Tout Déconne!!

[Mia27]

Bonjour a tous et toutes,

 

Alors voila le problème...

 

Mon PC a gelé et j'ai du faire une restauration systeme car rien ne marchait.

 

J'ai même de beau petit cadenas sur un paquet de dossier et je n'ai plus accès!!!

 

Mais voila que avast ne réponds plus, Une extension du nom de XUL cache 1.0 est installé dans

firefox, plus capable de désinstaller certain programme, bref je galere un peu

 

et réclame votre aide!

 

Merci pour tout et bonne journée!

 

 

 

Voici le raport HiJack this:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:55:11, on 2009-10-29

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Stealth Service Helper (StealthInjectorService) - Softwareentwicklung Remus - C:\Program Files\Micro Application\PC Anonyme\IJStealth4Svc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

 

--

End of file - 5145 bytes

 

 

 

 

Celui d'ANTIVIR:

 

 

 

 

 

Avira AntiVir Personal

Report file date: 29 octobre 2009 04:04

 

Scanning for 1846740 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (plain) [6.1.7600]

Boot mode : Save mode

Username : Mark

Computer name : GABRIEL-PC

 

Version information:

BUILD.DAT : 9.0.0.410 18074 Bytes 2009-09-25 11:56:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 2009-07-21 18:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2009-02-27 15:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2009-02-27 15:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 17:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 2009-06-24 14:21:42

ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 2009-10-28 06:27:19

ANTIVIR3.VDF : 7.1.6.162 10240 Bytes 2009-10-28 06:27:19

Engineversion : 8.2.1.50

AEVDF.DLL : 8.1.1.2 106867 Bytes 2009-10-29 06:27:33

AESCRIPT.DLL : 8.1.2.40 487804 Bytes 2009-10-29 06:27:32

AESCN.DLL : 8.1.2.5 127346 Bytes 2009-10-29 06:27:31

AERDL.DLL : 8.1.3.2 479604 Bytes 2009-10-29 06:27:30

AEPACK.DLL : 8.2.0.2 422263 Bytes 2009-10-29 06:27:29

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 2009-07-23 14:59:39

AEHEUR.DLL : 8.1.0.173 2064760 Bytes 2009-10-29 06:27:28

AEHELP.DLL : 8.1.7.0 237940 Bytes 2009-10-29 06:27:24

AEGEN.DLL : 8.1.1.70 364917 Bytes 2009-10-29 06:27:23

AEEMU.DLL : 8.1.1.0 393587 Bytes 2009-10-29 06:27:22

AECORE.DLL : 8.1.8.1 184693 Bytes 2009-10-29 06:27:20

AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-09 19:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 2009-10-29 06:27:33

AVREP.DLL : 8.0.0.3 155905 Bytes 2009-01-20 19:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 2008-12-05 15:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-03-24 20:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 2008-12-05 15:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-05-15 20:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 2009-04-17 15:19:48

 

Configuration settings for the scan:

Jobname.............................: Manual Selection

Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp

Logging.............................: low

Primary action......................: delete

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: on

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic.....................: on

File heuristic......................: high

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Start of the scan: 29 octobre 2009 04:04

 

Initiating scan of system files:

Signed -> 'C:\Windows\system32\svchost.exe'

Signed -> 'C:\Windows\system32\winlogon.exe'

Signed -> 'C:\Windows\explorer.exe'

Signed -> 'C:\Windows\system32\smss.exe'

Signed -> 'C:\Windows\system32\wininet.DLL'

Signed -> 'C:\Windows\system32\wsock32.DLL'

Signed -> 'C:\Windows\system32\ws2_32.DLL'

Signed -> 'C:\Windows\system32\services.exe'

Signed -> 'C:\Windows\system32\lsass.exe'

Signed -> 'C:\Windows\system32\csrss.exe'

Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'

Signed -> 'C:\Windows\system32\spoolsv.exe'

Signed -> 'C:\Windows\system32\alg.exe'

Signed -> 'C:\Windows\system32\wuauclt.exe'

Signed -> 'C:\Windows\system32\advapi32.DLL'

Signed -> 'C:\Windows\system32\user32.DLL'

Signed -> 'C:\Windows\system32\gdi32.DLL'

Signed -> 'C:\Windows\system32\kernel32.DLL'

Signed -> 'C:\Windows\system32\ntdll.DLL'

Signed -> 'C:\Windows\system32\ntoskrnl.exe'

Signed -> 'C:\Windows\system32\ctfmon.exe'

The system files were scanned ('21' files)

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

19 processes with 19 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '23' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Windows\System32\drivers\sptd.sys

[WARNING] The file could not be opened!

 

 

End of the scan: 29 octobre 2009 04:38

Used time: 33:57 Minute(s)

 

The scan has been done completely.

 

13439 Scanned directories

174240 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

3 Files cannot be scanned

174237 Files not concerned

1222 Archives were scanned

3 Warnings

2 Notes

[Falkra]

Bonjour,

 

on ne voit aucune virus là dedans, mais quelle est cette version de Vista ?

[Mia27]

Ah non??

 

Hummm...j'ai tout un probleme alors!!!

 

C'est Windows 7 édition intégrale...

 

Donc tout est ok??

 

Merci de ton aide

[Falkra]

Je note, pour Windows 7, car HijackThis ne le reconnaît pas, c'est normal. Merci.

 

Désactive le module "XUL cache" de Firefox, et relance-le, pour voir.

[Mia27]

Ca fonctionne,

 

Mais dit moi a quoi sert cette extension...et pourquoi elle s'est installer toute seule??

 

Merci

[Falkra]

IL faut qu'on voie ça de près, maintenant que ça va mieux, j'aurai peut-être des fichiers (infectieux) à récupérer.

 

FoxScan est un outil développé par Loup blanc pour l'affichage et l'analyse des paramètres du navigateur Mozilla FireFox afin d'y détecter des éléments anormaux voire infectieux.

 

-> Télécharge FoxScan dans le répertoire de ton choix, par exemple dans celui dans lequel tu ranges les outils à conserver : Mes Documents\Mes Téléchargements.

-> Ouvre le répertoire dans lequel tu as téléchargé et démarre Foxscan via clic droit, exécuter en tant qu'administrateur sur FoxScan.exe

-> Une fenêtre de commande s'ouvre et affiche quelques informations générales.

-> Laisse faire l'outil jusqu'à affichage de "Recherches terminées.

Appuyer sur une touche pour continuer...". Appuie par exemple sur [Entrée].

-> Le programme ouvre alors son rapport dans une fenêtre du Bloc-notes.

Ce rapport est aussi rangé dans le même répertoire que FoxScan.bat sous le nom de Rapport-FS.txt.

-> Poste ce rapport sur le forum (effectue un copier-coller) pour le soumettre à l'analyse du Conseiller en sécurité que te l'a demandé.

-> Ferme le Bloc-notes et attends les instructions du Conseiller.

 

FoxScan étant un outil d'affichage, il n'est pas dangereux et peut être conservé sur le disque. Néanmoins, il est conseillé de télécharger la version la plus récente avant utilisation car des améliorations ont pu y être apportées.