Publicité intempestive
Metoo
-
Metoo -
Metoo -
Bonjour,
j'ai le même problème que beaucoup d'netre vous avec des publicités intempestive qui s'ouvre lors que je suis sur internet.
O20 - AppInit_DLLs: c:\windows\system32\garetuso.dll c:\windows\system32\sizumeju.dll,C:\WINDOWS\System32\yizesoko.dll
J'ai pu remarque que AppInit8DLLS était infecté. j'ai essayé de suivre cette manipulation
http://assiste.com.free.fr/p/abc/a/appinit_dlls.html
mais le repertoir windows se régénère.
Merci par avance pour votre aide.
Metoo
j'ai le même problème que beaucoup d'netre vous avec des publicités intempestive qui s'ouvre lors que je suis sur internet.
O20 - AppInit_DLLs: c:\windows\system32\garetuso.dll c:\windows\system32\sizumeju.dll,C:\WINDOWS\System32\yizesoko.dll
J'ai pu remarque que AppInit8DLLS était infecté. j'ai essayé de suivre cette manipulation
http://assiste.com.free.fr/p/abc/a/appinit_dlls.html
mais le repertoir windows se régénère.
Merci par avance pour votre aide.
Metoo
A voir également:
- Publicité intempestive
- Supprimer publicité - Guide
- Bloquer publicité youtube - Accueil - Streaming
- Publicité sms - Guide
- Comment supprimer une publicité sur facebook - Guide
- Un bloqueur de publicité empêche la lecture. veuillez le désactiver pour démarrer la vidéo - Forum Réseaux sociaux
1 réponse
Salut Metoo
Télécharge, installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
puis, lance un scan complet et poste le rapport.
PS : pour supprimer les infections, choisis l'option Supprimer la sélection.
Ensuite, poste un rapport HTJ.
Télécharge, installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
puis, lance un scan complet et poste le rapport.
PS : pour supprimer les infections, choisis l'option Supprimer la sélection.
Ensuite, poste un rapport HTJ.
merci pour ta réactivité. j'ai fait ce que tu m'as demandé et j'ai l'impresson que tout est rentré dans l'ordre.
Avant de me faire remonter les bretelles je sais je suis en SP1. j'vaais essayé de paser en SP2 à l'époquemais ca avait fait planter mon PC.
Premier rapport:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1503
Windows 5.1.2600 Service Pack 1
16/12/2008 01:09:19
mbam-log-2008-12-16 (01-09-19).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 128743
Temps écoulé: 1 hour(s), 7 minute(s), 38 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 41
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\zazuporo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jituwuwa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yizesoko.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\sizumeju.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\garetuso.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83f2e35f-567a-4bbb-aaa9-630c0c68c843} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83f2e35f-567a-4bbb-aaa9-630c0c68c843} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{73364d99-1240-4dff-b12a-67e448373148} (Spyware.Bzub) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmab8102c3 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\modemazovo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yizesoko.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yizesoko.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yizesoko.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\sizumeju.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\sizumeju.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\garetuso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\garetuso.dll -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\hafoyara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arayofah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kafudera.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aredufak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lasefoye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyofesal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nejehavi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivahejen.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tikutove.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evotukit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vusuputu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utupusuv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yofabutu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utubafoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zekibawi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwabikez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\garetuso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zazuporo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jituwuwa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yizesoko.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\sizumeju.dll (Trojan.Vundo) -> Delete on reboot.
C:\!Submit\garetuso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Webamaster\Bureau\spy\backups\backup-20081214-180101-515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Webamaster\Bureau\spy\backups\backup-20081215-224636-340.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Webamaster\Bureau\spy\backups\backup-20081215-230945-874.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Webamaster\Bureau\spy\backups\backup-20081215-231003-366.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP364\A0077334.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP364\A0078370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP368\A0080580.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP368\A0082671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP368\A0082672.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{60B40265-8A06-4FDC-9AE2-E888F9894097}\RP368\A0082673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\defadegi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fenobeko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\galofedi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jejowada.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puregidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\safodaru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sozewema.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weziyolo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Webamaster\svchosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Et le HJT:
Logfile of HijackThis v1.99.1
Scan saved at 01:18:55, on 16/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Webamaster\Bureau\spy\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://aspglobal.ahnlab.com/asp/cab/AhnASP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Du fait de la procédure que j'avais suivi pour supprimé les dll dans ApInit-DLLs, j'ai du le recréer à la main par lasuite dans le regedit répertoire windows, j'ai bien fait?
Effet de bord bizarre , quand je suis dans IE et que je clique sur la fleche de la barre d'adresse pour voir les autres adresses disponibles, le volet déroulant ne s'affiche plus. Une idée?
Merci encore pour ton aide.
Cordialement,
Metoo