Redirection vers pub depuis google.

Soari. -  
Megan Fox Messages postés 410 Statut Membre -
Bonjour,

Depuis une semaine plus ou moins, je suis affecté par un virus qui me redirige sur une page de pub lorsque e fais une recherche sur google.
quelqu'un pourrait m'aider?

J'ai déja effectué une analyse complète avec les programmes suivant : AVG- Spywar et AvasT.
Configuration: Windows XP
Internet Explorer 7.0

7 réponses

  1. Megan Fox Messages postés 410 Statut Membre 9
     
    Salut Soari,

    On va regarder pour commencer avec un log hijackthis

    * Télécharge HijackThis ici:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre-le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    Clique sur "do a system scan and save logfile" (cf démo)
    Faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    A+
    0
  2. Soari.
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:07:30, on 25/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\lxcfcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 72.30.186.56 babelfish.yahoo.com
    O1 - Hosts: 208.254.7.195 www.warhammeronline.com
    O1 - Hosts: 193.252.123.5 www.war-europe.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{193C68F1-F870-45A5-9DFD-413B0D2EEA1B}: NameServer = 85.255.114.51,85.255.112.158
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2164E559-AF26-49C3-990A-126AA5353C1F}: NameServer = 85.255.114.51,85.255.112.158
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3087229C-12A5-431E-AEE2-2DA5C4E5E990}: NameServer = 85.255.114.51,85.255.112.158
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70C170C4-38F4-4AB7-8FB6-613799517612}: NameServer = 195.238.2.22 195.238.2.21
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.158
    O17 - HKLM\System\CS1\Services\Tcpip\..\{193C68F1-F870-45A5-9DFD-413B0D2EEA1B}: NameServer = 85.255.114.51,85.255.112.158
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.51 85.255.112.158
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  3. Megan Fox Messages postés 410 Statut Membre 9
     
    * Télécharge FixWareout de ce site sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe

    * Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    *Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

    Quel est ton pare-feu?
    0
  4. Soari
     
    Fixwareout.

    Username "Kabendji" - 25/10/2007 16:17:12 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdctq.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.114.51 85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{193C68F1-F870-45A5-9DFD-413B0D2EEA1B}
    "nameserver"="85.255.114.51,85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2164E559-AF26-49C3-990A-126AA5353C1F}
    "nameserver"="85.255.114.51,85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3087229C-12A5-431E-AEE2-2DA5C4E5E990}
    "nameserver"="85.255.114.51,85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{193C68F1-F870-45A5-9DFD-413B0D2EEA1B}
    "DhcpNameServer"="85.255.114.51,85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2164E559-AF26-49C3-990A-126AA5353C1F}
    "DhcpNameServer"="85.255.114.51,85.255.112.158" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E9657A14-C46E-4136-994A-1D10D6843493}
    "DhcpNameServer"="85.255.114.51,85.255.112.158" <Value cleared.

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....
    ~~~~~ Other
    C:\WINDOWS\Temp\kdctq.ren 72254 13/06/2007

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Steam"=""
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    C:\WINDOWS\repair\autoexec.nt missing
    C:\WINDOWS\repair\Config.nt missing
    ~~~~~ End report ~~~~~

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:21:58, on 25/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\lxcfcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{70C170C4-38F4-4AB7-8FB6-613799517612}: NameServer = 195.238.2.22 195.238.2.21
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Megan Fox Messages postés 410 Statut Membre 9
     
    Bon on a déjà bien avancé,

    Le pare-feu Windows xp ne fait que la moitié du travail, si tu veux un vrai pare-feu regarde ici:
    Comme pare-feu, il y a kerio ou zonealarme qui sont bien. Je te laisse voir ici section firewall.
    http://www.malekal.com/menu_tutorials_logiciels.php

    * Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant la ligne suivante

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Clique sur fix checked.

    Ferme Hijackthis.

    ---------------------------------------------------------------

    On va continuer avec un scan en ligne pour voir s'il n'y a pas d'autres petits trucs qui se cache.

    Scanne ensuite ton PC avec BitDefender en ligne (uniquement sous Internet Explorer).

    ouvre ce lien :

    www.bitdefender.com/scan8/ie.html

    Utilisation :
    Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
    Ensuite, cliquer sur "Cliquez ici pour scanner".
    Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

    Copier/coller le rapport entier sur le forum.

    Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)

    A+
    0
  7. Soari
     
    BitDefender Online Scanner

    Scan report generated at: Thu, Oct 25, 2007 - 19:05:33

    Scan path: C:\;D:\;

    Statistics

    Time
    01:21:03

    Files
    343295

    Folders
    9655

    Boot Sectors
    3

    Archives
    9053

    Packed Files
    15624

    Results

    Identified Viruses
    4

    Infected Files
    22

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    22

    Engines Info

    Virus Definitions
    858009

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0024934.exe
    Infected with: Trojan.Downloader.Agent.YMJ

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0024934.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0024934.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025077.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025103.exe=>(CAB Sfx r)=>Setup.exe
    Infected with: Trojan.Generic.59897

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025103.exe=>(CAB Sfx r)=>Setup.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025103.exe=>(CAB Sfx r)=>Setup.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP117\A0025103.exe=>(CAB Sfx r)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026281.exe
    Infected with: Trojan.Downloader.Agent.YMJ

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026281.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026281.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026424.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026450.exe=>(CAB Sfx r)=>Setup.exe
    Infected with: Trojan.Generic.59897

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026450.exe=>(CAB Sfx r)=>Setup.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026450.exe=>(CAB Sfx r)=>Setup.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP118\A0026450.exe=>(CAB Sfx r)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027628.exe
    Infected with: Trojan.Downloader.Agent.YMJ

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027628.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027628.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027771.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027797.exe=>(CAB Sfx r)=>Setup.exe
    Infected with: Trojan.Generic.59897

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027797.exe=>(CAB Sfx r)=>Setup.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027797.exe=>(CAB Sfx r)=>Setup.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP119\A0027797.exe=>(CAB Sfx r)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP171\A0033976.exe
    Infected with: Trojan.DNSCHanger.QN

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP171\A0033976.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP171\A0033976.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP76\A0016627.exe=>(CAB Sfx r)=>Setup.exe
    Infected with: Trojan.Generic.59897

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP76\A0016627.exe=>(CAB Sfx r)=>Setup.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP76\A0016627.exe=>(CAB Sfx r)=>Setup.exe
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP76\A0016627.exe=>(CAB Sfx r)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0002
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0003
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Infected with: Trojan.Spy.Agent.AR

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)=>bzip2_solid_nsis0004
    Deleted

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP78\A0016742.exe=>(NSIS o)
    Update failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP82\A0017833.exe
    Infected with: Trojan.Downloader.Agent.YMJ

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP82\A0017833.exe
    Disinfection failed

    C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP82\A0017833.exe
    Deleted

    C:\WINDOWS\Temp\kdctq.ren
    Infected with: Trojan.DNSCHanger.QN

    C:\WINDOWS\Temp\kdctq.ren
    Disinfection failed

    C:\WINDOWS\Temp\kdctq.ren
    Deleted
    0
  8. Megan Fox Messages postés 410 Statut Membre 9
     
    On continue,

    *Télécharge Ccleaner:
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    Tuto :
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

    ->Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche.
    Décoche "Avancé"
    Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
    • Clique sur [Analyse]
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur [Lancer le Nettoyage]

    ------------------------------------------------------------

    Télécharge AVG anti spyware
    https://www.01net.com/telecharger/
    Mets le a jour avant de lancer le scan.
    Tuto :
    https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/

    ->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]

    Bonne soirée

    A+
    0