Informatique - Forum informatique - telechargement gratuit
 CONTACT 
Gsiteg(à)gmail.com
Renplacer (à) par @


 FAQFAQ   RechercherRechercher   S'enregistrerS'enregistrer   ProfilProfil   Se connecter pour vérifier ses messages privésSe connecter pour vérifier ses messages privés   ConnexionConnexion 


explorer en folie...
Aller à la page 1, 2  Suivante
 
Poster un nouveau sujet   Répondre au sujet    GsiteG Index du Forum -> Internet & Réseaux
Auteur Message
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Ven Nov 21, 2008 3:14 pm    Sujet du message: explorer en folie... Répondre en citant
Bonjour

Depuis quelques temps ma connexion à explorer se fait ou se fait pas...on dirait que çà dépend de son humeur. Çà a coïncidé avec des messages ou il apparaissait que mon ordi était infecté... pourtant je devrais être protégé par le serveur du bureau!
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Ven Nov 21, 2008 8:40 pm    Sujet du message: - : explorer en folie... Répondre en citant
salut Jean.

il s'agit vraisemblablement d'une infection par un rogue, c'est à dire un faux logiciel de sécurité.

- Télécharge Hijackthis V 2.02 -://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

- Fais un double clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Notepad s'ouvrira fais un copier coller de tout son contenu ici dans ta prochaine réponse.

au passage, je déconseille l'utilisation d'internet explorer peu fiable en matière de sécurité au profit d'un navigateur comme Firefox ou Opera par exemple.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Lun Nov 24, 2008 9:34 pm    Sujet du message: internet en folie Répondre en citant
Bonjour Arba

voici le contenu du note pad (en passant je serais supposé être protéger par la protection du ministère! )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:32, on 2008-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\TEMP\WJ9531.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\URGBB4XK\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = -://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {10310D87-CF17-4A4F-94E7-6870DA9D1493} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: {8a8addeb-da98-5d09-2f84-4b13a81cc405} - {504cc18a-31b4-48f2-90d5-89adbedda8a8} - C:\WINDOWS\system32\pdkztg.dll
O2 - BHO: (no name) - {5D6920CA-C582-4C80-A8E4-0749F67529BB} - C:\WINDOWS\system32\nnnnLFYq.dll
O2 - BHO: (no name) - {6050a2da-e1d9-4614-8d64-142259aa9c2b} - C:\WINDOWS\system32\fapumoke.dll
O2 - BHO: (no name) - {8BB218A6-EBB9-487E-AE56-F695DA5077C3} - C:\WINDOWS\system32\wvuVlLcA.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jinitiator] C:\Gestion\Perso\jinit.vbs
O4 - HKLM\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4167455011-4006951476-1492775809-14726\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=-://www.mapaq
O16 - DPF: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF} (JInitiator 1.3.1.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O17 - HKLM\Software\..\Telephony: DomainName = mapaq.ministere.prod
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O20 - AppInit_DLLs: pdkztg.dll,C:\WINDOWS\system32\ludiyofu.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: wvuVlLcA - C:\WINDOWS\SYSTEM32\wvuVlLcA.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 8976 bytes
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Mar Nov 25, 2008 8:30 am    Sujet du message: - : explorer en folie... Répondre en citant
tu es bien infecté Jean par un trojan de type Vundo

ta protection "ministérielle" (lol) doit agir comme un routeur ce qui n'est hélas pas suffisant : tu ne disposes ni d'antivirus, ni de parefeu et ta version d'internet explorer (la 6) est fort exploitée par les hackers car soumise a de nombreuses failles critiques de sécurité....

toutefois pour rendre la désinfection plus efficace, tu dois me soumettre un nouveau rapport Hijackthis lancé cette fois depuis ton bureau.

ici :C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\URGBB4XK\HiJackThis[1].exe

soit un dossier temporaire.

donc reposte moi un log fait depuis ton bureau stp.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Mar Nov 25, 2008 3:20 pm    Sujet du message: internet en folie Répondre en citant
Salut Arba

Je te poste ce log fait selon ce que tu as demandé

merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:52, on 2008-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\TEMP\QS8033.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\URGBB4XK\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = -://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {10310D87-CF17-4A4F-94E7-6870DA9D1493} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: {bbd62b1b-c22d-8929-7fb4-a99c02146c85} - {58c64120-c99a-4bf7-9298-d22cb1b26dbb} - C:\WINDOWS\system32\nyrdxi.dll
O2 - BHO: (no name) - {6050a2da-e1d9-4614-8d64-142259aa9c2b} - C:\WINDOWS\system32\fapumoke.dll
O2 - BHO: (no name) - {8BB218A6-EBB9-487E-AE56-F695DA5077C3} - C:\WINDOWS\system32\wvuVlLcA.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {DB559F0B-CB83-4CF4-9E64-E37EBE38F86A} - C:\WINDOWS\system32\nnnnLFYq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jinitiator] C:\Gestion\Perso\jinit.vbs
O4 - HKLM\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=-://www.mapaq
O16 - DPF: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF} (JInitiator 1.3.1.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O17 - HKLM\Software\..\Telephony: DomainName = mapaq.ministere.prod
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\ludiyofu.dll nyrdxi.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: wvuVlLcA - C:\WINDOWS\SYSTEM32\wvuVlLcA.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 8197 bytes
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Mar Nov 25, 2008 4:03 pm    Sujet du message: - : explorer en folie... Répondre en citant
c'est etrange mais ton log a encore été éxécuté depuis un dossier temporaire...

on va s'atteler a la désinfection quand meme :

1)télécharge Malwarebytes antimalware, installe le et fais ca mise a jour en t'aidant de ce lien :
-://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

2)désactive la restauration systeme sur tous les lecteurs (clique droit poste de travail, propriétés, et coche la case "désactiver la restauration" dans l'onglet restauration du systeme"

3)redémarre en mode sans echec (tapote f8 au démarrage , mode sans echec ,choisi ta session et pas celle nommmé administrateur) et fais un scan complet de tout tes volumes en t'aidant du lien plus haut (sans omettre de"suppprimer la séléction" a la fin du travail).

4)poste moi le rapport malwarebytes ainsi qu'un nouveau log hijacthis du bureau cette fois :

sur ton log il apparait ceci : C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\URGBB4XK\HiJackThis[1].exe

normalement on devrait avoir quelque chose comme cela :
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

ou encore :

C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

a plus tard.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Mar Nov 25, 2008 4:59 pm    Sujet du message: internet en folie Répondre en citant
Arba


Je ne peux pas démarrer en mode sans échec car il me demande un mot de passe...celui actuel ne fait pas l'affaire. J'ai beau essune panoplie de vieux mots de passe...çà ne marche pas! Embarassed

je fait quoi?
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Mar Nov 25, 2008 5:53 pm    Sujet du message: - : explorer en folie... Répondre en citant
fais la procedure en mode normal alors.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Mar Nov 25, 2008 7:27 pm    Sujet du message: internet en folie Répondre en citant
alors voilà le premier rapport

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1423
Windows 5.1.2600 Service Pack 2

2008-11-25 14:18:56
mbam-log-2008-11-25 (14-18-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 138797
Temps écoulé: 47 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 13
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnnLFYq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rjsestgf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wvuVlLcA.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nyrdxi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wyjqxpqj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cclgnx.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuvllca (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6050a2da-e1d9-4614-8d64-142259aa9c2b} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6050a2da-e1d9-4614-8d64-142259aa9c2b} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a6743498 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\niriyobobu (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnnlfyq -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlfyq -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q=%s) Good: (-://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q=%s) Good: (-://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q={searchTerms}) Good: (-://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (-://internetsearchservice.com/ie6.html) Good: (-://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q={searchTerms}) Good: (-://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\WINDOWS\system32\734914 (Trojan.BHO) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\cclgnx.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wvuVlLcA.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnnLFYq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qYFLnnnn.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qYFLnnnn.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fmaxqlli.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\illqxamf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rjsestgf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fgtsesjr.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\srludjtu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\utjdulrs.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fapumoke.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\system32\nyrdxi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wyjqxpqj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\734914\734914.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\F7HNN1SW\index[1] (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\HZCY848P\zc113432[1] (Trojan.Vundo.H) -> No action taken.
C:\VundoFix Backups\ssqrs.dll.bad (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fCrRKeEX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nuwgavti.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vhufsx(2).dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\dunuhobu.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMa5470704.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BMa5470704.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.


et le rapport hijac fait à partir du bureau

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:28, on 2008-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\TEMP\UB816C.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\agrc244\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = -://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = -://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jinitiator] C:\Gestion\Perso\jinit.vbs
O4 - HKLM\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s
O4 - HKLM\..\Run: [a6743498] rundll32.exe "C:\WINDOWS\system32\rjsestgf.dll",b
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4167455011-4006951476-1492775809-14726\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=-://www.mapaq
O16 - DPF: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF} (JInitiator 1.3.1.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O17 - HKLM\Software\..\Telephony: DomainName = mapaq.ministere.prod
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\ludiyofu.dll cclgnx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 7329 bytes
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Mar Nov 25, 2008 7:35 pm    Sujet du message: - : explorer en folie... Répondre en citant
il faudrait que tu relances malwarebyte et choisir a la fin du scan "supprimer la selection"

ici : "no action taken" soit pas d'action entreprise.

aide toi de ce tuto : -://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/tuto-securite/malwarebytes-anti-malware-352008/messages-1.html

poste moi le rapport et ensuite un log hijackthis stp.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Mer Nov 26, 2008 2:05 pm    Sujet du message: internet en folie Répondre en citant
voilà le rapport mbam

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1423
Windows 5.1.2600 Service Pack 2

2008-11-26 08:58:53
mbam-log-2008-11-26 (08-58-53).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 139428
Temps écoulé: 46 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 13
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnnLFYq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rjsestgf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvuVlLcA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nyrdxi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wyjqxpqj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cclgnx.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuvllca (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6050a2da-e1d9-4614-8d64-142259aa9c2b} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6050a2da-e1d9-4614-8d64-142259aa9c2b} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf332d42-ed0f-45e9-8793-06c4b94e1ad9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0caf6ab3-c3b5-47d0-aed3-2a8a61642304} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a6743498 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8bb218a6-ebb9-487e-ae56-f695da5077c3} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\niriyobobu (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\nnnnlfyq -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnlfyq -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q=%s) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q=%s) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q={searchTerms}) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (-://internetsearchservice.com) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (-://internetsearchservice.com/ie6.html) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (-://internetsearchservice.com/search?q={searchTerms}) Good: (-://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\734914 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\cclgnx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wvuVlLcA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\nnnnLFYq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qYFLnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qYFLnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmaxqlli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\illqxamf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjsestgf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fgtsesjr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srludjtu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utjdulrs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fapumoke.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\nyrdxi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wyjqxpqj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\734914\734914.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\F7HNN1SW\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\HZCY848P\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\agrc244\Local Settings\Temporary Internet Files\Content.IE5\ZMRPT1R7\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Temp\winvjoBN.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ssqrs.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fCrRKeEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuwgavti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vhufsx(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dunuhobu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMa5470704.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMa5470704.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


et le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:03, on 2008-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\TEMP\GM96AF.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\agrc244\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -://www.mapaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {10310D87-CF17-4A4F-94E7-6870DA9D1493} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: (no name) - {6050a2da-e1d9-4614-8d64-142259aa9c2b} - C:\WINDOWS\system32\fapumoke.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jinitiator] C:\Gestion\Perso\jinit.vbs
O4 - HKLM\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [niriyobobu] Rundll32.exe "C:\WINDOWS\system32\dunuhobu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=-://www.mapaq
O16 - DPF: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF} (JInitiator 1.3.1.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O17 - HKLM\Software\..\Telephony: DomainName = mapaq.ministere.prod
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O20 - AppInit_DLLs: C:\WINDOWS\system32\ludiyofu.dll cclgnx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 6852 bytes
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Mer Nov 26, 2008 2:13 pm    Sujet du message: - : explorer en folie... Répondre en citant
il te faut maintenant utiliser Combofix.

Suis attentivement ce lien -://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

il te propose le téléchargement du fix ainsi que la procédure.

poste a la fin le log combofix et un nouveau hijackthis.
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Mer Nov 26, 2008 4:01 pm    Sujet du message: internet en folie Répondre en citant
Il me fait peur ton logiciel! je me suis rendu jusqu'à l'étape ou je fais glisser l'icone de la console de récupération sur combofix mais après plus rien...l'ordi me dit que la source n'a pu être vérifié et j'ai fait exécuter....normalement combofix devrait installer la console et me signaler qu'elle l'est et si je veux faire une analyse.... je ne reçoit pas ce message... je fais quoi? pourtant j'ai mis la bonne version
Voir le profil de l'utilisateur Envoyer un message privé
Jean Lavallée
-
-


Inscrit le: 18 Fév 2008
Messages: 57
MessagePosté le: Jeu Nov 27, 2008 4:35 pm    Sujet du message: internet en folie Répondre en citant
Bonjour Arba

voici le rapport de combo

ComboFix 08-11-26.03 - AGRC244 2008-11-27 11:19:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1375 [GMT -5:00]
Lancé depuis: d:\agrc244\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\agrc244\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\b104.exe.bin
c:\windows\b128.exe.bin
c:\windows\b138.exe.bin
c:\windows\b152.exe.bin
c:\windows\b154.exe.bin
c:\windows\b155.exe.bin
c:\windows\IE4 Error Log.txt
c:\windows\system32\~.exe
c:\windows\system32\BdLUCJlm.ini2
c:\windows\system32\bevozeti.dll
c:\windows\system32\bopufeto.dll
c:\windows\system32\chqpeo.dll
c:\windows\system32\dgaeovfw.dll
c:\windows\system32\emadobil.ini
c:\windows\system32\fogehile.dll
c:\windows\system32\itezoveb.ini
c:\windows\system32\libodame.dll
c:\windows\system32\ludiyofu.dll
c:\windows\system32\otefupob.ini
c:\windows\system32\pdkztg.dll
c:\windows\system32\pqbxuf(2).dll
c:\windows\system32\qifixfke.dll
c:\windows\system32\rotatopu.dll
c:\windows\system32\sadezaji.dll
c:\windows\system32\yetakrgo.ini
c:\windows\Tasks\xbqojxed.job

----- BITS: Il y a peut-être des sites infectés -----

hxxp://SEPT1-INFMP01:80
hxxp://QUBC1-SMSPP01:80
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.

2008-11-27 11:26 . 2008-11-27 11:26 <REP> d-------- c:\temp\WPDNSE
2008-11-27 11:26 . 2008-11-27 11:26 53,248 --a------ c:\temp\catchme.dll
2008-11-27 11:24 . 2006-02-07 15:10 172,099 --a------ c:\temp\ZB57E1.EXE
2008-11-25 13:19 . 2008-11-25 13:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 13:19 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 13:19 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-25 10:07 . 2008-11-25 10:07 8,192 --ahs---- c:\windows\Thumbs.db
2008-11-24 16:42 . 2008-11-27 11:26 <REP> d-------- c:\temp\Xerox
2008-11-24 16:41 . 2008-11-24 16:41 <REP> d-------- c:\documents and settings\agrc244\Application Data\Xerox
2008-11-24 09:06 . 2008-11-25 14:22 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-24 09:06 . 2008-11-24 09:06 1,409 --a------ c:\windows\QTFont.for
2008-11-17 13:26 . 2008-11-17 13:26 <REP> d---s---- c:\temp\Temporary Internet Files
2008-11-17 13:26 . 2008-11-17 13:26 <REP> d---s---- c:\temp\Historique
2008-11-17 13:26 . 2008-11-27 11:26 <REP> d---s---- c:\temp\Cookies
2008-10-30 13:18 . 2008-10-30 13:18 <REP> d-------- c:\temp\PEA449C

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 21:15 --------- d-----w c:\documents and settings\agrc244\Application Data\U3
2008-10-30 14:35 --------- d-----w c:\program files\Microsoft Digital Image 2006
2008-10-07 02:59 --------- d-----w c:\program files\MSECache
2008-10-07 02:57 --------- d-----w c:\program files\Oracle
2008-10-03 11:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-05-22 17:47 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-17 81920]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 208896]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 356352]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-05 144384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-06 282624]
"jinitiator"="c:\gestion\Perso\jinit.vbs" [2006-07-12 3837]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"RecycleBinSize"= 5 (0x5)
"DisallowCpl"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuSubFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 22:17 89600 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 14:52 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
--a------ 2007-07-05 14:58 413696 c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
--a------ 2007-07-05 14:51 126976 c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--------- 2007-05-04 10:00 237568 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
--------- 2007-03-22 12:02 120368 c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perso]
--a------ 2007-06-11 09:49 9821 c:\gestion\Perso\Perso.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 2007-03-14 21:56 49168 c:\program files\ThinkVantage Fingerprint Software\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-06 14:48 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2007-04-09 02:23 1015808 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-06-03 21:05 32881 c:\program files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-13 08:09 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-05-04 10:00 512000 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2007-05-04 10:00 110592 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2007-03-09 13:49 66176 c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2007-01-09 16:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-17 10:53 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 01:11 65536 c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2007-09-28 13:28 181544 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 fttxr52P;fttxr52P;c:\windows\system32\DRIVERS\fttxr52P.sys [2007-10-24 150528]
R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-09-28 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-09-28 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-02-20 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2008-02-20 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-02-20 4442]
R2 CcmExec;Hôte de l'agent SMS;c:\windows\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Fichiers communs\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys []
S3 prepdrvr;SMS Process Event Driver;\??\c:\windows\system32\CCM\prepdrv.sys [2007-04-13 23416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75f8d196-ea17-11dc-9383-001de0203fa1}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fcd6f7a-6c9e-11dd-93c8-001de0203fa1}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\INF\wmactedp.inf,PerUserStub,,4
.
Contenu du dossier 'Tâches planifiées'

2008-11-27 c:\windows\Tasks\At1.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At10.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At11.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At12.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At13.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At14.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At15.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At16.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At17.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At18.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-26 c:\windows\Tasks\At19.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At2.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At20.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At21.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At22.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At23.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At24.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At3.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At4.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At5.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At6.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At7.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At8.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\At9.job
- c:\windows\system32\c7OThaL8.exe [2008-03-07 16:34]

2008-11-27 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-21 00:19]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{10310D87-CF17-4A4F-94E7-6870DA9D1493} - c:\windows\system32\ssqrs.dll
BHO-{6050a2da-e1d9-4614-8d64-142259aa9c2b} - c:\windows\system32\fapumoke.dll
HKLM-Run-niriyobobu - c:\windows\system32\dunuhobu.dll
Notify-AtiExtEvent - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.mapaq
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL

O16 -: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, -://www.gmer.net
Rootkit scan 2008-11-27 11:26:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1068)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
c:\windows\system32\msiexec.exe
c:\temp\ZB57E1.EXE
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\userinit.exe
.
**************************************************************************
.
Heure de fin: 2008-11-27 11:27:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-27 16:27:46

Avant-CF: 18 443 862 016 octets libres
Après-CF: 19,125,030,912 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect
[boot loader]
Timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

328


et le nouveau rapport Hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33, on 2008-11-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\TEMP\ZB57E1.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\agrc244\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -://www.mapaq
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [jinitiator] C:\Gestion\Perso\jinit.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=-://www.mapaq
O16 - DPF: {CAFECAFE-0013-0001-0024-ABCDEFABCDEF} (JInitiator 1.3.1.24) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O17 - HKLM\Software\..\Telephony: DomainName = mapaq.ministere.prod
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mapaq.ministere.prod
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 6341 bytes
Voir le profil de l'utilisateur Envoyer un message privé
arba
..
..


Inscrit le: 27 Jan 2008
Messages: 864
MessagePosté le: Jeu Nov 27, 2008 9:19 pm    Sujet du message: - : explorer en folie... Répondre en citant
j'ai regardé ton log et c'est propre.

seul le fichier C:\TEMP\ZB57E1.EXE me parait suspect.

Analyse le ici -://www.virustotal.com/fr/

en t'aidant du tuto ici : -://forum.pcastuces.com/scan_chez_virus_total-f31s15.htm

poste moi le log virus total stp (ps : c'est bientot fini! courage!).
Voir le profil de l'utilisateur Envoyer un message privé


Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet    GsiteG Index du Forum -> Internet & Réseaux Toutes les heures sont au format GMT
Aller à la page 1, 2  Suivante
Page 1 sur 2

 
Sauter vers:  

discussions similaires
demarrage explorer.exe marche pas virus
Caractères Arabes avec Mobile Explorer de Windows Mobile 6
explorer lance windows installer
Internet explorer se ferme tout seul avec windows xp sp2
Windows explorer.exe ralentit tout


Powered by phpBB © 2001, 2005 phpBB Group
Traduction par : phpBB-fr.com
phpBB SEO


Articles OuedZem | Gagner de l'argent | Webdesigner | Forum informatique | Sapeurs-pompiers

Copyright © 2007 www.GsiteG.com - Tous droits réservés