici les différents log:

Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 20, 2005 08:25:31
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/11/2005
Kaspersky Anti-Virus database records: 150930
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
Q:\
R:\

Scan Statistics:
Total number of scanned objects: 213844
Number of viruses found: 32
Number of infected objects: 144
Number of suspicious objects: 9
Duration of the scan process: 10019 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip/msexreg.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip/trkgif.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Arnaud\Local Settings\Temp\Rem101.exe Infected: Trojan-Downloader.Win32.Swizzor.cd
C:\Documents and Settings\Benoit\Local Settings\Application Data\Identities\{F9097B72-395C-4E07-A518-31AE2BD2E4DD}\Microsoft\Outlook Express\Boîte de réception.dbx/[From eBay <custservice_0290098049087@ebay.com>][Date Thu, 27 Oct 2005 01:02:18 +0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Benoit\Local Settings\Application Data\Identities\{F9097B72-395C-4E07-A518-31AE2BD2E4DD}\Microsoft\Outlook Express\Boîte de réception.dbx/[From eBay <custservice_0290098049087@ebay.com>][Date Thu, 27 Oct 2005 01:02:18 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Benoit\Local Settings\Application Data\Identities\{F9097B72-395C-4E07-A518-31AE2BD2E4DD}\Microsoft\Outlook Express\Boîte de réception.dbx/[From eBay <custservice_id_406865@ebay.com>][Date Wed, 09 Nov 2005 00:56:28 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Benoit\Local Settings\Application Data\Identities\{F9097B72-395C-4E07-A518-31AE2BD2E4DD}\Microsoft\Outlook Express\Boîte de réception.dbx/[From eBay <custservice_id_406865@ebay.com>][Date Wed, 09 Nov 2005 00:56:28 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Benoit\Local Settings\Application Data\Identities\{F9097B72-395C-4E07-A518-31AE2BD2E4DD}\Microsoft\Outlook Express\Boîte de réception.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Marie\Application Data\RealMore\FLAW TOOL.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/UNNAMED/[From igor catendi <sas78310@yahoo.fr>][Date Wed, 13 Apr 2005 23:38:29 +0200 (CEST)]/UNNAMED/[From <DianaUmerov@invitation.sms.ac>][Date Wed, 13 Apr 2005 06:51:04 GMT]/html Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/UNNAMED/[From igor catendi <sas78310@yahoo.fr>][Date Wed, 13 Apr 2005 23:38:29 +0200 (CEST)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Application Data\IM\Identities\{C9688DFA-E683-4ABD-957E-B3D9077D98A6}\Message Store\Inbox.imm Infected: Trojan-Spy.HTML.Bankfraud.ci
C:\Documents and Settings\Marie\Local Settings\Temp\1a603d.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Documents and Settings\Marie\Local Settings\Temp\1c768fb.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Documents and Settings\Rémi\Application Data\RealMore\FLAW TOOL.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Documents and Settings\Rémi\Application Data\remoteticktest\Internet Lies Defy.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Documents and Settings\Rémi\Application Data\remoteticktest\Oncearmy.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Documents and Settings\Rémi\Local Settings\Temp\bis486.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton AntiVirus\Quarantine\02086B70 Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\04146CF4 Infected: Email-Worm.Win32.NetSky.t
C:\Program Files\Norton AntiVirus\Quarantine\044104D4 Infected: Trojan-Downloader.JS.IstBar.j
C:\Program Files\Norton AntiVirus\Quarantine\06804DC2/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\06804DC2 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\06A41B9A Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\09475F13 Infected: Backdoor.Win32.Netbus.170
C:\Program Files\Norton AntiVirus\Quarantine\0A23377B.exe Infected: Backdoor.Win32.Netbus.170
C:\Program Files\Norton AntiVirus\Quarantine\0A9674FE.exe Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\0DBC1400 Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\0DC97855 Infected: Email-Worm.Win32.NetSky.t
C:\Program Files\Norton AntiVirus\Quarantine\0DD00FEA Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\10FB2E64 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\11052C59 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\110C0052 Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\111C5240 Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\113D4FA0 Infected: Email-Worm.Win32.NetSky.d
C:\Program Files\Norton AntiVirus\Quarantine\113E3B1A.exe Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\145E4551 Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\14651949 Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\14684346 Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\146B6D42 Infected: Backdoor.Win32.Netbus.170
C:\Program Files\Norton AntiVirus\Quarantine\14820967.part Infected: P2P-Worm.Win32.Backterra.d
C:\Program Files\Norton AntiVirus\Quarantine\19F83884/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\19F83884 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\1BF84156 Infected: Email-Worm.Win32.NetSky.d
C:\Program Files\Norton AntiVirus\Quarantine\1D4D1151.exe Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\208560F7 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\209208E9 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\20985CE1 Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\22DF0C28 Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton AntiVirus\Quarantine\25A42289 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\26A47B21/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\26A47B21 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2D4200BF Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\2D4854B7 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2D4F28B0 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2D5252AD Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2D5C50A2 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\2D914A7E/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2D914A7E Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2DAB1A62 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2E8535F0 Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\2FFD6CC5/word_doc_dinner.txt.exe Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\2FFD6CC5 Infected: Email-Worm.Win32.NetSky.c
C:\Program Files\Norton AntiVirus\Quarantine\30062D1E Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\312C43F4 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\315D39BF Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\31926E6A Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\31F54112 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\324D5502/pics.scr Infected: Trojan-Downloader.Win32.Small.axr
C:\Program Files\Norton AntiVirus\Quarantine\324D5502 Infected: Trojan-Downloader.Win32.Small.axr
C:\Program Files\Norton AntiVirus\Quarantine\34EE4C10 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\35184154 Infected: Net-Worm.Win32.Mytob.r
C:\Program Files\Norton AntiVirus\Quarantine\35323DC4 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\353911BD/[From anthea_1990@hotmail.com][Date Thu, 30 Sep 2004 01:30:18 +0200]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\353911BD/[From anthea_1990@hotmail.com][Date Thu, 30 Sep 2004 01:30:18 +0200]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\353911BD Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Norton AntiVirus\Quarantine\359A1AB4.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton AntiVirus\Quarantine\36727AE5 Infected: Email-Worm.Win32.NetSky.t
C:\Program Files\Norton AntiVirus\Quarantine\38F706ED.exe Infected: Trojan-Downloader.Win32.VB.ft
C:\Program Files\Norton AntiVirus\Quarantine\391D368E Infected: P2P-Worm.Win32.SdDrop.c
C:\Program Files\Norton AntiVirus\Quarantine\3B1E1255 Infected: Email-Worm.Win32.Bagle.do
C:\Program Files\Norton AntiVirus\Quarantine\3D8350EB.exe Infected: Backdoor.Win32.Netbus.170
C:\Program Files\Norton AntiVirus\Quarantine\3E4E4741/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\3E4E4741 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\42B6609D Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\476A3AFF.exe Infected: Trojan-Downloader.Win32.VB.ft
C:\Program Files\Norton AntiVirus\Quarantine\47E12AD3.exe Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\49404683/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\49404683 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\49C027EF Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\49CA25E5 Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\49D179DE Infected: Email-Worm.Win32.Bagle.ba
C:\Program Files\Norton AntiVirus\Quarantine\51324235 Infected: Email-Worm.Win32.NetSky.d
C:\Program Files\Norton AntiVirus\Quarantine\51E70926/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\51E70926 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53A22697/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53A22697 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53B27885/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53B27885 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53C34A73/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\53C34A73 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\55186E12 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\556333BF Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\558A2B94 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\55907F8D Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\559A7D82 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\55A1517B Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\55A368D8/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\55A368D8 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\5794525D.exe Infected: Trojan-Downloader.Win32.VB.ft
C:\Program Files\Norton AntiVirus\Quarantine\58C84B8E Infected: Email-Worm.Win32.NetSky.d
C:\Program Files\Norton AntiVirus\Quarantine\58CB2258/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\58CB2258 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\59AC5FBA Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\5BE22A93 Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\5BEC2888 Infected: Email-Worm.Win32.Bagle.gen
C:\Program Files\Norton AntiVirus\Quarantine\683B13CB Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\685239B2 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\68590DAA Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\685C37A7 Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\6866359C Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\68C8393A/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\68C8393A Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\690D2AEE/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\690D2AEE Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\691D7CDC/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\691D7CDC Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\6BD4114B/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\6BD4114B Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\6C673C19 Infected: Trojan-Downloader.Win32.IstBar.ju
C:\Program Files\Norton AntiVirus\Quarantine\6C75640B Infected: Trojan-Downloader.Win32.IstBar.kp
C:\Program Files\Norton AntiVirus\Quarantine\6E4853C2 Infected: Trojan.Win32.StartPage.pd
C:\Program Files\Norton AntiVirus\Quarantine\70C844E9.exe Infected: Trojan-Downloader.Win32.VB.ft
C:\Program Files\Norton AntiVirus\Quarantine\73743F92/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\73743F92 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\7395636E Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\77990737.exe Infected: Backdoor.Win32.SubSeven.213.bonus
C:\Program Files\Norton AntiVirus\Quarantine\7919492D.exe Infected: Trojan-Downloader.Win32.VB.ft
C:\Program Files\Norton AntiVirus\Quarantine\7958492C.exe Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\7CEE029D Infected: Backdoor.Win32.NetDevil.12
C:\Program Files\Norton AntiVirus\Quarantine\7D9F69CC Infected: Email-Worm.Win32.Bagle.z
C:\Program Files\Norton AntiVirus\Quarantine\7DFB1646 Infected: Backdoor.Win32.SubSeven.Bot.213
C:\Program Files\Norton AntiVirus\Quarantine\7DFE4043 Infected: Backdoor.Win32.SubSeven.Bot.213
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP355\A0136882.dll Infected: Trojan-Downloader.Win32.Perfiler.g

Scan process completed.

Celui de hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 08:45:18, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\APPS\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Norton AntiVirus\QConsole.exe
C:\Téléchargement\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F17A09-1701-C48B-40CD-B7DF88C45CA3} - C:\DOCUME~1\RMI~1\APPLIC~1\RealMore\FLAW TOOL.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Acrobat Assistant.lnk = C:\APPS\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)
O9 - Extra 'Tools' menuitem: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads [...] nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b28177.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/reg [...] veData.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/fil [...] inder2.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: EpgSpooler - Elaborate Bytes AG - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Répondre à Benadsl
alessio@IDN   20-11-2005 à 10:14:29
- 0 +

pour le scan kaspersky fait ceci

1. assure toi d avoir acces au fichier cacher

demarrer/poste de travail/outils/option des dossiers/affichage/cocher les fichier cacher

supprime les fichier signaler comme infecter

2.desactive la restauration du systeme

demarrer/panneaux de configuration/systeme/restauration du systeme/desactiver la restauration du systeme

3. vide la quarentaine de norton

4. fix ceci

O2 - BHO: (no name) - {56F17A09-1701-C48B-40CD-B7DF88C45CA3} - C:\DOCUME~1\RMI~1\APPLIC~1\RealMore\FLAW TOOL.exe

supprime

C:\DOCUME~1\RMI~1\APPLIC~1\RealMore\FLAW TOOL.exe

Répondre à alessio@IDN
Benadsl   21-11-2005 à 21:50:58
- 0 +

Merci de votre aide efficace

Répondre à Benadsl
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > ouverture intempestive pages WEB publicitaire
Aller à :

Il y a 509 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,291 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens