popup ou fenetres intempestives
Forum Accès Internet & Réseaux : popup ou fenetres intempestives
Bonjour à tous ! je sollicite votre aide pour un problème de fenetres intempestives " popup" qui s'ouvrent dès que je me connecte à internet et ce depuis quelques jours. voici quelques exemples :
http://www.coupon-online.com/normal/yyy102.html
http://www.clicksor.com/paypopup/r [...] tamp%5D%3F
http://www.ez-cheap.com/normal/yyy102.html
http://ad.jamster.com/landingpages [...] 7e48ff5f35
http://www.starware.com/2.0.0.0/la [...] herazoogle
http://ad.jamster.com/landingpages [...] 56d9f21006
http://e.rn11.com/adbuys/a405-admed-ron
http://www.searc-h.com/normal/yyy65.html
......
c'est vraiment génant j'ai essayé plusieurs logiciels en vain : Ad-aware 6.0 - spybot ..
voici le rapport hijackthis.log :
Logfile of HijackThis v1.99.1
Scan saved at 21:01:56, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BOUCHAMA\Bureau\Anti-Virus et Anti Espion\Programmes Divers\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Crocpopup] C:\Program Files\crocpopup\crocpopup.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: SYSTRAN: &Effacer le cache de traduction - C:\Program Files\Systran\Premium\menuClearCache.html
O8 - Extra context menu item: SYSTRAN: &Options - C:\Program Files\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Traduire - C:\Program Files\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: En®istrement - C:\Program Files\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: Rechercher les &mises à jour - C:\Program Files\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: Traduire les &cadres - C:\Program Files\Systran\Premium\menuTranslateAll.html
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Abonnés - {EEF4C0E6-2B51-4E7C-B475-F24B1C046C27} - http://abonne.menara.ma (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads [...] nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4A4ADC-A6E1-441A-A289-F69BF7D70FB6}: NameServer = 212.217.1.4 212.217.0.13
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\o884lilq18qe.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
j'ai fais aussi un scan online par Kaspersky ci-après le rapport :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 19, 2005 19:16:19
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/11/2005
Kaspersky Anti-Virus database records: 150907
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 86802
Number of viruses found: 12
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 10857 sec
Infected Object Name - Virus Name
C:\WINDOWS\SYSTEM32\pgpdolkf.exe Infected: Trojan-Proxy.Win32.Wopla.m
C:\WINDOWS\kl.exe Infected: Trojan-Spy.Win32.Small.dg
C:\WINDOWS\tool4.exe Infected: Trojan-Downloader.Win32.Small.bwr
C:\WINDOWS\tool3.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\WINDOWS\timessquare.exe Infected: Trojan.Win32.StartPage.aw
C:\WINDOWS\adtech2005.exe Infected: Trojan.Win32.VB.afn
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip/NudeBox.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip/Worker.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.u
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip/javautil.zip Infected: Trojan-Downloader.Win32.Small.bvv
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip/javautil.zip/bot.exe Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4a8befa0-5fefcb1a.zip Infected: Trojan-Downloader.Win32.Small.bmk
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-562403c5-66ba67c2.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-562403c5-66ba67c2.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\BOUCHAMA\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-562403c5-66ba67c2.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\mte3ndi6odoxng.exe Infected: Trojan-Downloader.Win32.Small.buy
Scan process completed.
a noter que le Ad-aware 6.0 me signale après scan les infectons suivantes :
REDIRECTED HOSTFILE ENTRY
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=Hosts file : 127.0.0.1 www.websearch.com
obj[1]=Hosts file : 127.0.0.1 websearch.com
je vous prie de m'apporter de l'aide pour éradiquer ces popup pour cela quequ'un pourait il analyser les rapports et m'indiquer une solution ? merci d'avance !
:-) :-)
Il y a 243 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
