Forum Clubic

Supprimer adware-ezul

salut a tous voici mon probleme j’ai un virus qui s’apelle adware azula nsg 741.dll comment le supprimmer ,car ma machine renlentie est j’ai des fenetre plublicitaire qui m’envaillie ect…chanchemant de configuration du gestionnaire de periferique,taille des texte,comment faire.merci

voici le log du logiciel hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:18:06, on 18/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasqfuo.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsu6.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\…\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\…\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM\…\Run: [IntelliType] “C:\Program Files\Microsoft Hardware\Keyboard\type32.exe”
O4 - HKLM\…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\…\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM\…\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\…\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\…\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\…\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=052806 serial=dr12cep-0901571-lwv lang=FR
O4 - HKLM\…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\…\Run: [CloneDVDElbyDelay] “C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe” /L ElbyDelay
O4 - HKLM\…\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\…\Run: [ElbyCheckElbyCDFL] “C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe” /L ElbyCDFL
O4 - HKLM\…\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe”
O4 - HKLM\…\Run: [IntelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe”
O4 - HKLM\…\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKCU\…\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\…\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
O4 - HKCU\…\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\…\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Traduire à partir de l’anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha…t/c381/chat.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1058_XP.cab
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGD…3_ASPIV4_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1059_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGD…ESS_1074_XP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1060_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGD…ESS_1073_XP.cab
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGD…4_ASPIV4_XP.cab
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD…ESS_1072_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\…\{BC090491-366E-49D8-8871-60FEA92D2727}: NameServer = 84.103.237.143 86.64.145.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program

aidez moi svp merci

[quote=loulette13,18/05/2006, 18:42:31]
whouai c’est pas terrible tu est polué par instant accès

coche les lignes siuvantes

O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)

O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)

O2 - BHO: (no name) - {70F6A776-579A-4C95-BA88-134253907752} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasqfuo.dll

O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsu6.dll

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\system32\winb2s32.dll

O4 - HKCU\…\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe

O4 - HKCU\…\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\…\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess

O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1058_XP.cab

O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - http://scripts.downloadv3.com/binaries/EGD…3_ASPIV4_XP.cab

O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1059_XP.cab

O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGD…ESS_1074_XP.cab

O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4…ss4_1060_XP.cab

O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGD…ESS_1073_XP.cab

O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - http://scripts.downloadv3.com/binaries/EGD…4_ASPIV4_XP.cab

O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD…ESS_1072_XP.cab

celle ci si tu connait pas l’IP

O17 - HKLM\System\CCS\Services\Tcpip\…\{BC090491-366E-49D8-8871-60FEA92D2727}: NameServer = 84.103.237.143 86.64.145.143

a ma connaissance savscan n’est pas un service sysmantec mais la je ne sais pas trop ?

O23 - Service: SAVScan - Symantec Corporation - C:\Program

et attend l’avis des autres

puis évite de fréquenter des sites pas claires je sais pas si tu entend ce que je veux dire :grrr:

:sol: