[resolu]Messages publicitaires intempestifs

loubita · le 13 mai 2008

bonjour, je suis envahi depuis peu de message publicitaire Pouvez vous m aider a m en débarrasser

j ai windows xp et navigue avec internet explorer 7 et voici un rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:14, on 13/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\CABRAL\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [internet_Explorer.exe] C:\Windows\System32\Internet_Explorer.exe

O4 - HKLM\..\Run: [csrss] C:\Arquivos de programas\csrss.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"

O4 - HKCU\..\Run: [vtgjhbtko] c:\documents and settings\cabral\local settings\application data\vtgjhbtko.exe vtgjhbtko

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU')

O4 - Startup: IcoSauve.lnk = ?

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O15 - Trusted Zone: http://assistance.club-internet.fr

O15 - Trusted Zone: http://flashmail.club-internet.fr

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - http://www.gamehouse.com/realarcade-webgam...GamesPlayer.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5423 bytes

angelique · le 13 mai 2008

• relance HijackThis" do a system scan only" , coche les lignes ci dessous et clic fixchecked:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [internet_Explorer.exe] C:\Windows\System32\Internet_Explorer.exe

O4 - HKLM\..\Run: [csrss] C:\Arquivos de programas\csrss.exe

O4 - HKCU\..\Run: [vtgjhbtko] c:\documents and settings\cabral\local settings\application data\vtgjhbtko.exe vtgjhbtko

==>clic fixhecked

• utilise navilog1 option 1 puis suivi de l'option 2 en respectant ce tuto, choisi bien ta langue ^^:

http://www.malekal.com//Adware.Magic_Control.php

tu posteras le rapport de l'option 2

• tu feras un scan antivir et tu posteras le rapport avec un nouveau rapport Hijackthis

loubita · le 14 mai 2008

Bonjour Angelique merci pour ton aide je t envoie pour commencer le raport de navilog option2

Clean Navipromo version 3.5.7 commencé le 14/05/2008 à 10:47:06,53

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "CABRAL"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Système de fichiers : NTFS

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

C:\WINDOWS\prefetch\vtgjhbtko*.pf trouvé !

Copie C:\WINDOWS\prefetch\vtgjhbtko*.pf réalisée avec succès !

C:\WINDOWS\prefetch\vtgjhbtko*.pf supprimé !

* Suppression dans "C:\Documents and Settings\CABRAL\locals~1\applic~1" *

vtgjhbtko.exe trouvé !

Copie vtgjhbtko.exe réalisée avec succès !

vtgjhbtko.exe supprimé !

vtgjhbtko.dat trouvé !

Copie vtgjhbtko.dat réalisée avec succès !

vtgjhbtko.dat supprimé !

vtgjhbtko_nav.dat trouvé !

Copie vtgjhbtko_nav.dat réalisée avec succès !

vtgjhbtko_nav.dat supprimé !

vtgjhbtko_navps.dat trouvé !

Copie vtgjhbtko_navps.dat réalisée avec succès !

vtgjhbtko_navps.dat supprimé !

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\CABRAL\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\CABRAL\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\CABRAL\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\CABRAL\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\CABRAL\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

Certificat Electronic-Group supprimé !

Certificat OOO-Favorit supprimé !

Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 14/05/2008 à 10:49:48,15 ***

loubita · le 14 mai 2008

et le raport antivir:

Avira AntiVir Personal

Report file date: mercredi 14 mai 2008 10:55

Scanning for 1264038 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: FAMILLECABRAL

Version information:

BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 13/05/2008 09:29:04

AVSCAN.DLL : 8.1.1.0 53505 Bytes 13/05/2008 09:29:04

LUKE.DLL : 8.1.2.9 151809 Bytes 13/05/2008 09:29:05

LUKERES.DLL : 8.1.2.1 12033 Bytes 13/05/2008 09:29:05

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:29:05

ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 09:29:05

ANTIVIR3.VDF : 7.0.4.31 163328 Bytes 13/05/2008 13:49:13

Engineversion : 8.1.0.42

AEVDF.DLL : 8.1.0.5 102772 Bytes 13/05/2008 09:29:05

AESCRIPT.DLL : 8.1.0.31 262522 Bytes 13/05/2008 09:29:05

AESCN.DLL : 8.1.0.16 119156 Bytes 13/05/2008 09:29:05

AERDL.DLL : 8.1.0.20 418165 Bytes 13/05/2008 09:29:05

AEPACK.DLL : 8.1.1.4 364918 Bytes 13/05/2008 09:29:05

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13/05/2008 09:29:05

AEHEUR.DLL : 8.1.0.26 1237366 Bytes 13/05/2008 09:29:05

AEHELP.DLL : 8.1.0.14 115063 Bytes 13/05/2008 09:29:05

AEGEN.DLL : 8.1.0.20 299380 Bytes 13/05/2008 09:29:05

AEEMU.DLL : 8.1.0.6 430451 Bytes 13/05/2008 09:29:05

AECORE.DLL : 8.1.0.28 168310 Bytes 13/05/2008 09:29:05

AVWINLL.DLL : 1.0.0.7 14593 Bytes 13/05/2008 09:29:04

AVPREF.DLL : 8.0.0.1 25857 Bytes 13/05/2008 09:29:04

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 13/05/2008 09:29:04

AVARKT.DLL : 1.0.0.23 307457 Bytes 13/05/2008 09:29:04

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 13/05/2008 09:29:04

SQLITE3.DLL : 3.3.17.1 339968 Bytes 13/05/2008 09:29:05

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 13/05/2008 09:29:05

NETNT.DLL : 8.0.0.1 7937 Bytes 13/05/2008 09:29:05

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 13/05/2008 09:29:02

RCTEXT.DLL : 8.0.32.0 86273 Bytes 13/05/2008 09:29:02

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 14 mai 2008 10:55

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '30' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Program Files\Navilog1\reboot.exe

[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program

[NOTE] The file was moved to '488caaba.qua'!

Begin scan in 'D:\' <disk 40 go>

Begin scan in 'E:\' <SAUVGARDE>

End of the scan: mercredi 14 mai 2008 11:16

Used time: 20:31 min

The scan has been done completely.

3766 Scanning directories

109779 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

109778 Files not concerned

6431 Archives were scanned

2 Warnings

1 Notes

loubita · le 14 mai 2008

et enfin le raport hijackThis: