problème d'ouverture intempestive d’IE (pub)

Question

Bonjour,

J'ai un problème âpre une infection par un virus via MSN (PB apparemment résolut :) ) j'ai des ouvertures intempestives d'IE
Apres avoir regardé plusieurs topics sur le sujet j'ai fait un log avec HIJACKTHIS

merci de votre aide

voila mon rapport HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50:45, on 09/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe
C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Time Zone\TimeZone.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.a2articles.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
O3 - Toolbar: &SIAT for Web - {91A7F523-1183-4654-A577-0771992F1784} - C:\PROGRA~1\SIATEN~1\SIAT4W~1.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINDOWS\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [f86694c8] rundll32.exe "C:\WINDOWS\system32\aqqcntwl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd
O4 - HKCU\..\Run: [SIATEnterpriseClient] "C:\Program Files\SIAT Enterprise Client\SiatEnterpriseClient.exe"
O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect 7.5\sametime.exe"
O4 - HKLM\..\Policies\Explorer\Run: [1] CMD /C Start /Min C:\Windows\Coreload\Local_Init.bat
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\Run: [internat.exe] internat.exe (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-21-2312849515-139091190-1998000340-1020\..\RunOnce: [UserPrep] C:\Windows\System32\GE\Scripts\UserPrep.bat (User 'SMSCliSvcAcct&')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\IEProxy.vbs (HKCU)
O15 - Trusted Zone: *.supportcentral.ge.com
O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
O15 - Trusted Zone: http://genet.ae.ge.com
O15 - Trusted Zone: http://inside.ge.com
O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
O15 - Trusted Zone: http://ssqc.ge.com
O15 - Trusted Zone: time.infra.ge.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D14633-EF2F-42CA-B1F0-47FD0BD96E02}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C0550CF-9B02-46BF-AA17-236A32E9C293}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C69BE8-B5CE-417B-B9AE-34C70FF023C6}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: pvoqur.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Max2U\fullhost\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\BlackIce\blackd.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINDOWS\LIC98RMT.exe
O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINDOWS\LIC98RMTD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Orant\bin\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\BlackIce\RapApp.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

jlpjlp · Answer

slt
si vous avez  CA antivirus et norton il faut en virer un!!!

pour virer norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924



________________


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

doublemolmol · Answer

merci pour votre aide
voila le log demandé:

ComboFix 08-12-07.04 - MollarMa 2008-12-09 19:50:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.701 [GMT 1:00]
Running from: c:\documents and settings\MollarMa\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\grouppolicy\machine\scripts\scripts.ini
c:\windows\system32\head.exe
c:\windows\system32\iifdcYpM.dll
c:\windows\system32\lwtncqqa.ini
c:\windows\system32\mdm.exe
c:\windows\system32\NewCoreload.exe
c:\windows\system32\ntosa32.exe
c:\windows\system32\ps.exe
c:\windows\system32\pvoqur.dll
c:\windows\system32\rqRhfcYs.dll
c:\windows\system32\SOCKETX.DLL
c:\windows\system32\sYcfhRqr.ini
c:\windows\system32\sYcfhRqr.ini2
c:\windows\system32\tar.exe
c:\windows\system32\uovgdqtp.dll
c:\windows\Tasks\kzzmnwap.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://childhe.com
hxxp://wsus.ad.ge.com
.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-09 20:01 . 2008-12-09 20:01 303,104 --a------ c:\windows\system32\xxyywvVN.dll
2008-12-09 20:01 . 2008-12-09 20:01 370 --ahs---- c:\windows\system32\NVvwyyxx.ini2
2008-12-09 20:01 . 2008-12-09 20:04 370 --ahs---- c:\windows\system32\NVvwyyxx.ini
2008-12-09 07:28 . 2008-12-09 07:28 <DIR> d-------- C:\!KillBox
2008-12-09 07:27 . 2008-12-09 07:27 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 06:50 . 2008-12-09 06:50 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-09 06:50 . 2008-12-09 06:50 1,409 --a------ c:\windows\QTFont.for
2008-12-09 06:34 . 2008-12-09 06:34 <DIR> d-------- c:\program files\CCleaner
2008-12-09 05:53 . 2008-12-09 05:53 <DIR> d-------- c:\windows\system32\Kaspersky Lab
2008-12-09 04:53 . 2008-12-09 06:43 <DIR> d-------- C:\MSNCleaner
2008-12-09 04:19 . 2008-12-09 04:38 <DIR> d-------- C:\SDFix
2008-12-09 04:16 . 2008-12-09 04:16 35,328 --a------ c:\windows\system32\xxyxWQIY.dll
2008-12-09 04:02 . 2008-12-09 04:02 35,328 --a------ c:\windows\system32\nnnnMCsp.dll
2008-12-09 03:49 . 2008-12-09 03:49 35,328 --a------ c:\windows\system32\jkkIASjI.dll
2008-12-09 03:24 . 2008-12-09 04:46 26,162 --a------ C:\iri.exe
2008-12-09 01:38 . 2008-12-09 01:38 35,328 --a------ c:\windows\system32\vtUooPhg.dll
2008-12-09 01:10 . 2008-12-09 01:10 34,816 --a------ c:\windows\system32\urqpqoLc.dll
2008-12-09 00:54 . 2008-12-09 00:54 34,816 --a------ c:\windows\system32\mlJYopnO.dll
2008-12-09 00:34 . 2008-12-09 00:34 <DIR> d--h----- c:\windows\PIF
2008-12-08 19:37 . 2008-12-08 19:51 1,025 --a------ C:\osy.exe
2008-11-24 08:34 . 2008-11-24 08:35 <DIR> d-------- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 19:03 --------- d-----w c:\program files\BlackIce
2008-12-09 18:58 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-09 08:29 --------- d-----w c:\program files\Nortel Networks
2008-12-08 19:47 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-08 07:45 --------- d-----w c:\documents and settings\MollarMa\Application Data\Skype
2008-12-08 07:05 --------- d-----w c:\documents and settings\MollarMa\Application Data\skypePM
2008-12-07 20:46 --------- d-----w c:\program files\pdf995
2008-12-06 18:25 --------- d-----w c:\program files\SafeBoot
2008-12-03 06:43 --------- d-----w c:\program files\Java
2008-12-01 06:07 --------- d-----w c:\documents and settings\MollarMa\Application Data\Sametime
2008-11-27 01:56 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 22:02 --------- d-----w c:\program files\SIAT Enterprise Client
2008-10-16 18:09 --------- d-----w c:\program files\Ca
2008-10-14 17:56 --------- d-----w c:\documents and settings\MollarMa\Application Data\CA
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2007-10-23 19:41 8 ----a-w c:\documents and settings\MollarMa\.bztarotcumul.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{205aec4e-c8f1-4067-9505-0047a0e9db51}]
2008-12-09 20:04 126464 --a------ c:\windows\system32\exbxwk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-09 00:54 34816 --a------ c:\windows\system32\mlJYopnO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7246E5E6-2A63-401D-A5F4-89D04575136B}]
2008-12-09 20:01 303104 --a------ c:\windows\system32\xxyywvVN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B12AD8C5-54BB-44B9-AA5C-822F47B4DB67}]
2008-02-17 17:14 643584 --a------ c:\progra~1\SIATEN~1\SIAT4W~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91A7F523-1183-4654-A577-0771992F1784}"= "c:\progra~1\SIATEN~1\SIAT4W~1.DLL" [2008-02-17 643584]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"CheckIt"="C:\WINDOWS/SYSTEM32/GE/Scripts/checkit.cmd" [2006-10-13 2676]
"SIATEnterpriseClient"="c:\program files\SIAT Enterprise Client\SiatEnterpriseClient.exe" [2008-05-02 413696]
"Timezone"="c:\program files\Microsoft Time Zone\TimeZone.exe" [2005-01-06 712704]
"Sametime Connect 7.5"="c:\program files\IBM\Sametime Connect 7.5\sametime.exe" [2006-07-30 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"SMS Application Launcher"="c:\windows\MS\SMS\CORE\BIN\LAUNCH32.EXE" [2003-02-23 73584]
"SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2007-07-05 49212]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\IconAC76BA86.exe [2008-11-24 300032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\mlJYopnO.dll" [2008-12-09 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
2008-02-29 19:13 27400 c:\program files\Ca\DSM\bin\cfWlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYopnO]
2008-12-09 00:54 34816 c:\windows\system32\mlJYopnO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2005-05-20 10:51 8704 c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pvoqur.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\xxyywvVN

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-8915387-251426123-247139262-78991\Scripts\Logon\[u]0/u\[u]0/u]
"Script"=TSGEUS_PSNonEC.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5556:TCP"= 5556:TCP:SafeBoot

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-07-05 30267]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SBAlg.sys [2007-07-05 44848]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2007-07-05 4752]
R1 SBFlop;SBFlop;c:\windows\system32\drivers\SBFlop.sys [2007-07-05 6096]
R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2007-07-05 14864]
R2 caf;CA DSM r11 Common Application Framework.;"c:\program files\CA\DSM\bin\caf.exe" service [2008-02-29 193800]
R2 FiberlinkMonitor;Fiberlink Monitor Service;"c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe" [2005-05-06 65604]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\SBMGRNT.EXE [2007-07-05 49212]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-07-03 9433]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-10 99376]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
S0 black;black;c:\windows\system32\drivers\BlackDrv.sys [2007-07-03 229367]
S2 BlackICE;BlackICE;"c:\program files\BlackIce\blackd.exe" [2007-07-03 847872]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-07-03 115680]
S3 CA_LIC_CLNT;CA-License Client;c:\windows\LIC98RMT.exe [2003-08-06 73728]
S3 CA_LIC_SRVR;CA-License Server;c:\windows\LIC98RMTD.exe [2003-08-06 73728]
S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2007-07-03 630784]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;c:\orant\bin\ONRSD.EXE [2000-01-25 408568]
S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2006-11-03 36676]
S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2006-11-03 24344]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-06-15 115952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d143-8d2f-11dc-9f8d-444553544200}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4723d14d-8d2f-11dc-9f8d-444553544200}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ef4040-1c0a-11dd-a07f-444553544200}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c886f493-440f-11dd-a0d9-444553544200}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}]
%systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{257AC5ED-A013-4E10-B3C0-099F5E8D8FC2}]
%Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A81200000003}]
msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308}]
msiexec /fup {B4EE5E0C-25B9-4EDA-B36A-7D9E34D48308} /q

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E72B0C-1F6A-4C67-84D8-3F7743B87E37}]
c:\windows\System32\msiexec.exe /i c:\windows\Options\Packages\CoreApps\GETemplates\GETemplatesGEE.msi /qb!

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DEED8232-C2B0-4517-A0A2-96D2886C1DC8}]
c:\windows\system32\msiexec.exe /i c:\windows\options\packages\coreapps\STFixIE\STFixIE.msi /qb!
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\At1.job
- c:\windows\system32\GE\Scripts\GEChkDsk.bat [2005-10-03 12:20]

2008-11-27 c:\windows\Tasks\At2.job
- c:\windows\system32\GE\Scripts\AutoDefrag.bat [2005-10-03 13:19]
.
- - - - ORPHANS REMOVED - - - -

BHO-{71C72C3A-CAF5-42A1-8AAD-F5EC9F5E444F} - c:\windows\system32\rqRhfcYs.dll
HKLM-Run-f86694c8 - c:\windows\system32\aqqcntwl.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs
IE: {7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\IEProxy.vbs c:\program files\TSG Proxy\IEProxy.vbs - c:\program files\tsg proxy\ieproxy.vbs\inprocserver32 does not exist!
Trusted Zone: *.ge.com
Trusted Zone: *.supportcentral.ge.com
Trusted Zone: time.infra.ge.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Sametime MRC 651FP1 - hxxp://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
c:\windows\Downloaded Program Files\Sametime MRC 651FP1.osd
FireFox -: Profile - c:\documents and settings\MollarMa\Application Data\Mozilla\Firefox\Profiles\[u]0/u6qw7v53.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npSton3D.dll
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 20:00:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\NVvwyyxx.ini 370 bytes
c:\windows\system32\NVvwyyxx.ini2 370 bytes
c:\windows\system32\xxyywvVN.dll 303104 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1692)
c:\windows\system32\BCMLogon.dll
c:\program files\CA\DSM\Bin\cfwlogon.dll
c:\windows\system32\mlJYopnO.dll

- - - - - - - > 'lsass.exe'(1748)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Ca\SC\CAM\bin\cam.exe
c:\windows\MS\SMS\CORE\BIN\clisvcl.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fiberlink\Extend360\ServiceMgr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\MS\SMS\clicomp\RemCtrl\Wuser32.exe
c:\windows\MS\SMS\clicomp\apa\Bin\SMSAPM32.exe
c:\program files\Ca\DSM\bin\cfsmsmd.exe
c:\program files\Fiberlink\Extend360\VPNSentry.exe
c:\program files\Ca\DSM\bin\ccnfAgent.exe
c:\program files\Ca\DSM\bin\cfnotsrvd.exe
c:\program files\Ca\DSM\bin\ccsmagtd.exe
c:\program files\Ca\DSM\bin\amswmagt.exe
c:\program files\Ca\DSM\PMAgent\capmuamagt.exe
c:\program files\Ca\DSM\bin\cfFTPlugin.exe
c:\windows\MS\SMS\clicomp\SWDist32\bin\SMSMon32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-12-09 20:06:45 - machine was rebooted [MollarMa]
ComboFix-quarantined-files.txt 2008-12-09 19:06:37

Pre-Run: 20,290,330,624 bytes free
Post-Run: 20,233,773,056 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=alwaysoff /fastdetect

303 --- E O F --- 2008-11-20 00:07:38

jlpjlp · Answer

c'est quoi ton disque F???

_____________

analyse ce fichier sur virus total et si infecté ou o sizes tu le rajoute dans la partie   files:: de la procedure suivante

https://www.virustotal.com/gui/

C:\iri.exe


_________________



telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Sauvegarde le sur ton bureau et pas ailleurs ! 



Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



File::
c:\windows\system32\xxyywvVN.dll
c:\windows\system32\NVvwyyxx.ini2
c:\windows\system32\NVvwyyxx.ini
c:\windows\system32\xxyxWQIY.dll
c:\windows\system32
nnnMCsp.dll
c:\windows\system32\jkkIASjI.dll
c:\windows\system32\vtUooPhg.dll
c:\windows\system32\urqpqoLc.dll
c:\windows\system32\mlJYopnO.dll
c:\windows\system32\exbxwk.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{205aec4e-c8f1-4067-9505-0047a0e9db51}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7246E5E6-2A63-401D-A5F4-89D04575136B}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\mlJYopnO]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

maxmann · Answer

salut! j'ai le meme probleme que toi!
hier soir j'ai le meme virus sur msn. depuis c'est la cata, rien y fait, smithfraudfxn, avast, nettoyage de disque, réparation de windows, etc

J'ai les mems symptomes que toi, pages pub, ouverture IE, plantage puis, apparation de la page www.a2articles.com a la place de www.google.fr

j'ai aussi remarqué que ça touché le parametrage de IE car la fonction sécurité rencontre un bug, a chaque fois je mets blocage haut et je me retrouve aussitot en blocage bas...


Je vais suivre de pret ton post car je suis en galere total.

doublemolmol · Answer

Merci pour ton aide. Je n'ai pas mon appareil photo et mon DD externe
Je fais ca des que je rentre et je te transmets tout ca.

Merci encore

jlpjlp · Answer

analyse ces fichiers sur virus total et si infecté tu les vires en allant dans poste de travail puis C

https://www.virustotal.com/gui/

C:\autoexec.bat
C:\sbupdate_cp.exe
C:\boot.ini
C:\comply.ini
D:\setupSNK.exe 
_____________


relance hijakhcits, fias do a system scan only , selectionne ces lignes et fix les:

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
_
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
_
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
_
_

_____________
si tu ne connais pas les sites suivant, fixe les lignes avec hijakhcits (fix cheked):

O15 - Trusted Zone: *.supportcentral.ge.com
O15 - Trusted Zone: http://cincnt1.ssqc.ge.com
O15 - Trusted Zone: http://cincnt2.ssqc.ge.com
O15 - Trusted Zone: http://genet.ae.ge.com
O15 - Trusted Zone: http://inside.ge.com
O15 - Trusted Zone: https://fssfed.ge.com/fss/idp/SSO.saml2?SAMLRequest=fZHNboMwEIRfBfkOBguUYIVINDk0UtqgkPbQS2XMJrEENvWa%2Frx9ITRqeulx5ZlvZ8cLFG3T8bx3Z72Htx7QeZ9to5FfHjLSW82NQIVcixaQO8nL%2FGHLWRDyzhpnpGmIlyOCdcroldHYt2BLsO9KwtN%2Bm5Gzcx1ySrHvOmOdBO2saIITBNK0tDyrqjINuHOAaOgIZ7TYlQfirYc0SouR%2B0s5Ih6hvrqHiaq6o2W5C8bEjHibdUZexTyJo1lazQSrWFLFEEs2r9I5zI7zJIJRhtjDRqMT2mWEhSz0I%2BaH8SFKeZLyKHwhXvFz4J3StdKn%2F9uoJhHy%2B8Oh8KcLnsHiJf0gIMvFmJBfFtublv%2FHimu1ZCmN7XyU%2FtB7vaA3sInc8cfBvVkXplHyy8ubxnysLAgHGYkIXU6Wv5%2B9%2FAY%3D&RelayState=ss%3Amem%3A150d9df5ab75295a24fca12bc49b9a40d23e5271c427c6c2346f21c174d65f0b
O15 - Trusted Zone: http://ssqc.ge.com
O15 - Trusted Zone: time.infra.ge.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: https://www.orange.fr/portail

O16 - DPF: Sametime MRC 651FP1 - http://europecomm02.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

_________________



si tu as CA antivirus et norton antivirus , vire un des deux sinon l'ordi va planter!

pour virer norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


___________________


ensuite mets a jour windows avec le sp3, adobe reader avec la version 9 et internet explorer avec la version 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
http://v4.windowsupdate.microsoft.com/fr/default.asp
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html







remets un dernier hijakchits et dis tes soucis actuels

jlpjlp · Answer

par curiosité les fichiers analysées sur virus total étaient infectés?

__________________



pour virer ce qui a été utilsé:
Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 

# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


_________________


Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..




bonne suite

Problème d'ouverture intempestive d’IE (pub)

7 réponses

Votre réponse

Discussions similaires

Newsletters