Téléchargement
illégal
Posez votre question Signaler

Fenêtres indésirables IE - log HijackThis [Résolu]

sandul 3903Messages postés 22 mai 2008Date d'inscription 8 octobre 2010Dernière intervention - Dernière réponse le 26 mai 2008 à 15:59
Bonsoir,
J'ai des soucis avec mon IE ou Firefox qui essaient d'ouvrir des pages non sollicitées. Parfois, nod32 se réveille (même régulièrement depuis un certain temps) et met en quarantaine un truc (l'objet mis en quarantaine se nomme alors "http://.../nom_du_fichier?d'autres_parametres_de_navigation").
Pour un scan complet des disques, nod32 ne trouve rien (paramètres max, y compris les applications dangereuses). J'ai passé (PAS en mode sans échec) un scan Search & Destroy et un autre avec Ad-Aware; tous les deux ont trouvé des choses, mais il paraît que le problème n'a pas été éliminé.
Je poste ici le log HijackThis - une âme caritable pour m'aider à me débarasser du truc?
Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:57, on 23.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
E:\Programe instalate\Utilitare instalate\PD91Agent.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM13324944] Rundll32.exe "C:\WINDOWS\system32\lxtdnfqb.dll",s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8F59A1-B36D-41B6-BC31-C8145975AEDB}: NameServer = 172.16.1.1 208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - E:\Programe instalate\Utilitare instalate\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - E:\Programe instalate\Utilitare instalate\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
Lire la suite 

Fenêtres indésirables IE - log HijackThis »

13 réponses
Réponse
+0
moins plus
Chiquitine29 22 mai 2008 à 23:50
bonsoir


Préalable
• Vider la corbeille
• Fermer toutes les applications

================NAVILOG====================

Télécharge ceci http://pagesperso-orange.fr/il.mafioso/Navifix/download.htm

prend navilog1.exe

Choisir option 1 uniquement

Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php

Et enfin post le rapport du scan navilog

 Ajouter un commentaire
sandul- 23 mai 2008 à 11:09
Bonjour,
Merci beaucoup pour la réponse rapide. Il s'agit en fait de l'ordinateur d'un ami et j'essaie de l'aider à distance (d'où la présence de RealVNC). L'infection Vundo a été rapporté par Search & Destroy et j'avais bien essayer de la supprimer, mais apparamment sans succès. Voici le log demandé:
===============
Search Navipromo version 3.5.7 commencé le 23.05.2008 r 11:56:14,33

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Sandu si Nina"

Mise r jour le 11.05.2008 r 18h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Systcme de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Sandu si Nina\startm~1\programs" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Sandu si Nina\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\iQrYJRqr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ruvuvyxx.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 23.05.2008 r 12:00:53,15 ***
=============
Encore une fois merci.
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 11:15
rien pour le navipromo

y a donc du vundo on va s en occupé apres ça :


Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe

Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.

 Ajouter un commentaire
sandul- 23 mai 2008 à 11:51
OK, voici ce rapport:
=============
# Rapport Lopxp fait le 23.05.2008 r 12:37:43
# Exécuté dans : C:\Program Files\Lopxp
# Version 3.10 - Maj du 11/04/2008


========== Listing des dossiers Application Data

+- C:\Documents and Settings\Administrator\Application Data

2007-08-27 r 10:57:02 - ACD Systems
2007-10-22 r 16:36:30 - ArcSoft
2007-09-01 r 17:57:04 - Big Fish Games
2007-10-19 r 17:49:45 - Creative
2007-10-20 r 21:54:15 - dvdcss
2007-09-02 r 12:05:41 - Help
2007-08-24 r 18:59:12 - Identities
2007-08-25 r 05:55:44 - Macromedia
2007-10-25 r 21:56:10 - Microsoft
2007-10-09 r 20:00:47 - Mozilla
2007-10-17 r 14:57:14 - MSN6
2007-10-09 r 20:00:47 - Netscape
2007-10-03 r 11:49:11 - Panasonic
2007-10-09 r 19:58:23 - Photodex
2007-10-13 r 21:18:33 - Printer Info Cache
2007-10-12 r 17:20:11 - ShoppingReport
2008-03-10 r 20:58:59 - Skype
2007-08-25 r 10:30:09 - Talkback
2007-11-14 r 17:31:47 - U3
2007-11-08 r 18:22:40 - Ulead Systems
2007-08-25 r 21:27:21 - VeniceMysteryData
2007-08-25 r 22:41:33 - vlc
2007-08-25 r 11:28:58 - Yahoo!

+- C:\Documents and Settings\Administrator\Local Settings\Application Data

2007-08-27 r 10:49:46 - ACDSee
2007-09-09 r 14:48:41 - Ahead
2007-11-14 r 12:34:25 - ApplicationHistory
2007-08-26 r 08:59:19 - Google
2007-09-02 r 12:05:41 - Help
2007-08-25 r 10:18:47 - HP
2007-08-25 r 10:18:47 - IsolatedStorage
2007-08-25 r 21:23:15 - JollyBear
2007-10-27 r 11:25:44 - Microsoft
2007-08-25 r 10:29:40 - Mozilla
2007-09-02 r 13:14:30 - MTV Networks
2007-10-28 r 15:01:20 - Winamp Toolbar
2007-09-09 r 17:28:43 - WMTools Downloaded Files

+- C:\Documents and Settings\All Users\Application Data

2008-03-30 r 13:12:24 - ACD Systems
2008-05-20 r 20:00:09 - Apple Computer
2008-04-25 r 15:42:46 - BigFishGamesCache
2008-03-14 r 16:14:03 - BitDefender
2007-12-04 r 20:13:49 - Christmasville
2007-10-03 r 11:55:14 - Creative
2008-03-17 r 20:07:31 - EscapeTheMuseum
2008-03-14 r 16:25:27 - ESET
2007-12-12 r 17:54:39 - Flood Light Games
2008-03-22 r 16:46:32 - Friday's games
2008-03-27 r 16:50:25 - Friends Games
2008-05-22 r 18:28:13 - Google
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-02-12 r 15:02:34 - JollyBear
2008-05-21 r 10:44:57 - Lavasoft
2008-03-29 r 16:39:27 - Meridian93
2007-09-09 r 14:36:19 - Microsoft
2008-03-06 r 12:26:19 - MonteCristo
2007-08-25 r 06:17:31 - MSN6
2008-04-02 r 19:07:31 - Nitro PDF
2008-03-27 r 12:46:33 - PopCap
2008-02-29 r 18:41:54 - Raxco
2008-05-20 r 19:58:16 - Real
2007-08-25 r 10:30:59 - Skype
2007-11-23 r 18:28:13 - SpinTop Games
2008-05-21 r 13:25:45 - Spybot - Search & Destroy
2008-05-19 r 18:55:35 - systemerrorfixer
2008-05-03 r 19:15:39 - TEMP
2008-03-27 r 15:29:33 - Trymedia
2007-11-08 r 18:22:38 - Ulead Systems
2007-09-02 r 12:38:58 - Windows Genuine Advantage
2007-08-25 r 10:36:24 - Yahoo!
2007-12-21 r 15:53:24 - Yahoo! Companion
2008-03-05 r 10:16:32 - Zylom

+- C:\Documents and Settings\Sandu ­i Nina\Application Data

2008-05-13 r 15:49:10 - Abra Academy2
2008-03-30 r 12:19:04 - ACD Systems
2008-05-20 r 06:55:12 - Adobe
2008-03-10 r 21:32:44 - Big Fish Games
2008-03-10 r 21:32:59 - BloodTies
2008-03-10 r 21:32:43 - cerasus.media
2008-05-01 r 12:48:05 - Creative
2008-03-29 r 11:07:09 - dvdcss
2008-03-14 r 16:26:37 - ESET
2008-03-10 r 21:32:43 - Flood Light Games
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2008-03-15 r 23:14:27 - Macromedia
2008-03-10 r 21:32:48 - Media Player Classic
2008-05-22 r 16:21:40 - Microsoft
2008-05-21 r 12:32:08 - Mozilla
2008-04-02 r 17:08:05 - Nitro PDF
2008-03-10 r 21:32:48 - Photodex
2008-05-20 r 19:58:16 - Real
2008-05-07 r 14:34:59 - Restorer
2008-05-19 r 21:13:57 - Skype
2008-04-25 r 16:04:27 - SprillBermudeEng
2008-05-22 r 20:48:51 - Sun
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-04-23 r 13:23:56 - U3
2008-03-10 r 21:32:43 - Ulead Systems
2008-05-15 r 13:59:18 - uTorrent
2008-03-17 r 19:56:50 - VeniceMysteryData
2008-03-24 r 14:12:05 - Wildfire
2008-03-30 r 12:27:28 - Yahoo!

+- C:\Documents and Settings\Sandu ­i Nina\Local Settings\Application Data

2008-03-30 r 13:13:21 - ACD Systems
2008-03-10 r 21:32:50 - Ahead
2008-05-20 r 19:59:59 - Apple Computer
2008-05-23 r 09:20:43 - ApplicationHistory
2008-04-02 r 17:02:28 - Downloaded Installations
2008-03-14 r 17:04:44 - ESET
2008-05-20 r 18:39:30 - free-downloads.net
2008-04-25 r 19:14:00 - Game Mill Files
2008-03-13 r 11:50:36 - Google
2008-05-15 r 12:47:32 - Help
2007-11-14 r 19:05:39 - HP
2008-05-19 r 12:56:41 - Identities
2007-11-14 r 19:05:42 - IsolatedStorage
2008-02-12 r 15:02:34 - JollyBear
2008-05-22 r 20:08:57 - Microsoft
2007-11-14 r 19:19:41 - Mozilla
2008-03-07 r 18:39:47 - MTV Networks
2007-12-23 r 20:17:05 - Oberon Games
2008-05-20 r 19:58:16 - Real
2007-11-22 r 21:57:50 - WMTools Downloaded Files

========== Listing du dossier Program Files

+- C:\Program Files

2008-03-30 r 13:12:18 - ACD Systems
2008-05-20 r 18:46:29 - ACE Mega CoDecS Pack
2007-08-31 r 14:10:42 - Ace MP3 To WAV Converter
2007-09-06 r 16:43:06 - Ahead
2008-05-20 r 20:09:00 - Alcohol Soft
2007-09-06 r 15:46:54 - AskTBar
2007-11-01 r 19:40:40 - AviSynth 2.5
2008-03-27 r 15:28:05 - BFG
2008-03-04 r 13:45:56 - BitTorrent Fastest Tool
2008-03-25 r 19:56:55 - C-Media 3D Audio
2008-05-22 r 20:49:25 - Common Files
2007-08-24 r 18:50:19 - ComPlus Applications
2007-10-03 r 11:56:46 - Creative
2007-08-25 r 04:58:00 - Dictionary
2008-03-18 r 19:22:18 - eMule
2008-05-22 r 09:33:25 - ESET
2008-04-02 r 18:34:21 - Foxit Software
2008-05-20 r 19:17:28 - free-downloads.net
2007-11-20 r 21:08:59 - Free-Soft
2008-05-22 r 18:28:13 - Google
2008-03-14 r 18:08:59 - GRISOFT
2008-03-14 r 13:55:07 - Hewlett-Packard
2008-05-20 r 18:37:20 - hkSFV
2008-03-14 r 14:03:02 - HP
2008-05-20 r 18:50:29 - InstallShield Installation Information
2008-05-22 r 20:07:38 - Internet Explorer
2008-05-22 r 20:50:12 - Java
2008-05-20 r 17:12:49 - jv16
2008-05-20 r 19:55:21 - K-Lite
2007-10-07 r 18:51:15 - Lavalys
2008-05-21 r 10:43:44 - Lavasoft
2008-05-23 r 09:37:55 - Lopxp
2007-08-26 r 08:20:37 - Messenger
2007-08-24 r 18:54:05 - microsoft frontpage
2007-08-24 r 19:28:54 - Microsoft Office
2007-08-24 r 19:28:43 - Microsoft Visual Studio
2007-08-24 r 19:28:49 - Microsoft Works
2007-08-24 r 19:29:21 - Microsoft.NET
2007-08-25 r 13:11:53 - Movie Maker
2008-05-22 r 20:52:08 - Mozilla Firefox
2008-05-14 r 19:28:35 - MSECACHE
2007-08-24 r 18:50:09 - MSN
2007-08-24 r 18:49:54 - MSN Gaming Zone
2007-08-26 r 07:41:41 - MSXML 4.0
2008-05-21 r 17:58:14 - MSXML 6.0
2007-09-02 r 13:14:15 - MTV Networks
2008-05-23 r 09:03:15 - Navilog1
2008-05-18 r 19:59:58 - NetMeeting
2008-04-02 r 19:07:31 - Nitro PDF
2007-08-24 r 18:52:17 - Online Services
2007-08-26 r 08:01:20 - Outlook Express
2007-10-18 r 14:46:09 - Photodex
2007-10-09 r 20:00:48 - Photodex Presenter
2008-05-20 r 18:24:03 - PrintKey2000
2008-05-20 r 20:00:09 - QuickTimeAlternative
2008-05-15 r 16:00:50 - Raxco
2008-05-20 r 19:58:21 - RealAlternative
2008-05-20 r 16:33:07 - RealVNC
2008-03-07 r 18:13:09 - ReflexiveArcade
2008-05-06 r 18:00:50 - ScreenMates
2008-05-22 r 19:14:51 - Serious Backgammon
2008-05-20 r 19:17:28 - Share_Accelerator_MM
2007-09-10 r 18:55:57 - Sign
2007-08-25 r 10:31:06 - Skype
2008-05-21 r 13:22:42 - Spybot - Search & Destroy
2008-05-20 r 09:03:42 - SystemErrorFixer
2008-05-22 r 20:53:09 - SystemRequirementsLab
2008-05-21 r 14:54:13 - Trend Micro
2007-08-25 r 10:15:33 - Uninstall Information
2008-03-29 r 21:27:05 - uTorrent
2008-05-20 r 19:10:18 - VideoLAN
2008-05-20 r 18:57:33 - Winamp
2008-05-14 r 20:02:26 - Windows Installer Clean Up
2007-09-02 r 12:02:59 - Windows Media Components
2007-09-02 r 12:44:48 - Windows Media Connect 2
2007-09-02 r 12:44:44 - Windows Media Player
2007-08-25 r 13:02:19 - Windows NT
2007-08-25 r 13:38:55 - WindowsUpdate
2008-01-30 r 09:39:44 - WinRAR
2007-08-24 r 18:54:05 - xerox
2007-08-25 r 10:35:17 - Yahoo!

========== Tâches planifiées

Packard Bell Data Secure for Sandu si Nina.job: C:\Program Files\Packard Bell Data Secure\DSMsg.exe 2

========== Clés registre


========== Bloqueur popups Internet Explorer


========== Suggestion ( /!\ Nécessite une interprétation.) ==========

+- Dossiers\Fichiers : Aucune suggestion.

+- Registre : Aucune suggestion.


- Fin du rapport -
===========
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 11:59
pas de cid non plus lol

c est cool

pour vundo ;

télécharge VundoFix à cette adresse: http://www.atribune.org/ccount/click.php?id=4

* Double-clique sur VundoFix.exe
* Clique sur le bouton Scan for Vundo
* Si le programme te demande de supprimer des fichiers, dis oui
* Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

 Ajouter un commentaire
sandul- 23 mai 2008 à 12:28
Eeeerf, il ne trouve rien, celui-là:
==================
VundoFix V7.0.5

Scan started at 13:02:56 23.05.2008

Listing files found while scanning....

No infected files were found.
==================

Il est vrai que peut-être Vundo n'est plus "complet": j'avais remarqué hier (avant de commencer à poster sur ce forum) deux .dll bizarres qui étaient lancées au démarrage via rundll32 et j'ai désactivé le lancement avec jv16. Une recherche Google avec le nom des deux DLL ne donnait rien (aucune réponse trouvée), mais en soumettant les fichiers à http://www.virustotal.com/fr/, 7 des 32 programmes antivirus détectaient soit la présence de Vundo soit des trucs suspects. Après la désactivation du lancement avec jv16, j'avais démarré en mode sans échec et supprimé (avec DEL /F) depuis c:\windows\system.32 les deux .dll in cause. Par la suite, jv16 ne liste plus de dll suspect lancée avec rundll32.

En tout cas, l'infection reste (fenêtres indésirables toujours présentes) et ce matin nod32 a supprimé deux fois un Win32/Adware.AVSystemCare (le nom de l'objet étant http://archive.easydownloadsoft.com/... preuve que les fenêtres de pub demeurrent et que mon ami a dû accepter le téléchargement (qui était proposé en boucle, si on ne l'acceptait pas, la proposition revenait tout de suite).

Merci encore pour ta patience, Chiquitine.
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 12:43
Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

 Ajouter un commentaire
sandul- 23 mai 2008 à 15:52
Salut,
Voici le résultat après l'enlèvement de tout ce qu'il m'a proposé:
==============
Malwarebytes' Anti-Malware 1.12
Database version: 780

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129450
Time elapsed: 53 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 33
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c140968d-653a-497b-a199-953ecdcc428d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifcaslc (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM13324944 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvuvur -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lesrjigj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgijrsel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\kit\Ckit ProshovProducer\Cheia-cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\cr-pmk12\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
E:\kit\Programe noi\Ahead[1].Nero.Burning.ROM.6.6.0.8a\keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer\swupd.log (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\SystemErrorFixer.exe.cer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxtdnfqb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvTnKcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeEtS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmlM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsSkKb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUlkKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
==================
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 15:57
reouvre malewarebyte
va sur quarantaine
supprime tout

puis redémarre le pc

ensuite refais un scan hijackthis et dis moi comment va le pc

 Ajouter un commentaire
sandul- 23 mai 2008 à 16:46
J'ai repassé un scan malawarebyte et il a encore trouvé des choses, mais pas autant! Voici le rapport, je repasse une troisième fois le scan et s'il est clean je te passe le rapport hijackthis + l'état de santé de ma machine.
============
Malwarebytes' Anti-Malware 1.12
Database version: 780

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 129221
Time elapsed: 48 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xxyvuvur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvuvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifcASLc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
=============
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 23 mai 2008 à 16:49
avant derfaire le scan

supprime le quarantaine

 Ajouter un commentaire
sandul- 26 mai 2008 à 15:57
Merci beaucoup chiquitine. Je n'ai plus réussi à me connecter sur le PC de mon ami, mais au tél il m'a dit que son PC est désormais propre (en tout cas plus aucune trace de malware dans les scan et plus de problème constaté dans les navigateurs).

Je crois que le problème est résolu.
Ajouter un commentaire
Réponse
+0
moins plus
Chiquitine29 26 mai 2008 à 15:59
de rien ciao et bon surf

 Ajouter un commentaire
Ajouter un commentaire
Posez votre question
Ce document intitulé « fenêtres indésirables IE - log HijackThis » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
Passage au tout numérique : quel coût pour les particuliers ?