pub intempestive...

[nanouetalain]

bonjour er merci pour aide,

 

impossible de naviguer normalement sans voir apparaite des pub

j'ai lancé ccleaner, adaware et spybot et AVG, rien à faire

 

ci-joint le rapport hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 17:02:57, on 15/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Documents and Settings\aaa\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js)

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[bruce lee]

Bonjour nanouetalain et bienvenue sur zebulon

 

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
  
• Clique sur le bouton Scan for Vundo
  
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
  
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
  
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt
  

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

 

Telecharge la version original de hijackThis http://www.merijn.org/files/hijackthis.zip

 

Déconnecte toi du net et installe le sur ton bureau

 

Lance le en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.

[nanouetalain]

merci pour ta réponse..

voilà les rapports obtenus:

 

vundofix:

C:\WINDOWS\system32\abeeg.ini2

C:\WINDOWS\system32\geeba.dll

C:\WINDOWS\system32\hqcebtnq.ini

C:\WINDOWS\system32\qntbecqh.dll

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:54:53, on 15/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js)

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[bruce lee]

Re,

 

Le rapport Vundofix n'est pas entier, poste le dans sa totalité ou :

 

Fais un clique droit sur HijackThis.exe puis choisis "renommer" et nomme le nanouetalain puis appuie sur "entré". Poste un nouveau rapport HijackThis s'il te plait.

 

@+

Modifié le 15 mai 2007 par bruce lee

[nanouetalain]

voila le dernier rapport...

 

Logfile of HijackThis v1.99.1

Scan saved at 20:42:28, on 15/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\aaa\Bureau\hijackthis\nanouetalain.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js)

O2 - BHO: (no name) - -{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {43DE05EB-4F4B-4ED9-BE0D-09F3EA6B3936} - C:\WINDOWS\system32\iifedcy.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {8AF5FF06-06D3-40DF-B765-D2E37612B98F} - C:\WINDOWS\system32\sstqr.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: (no name) - {D9244602-72D2-41A0-9D86-DBD4613F2E62} - C:\WINDOWS\system32\geeba.dll (file missing)

O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\efniqkse.dll

O2 - BHO: (no name) - {FD6DCE8D-7904-4B79-AC99-360C5E6DDFC5} - C:\WINDOWS\system32\vtstt.dll (file missing)

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O20 - Winlogon Notify: iifedcy - C:\WINDOWS\SYSTEM32\iifedcy.dll

O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[bruce lee]

Re,

 

Lance vundofix puis fait un clique droit dans le rectangle blanc puis un clique gauche sur add more files?

 

dans la premiere ligne copie/colle:

 

C:\WINDOWS\system32\qntbecqh.dll

 

clique ensuite sur:

 

add files puis ensuite sur Close Window et enfin sur Remove Vundo

 

Si l'outil te demande de redémarrer, accepte.

Copie/Colle ensuite le rapport C:\ vundofix.txt

 

 

 

[*]Double-clique VundoFix.exe afin de le lancer

[*]Clique sur le bouton Scan for Vundo

[*]Lorsque le scan est complété, clique sur le bouton Remove Vundo

[*]Une invite te demandera si tu veux supprimer les fichiers, clique YES

[*]Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

[*]Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

[*]Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Modifié le 15 mai 2007 par bruce lee

[nanouetalain]

bonjour,

voila donc mes derniers rapports obtenus??....:

 

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 18:27:46 15/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\abeeg.ini2

C:\WINDOWS\system32\geeba.dll

C:\WINDOWS\system32\hqcebtnq.ini

C:\WINDOWS\system32\qntbecqh.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\abeeg.ini2

C:\WINDOWS\system32\abeeg.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\geeba.dll

C:\WINDOWS\system32\geeba.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hqcebtnq.ini

C:\WINDOWS\system32\hqcebtnq.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qntbecqh.dll

C:\WINDOWS\system32\qntbecqh.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 19:01:01 15/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\rqtss.bak1

C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\vlhnsqby.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\rqtss.bak1

C:\WINDOWS\system32\rqtss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\rqtss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\sstqr.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\vlhnsqby.dll

C:\WINDOWS\system32\vlhnsqby.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 19:28:14 15/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\vtstt.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ttstv.bak1

C:\WINDOWS\system32\ttstv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttstv.ini

C:\WINDOWS\system32\ttstv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 19:44:34 15/05/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 20:45:46 15/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\efniqkse.dll

C:\WINDOWS\system32\rqtss.bak1

C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\sstqr.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\efniqkse.dll

C:\WINDOWS\system32\efniqkse.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtss.bak1

C:\WINDOWS\system32\rqtss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtss.ini

C:\WINDOWS\system32\rqtss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\sstqr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 21:20:24 15/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\xycdd.bak1

C:\WINDOWS\system32\xycdd.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\ddcyx.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\xycdd.bak1

C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xycdd.ini

C:\WINDOWS\system32\xycdd.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 22:28:07 15/05/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

Beginning removal...

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 22:44:32 15/05/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 06:59:27 16/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\hwgubmhb.dll

C:\WINDOWS\system32\xycdd.bak1

C:\WINDOWS\system32\xycdd.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\ddcyx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hwgubmhb.dll

C:\WINDOWS\system32\hwgubmhb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xycdd.bak1

C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xycdd.ini

C:\WINDOWS\system32\xycdd.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.3.23

 

Checking Java version...

 

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.8

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Java version is 1.5.0.11

 

Scan started at 08:36:21 16/05/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\gpdfaphc.dll

C:\WINDOWS\system32\ihkmp.bak1

C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\pmkhi.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\gpdfaphc.dll

C:\WINDOWS\system32\gpdfaphc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ihkmp.bak1

C:\WINDOWS\system32\ihkmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ihkmp.ini

C:\WINDOWS\system32\ihkmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkhi.dll

C:\WINDOWS\system32\pmkhi.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\pmkhi.dll

C:\WINDOWS\system32\pmkhi.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:00:27, on 16/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js)

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[bruce lee]

re,

 

Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci :

 

* Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec.

 

 

1/Télécharge puis installe http://www.ewido.net/en/download

Une fois AVG AS lancé, clique sur Mise à jour

Ferme le programme.

 

 

 

2/Démarre en mode sans échec http://www.sosordi.net/Faq/Faq.2.html

 

 

3/lance hijackthis en cliquant sur do a scan system only et coche cette ligne:

 

O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\qntbecqh.dll",realset

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

4/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

 

Décocher la case : Masquer les extensions des fichiers dont le type est connu

 

Décocher la case : Masquer les fichiers protégés du système d'exploitation

 

cliquer sur "Appliquer"

 

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

5/Supprime ce qui est en gras:

 

C:\WINDOWS\system32\ qntbecqh.dll<== le fichier

 

 

6/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Reclique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier infecté est détecté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau

 

 

7/Redémarre en mode normal

 

8/Poste le rapport d'AVG Anti spyware 7.5 ainsi qu'un nouveau log Hijackthis.

 

Bon courage, et si tu as la moindre question n'hésite surtout pas

 

@+

[nanouetalain]

bonsoir,

 

petit souci avec AVG AS qui a bien traité plusieurs fichiers infecté mais qui me dit "aucun rapport"....??

 

 

voilà à suivre le dernier rapport HijackThis:

 

@+

 

(et merci..)

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:07:14, on 16/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Documents and Settings\aaa\Bureau\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\aaa\Application Data\Mozilla\Profiles\default\wx7yb0fy.slt\prefs.js)

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN for Windows 2000\ATMsg.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Digital Pen rendezvous server (PenRendezvous) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: Digital Pen Socket to USB protocol (PenSup) - Logitech - C:\Program Files\Fichiers communs\Logitech\Pen\Phal\Service\LPhal.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

[bruce lee]

Re,

 

Fais un scan en ligne avec http://webscanner.kaspersky.fr/kavwebscan.html

 

dans la nouvelle fenetre qui s'affiche clique sur J'accepte

 

On va te demander de télécharger un ou deux contôle active x, accepte . Laisse le faire les mises à jour puis quand il aura finit clique sur Suivant

 

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .

Le scan va commencer.Poste le rapport qui sera généré stp.

 

Si il y a un problème, assure toi que les contrôles active x soient bien configurés dans les options internet comme

 

décrit sur ce lien=> http://www.inoculer.com/activex.php3

 

NOTE: le scan est a faire avec Internet Explorer