kinnder

je te remerci encore pour ton aide, donc j'ai bien suivi les etapes et j'ai fais un scan avec panda en ligne voici le rapport : Incident Status Location Adware:adware/savenow Not disinfected c:\program files\VVSN Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KINNDER\Bureau\SmitfraudFix\SmitfraudFix\Process.exe Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@247realmedia[2].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@ad.yieldmanager[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@adtech[2].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@adultfriendfinder[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@advertising[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@as1.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@atdmt[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@bluestreak[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@casalemedia[2].txt Spyware:Cookie/Clubdicecasino Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@clubdicecasino[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@doubleclick[1].txt Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@fl01.ct2.comclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@mediaplex[1].txt Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@metriweb[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@statse.webtrendslive[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@tradedoubler[1].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@valueclick[2].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@weborama[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\KINNDER\Cookies\kinnder@zedo[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\KINNDER\Local Settings\Temp\Cookies\kinnder@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\KINNDER\Local Settings\Temp\Cookies\kinnder@doubleclick[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\KINNDER\Local Settings\Temp\Cookies\kinnder@weborama[2].txt

merci donc j'ai fais un scan avec SmitfraudFix, donc voici le log : SmitFraudFix v2.65 Rapport fait à 19:10:50,52, 28/06/2006 Executé à partir de C:\Documents and Settings\KINNDER\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe PRESENT ! C:\WINDOWS\system32\dcomcfg.exe PRESENT ! C:\WINDOWS\system32\hp???.tmp PRESENT ! C:\WINDOWS\system32\hp????.tmp PRESENT ! C:\WINDOWS\system32\ld????.tmp PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\regperf.exe PRESENT ! C:\WINDOWS\system32\simpole.tlb PRESENT ! C:\WINDOWS\system32\stdole3.tlb PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! C:\WINDOWS\system32\1024\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\KINNDER\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\KINNDER\MENUDM~1\PROGRA~1\MalwareWipe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KINNDER\Favoris C:\DOCUME~1\KINNDER\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://toolbar.google.com/toolbarv3.gif"'>http://toolbar.google.com/toolbarv3.gif" "SubscribedURL"="http://toolbar.google.com/toolbarv3.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://207.46.8.252/cgi-bin/getmsg/nanou.JPG?&msg=0EAA3FC0-1E23-4478-8994-B736283D5688&start=0&len=973244&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=845ffa7239c2450d5b34cbe87cbfeed3&disk=10.1.106.216_d2637&login=abderraone%25hotmail%2efr&domain=passport%2ecom&hm___sig=9d62bee701c6948db799bbaf4bc059376d43ffd29c380860"'>http://207.46.8.252/cgi-bin/getmsg/nanou.JPG?&msg=0EAA3FC0-1E23-4478-8994-B736283D5688&start=0&len=973244&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=845ffa7239c2450d5b34cbe87cbfeed3&disk=10.1.106.216_d2637&login=abderraone%25hotmail%2efr&domain=passport%2ecom&hm___sig=9d62bee701c6948db799bbaf4bc059376d43ffd29c380860" "SubscribedURL"="http://207.46.8.252/cgi-bin/getmsg/nanou.JPG?&msg=0EAA3FC0-1E23-4478-8994-B736283D5688&start=0&len=973244&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=845ffa7239c2450d5b34cbe87cbfeed3&disk=10.1.106.216_d2637&login=abderraone%25hotmail%2efr&domain=passport%2ecom&hm___sig=9d62bee701c6948db799bbaf4bc059376d43ffd29c380860" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin merci pour vos reponses

merci beaucoups pour vos reponses je vais faire de mon mieux

bonjour a tous, voila en faite mon ordinateur est infecter par une multitude de syware et malware en tout genre, aprés avoir utiliser plusieurs logiciel ( a2free,ad-aware,..) j'a toujour des messages ou des pubs qui s'affiche de nul part .... et j'ai toujour la meme page internet qui s'affiche concernant des logiciel pour supprimer des spywares et cela meme quand je change la page d'acceuil en google.fr ca revient toujours !!! j'ai donc fait un scan hijackthis,si quelqu'un peu m'aider je le remerci d'avance !!!!! Logfile of HijackThis v1.99.1 Scan saved at 18:20:56, on 25/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\KINNDER\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe merci pour votre aide !!!!!