Votre question

grosse infection subite de virus sur mon pc please aidez moi

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Novembre 2007 11:36:45

bonjour à tous

j'ai besoin d'aide mon pc a été infecté je ne sais pas s'il reste encore des virus , le pc est tres lent ; voici mon log hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 03:50:42, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wmhvakbg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll
O2 - BHO: (no name) - {C649315D-A1E7-4570-8A42-1878B92E3DC4} - C:\WINDOWS\system32\nnlkj.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmhvakbg.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rhvqsuwb.exe"
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1189811315
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wmhvakbg - C:\WINDOWS\SYSTEM32\wmhvakbg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ecilevnt.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

MERCI POUR VOTRE AIDE

Autres pages sur : grosse infection subite virus please aidez

11 Novembre 2007 12:58:22

Bonjour,

Infection Vundo :

Fais ces manips dans l’ordre :

1/ Télécharge VundoFix.exe (d’ Atribune) :

Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok

Poste le rapport qui se trouve dans C:\vundofix.txt

2/ Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)
11 Novembre 2007 13:59:29

salut , merci pour ton attention j'ai fais ce que tu as dit :

rapport vundo : ( il a reperer qu'un seul element et n'a pas reussi a le supprimer) :

C:\WINDOWS\system32\wmhvakbg.dll


ensuite rapport combofix :

ComboFix 07-11-08.1 - Administrateur 2007-11-11 13:02:42.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Running from: F:\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Mes documents\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Mes documents\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1
C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1\HiJackThis_v2.exe
C:\Documents and Settings\Aharon\Bureau\internet.lnk
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Program Files\Fichiers communs\WinSoftware
C:\UGA6P
C:\WINDOWS\asks~1
C:\WINDOWS\asks~1\?asks\
C:\WINDOWS\system32\dylfiwms.dat
C:\WINDOWS\system32\dylfiwms_nav.dat
C:\WINDOWS\system32\dylfiwms_navps.dat
C:\WINDOWS\system32\jklnn.bak1
C:\WINDOWS\system32\jklnn.bak2
C:\WINDOWS\system32\jklnn.ini
C:\WINDOWS\system32\jklnn.ini2
C:\WINDOWS\system32\jklnn.tmp
C:\WINDOWS\system32\msegcompid.dll
C:\WINDOWS\system32\nnlkj.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\wmhvakbg.dllbox
C:\WINDOWS\system32\xafyxdvj.dat
C:\WINDOWS\system32\xafyxdvj_nav.dat
C:\WINDOWS\system32\xafyxdvj_navps.dat
C:\WINDOWS\tmlpcert2007
E:\sonicstage\Nouveau dossier\BestsellerAntivirus
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\Activate.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\bnlink.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\pv.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\kb.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\Online.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\rm.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\Support.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\LA\lapv.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\settings.ini
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\ASupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\PGupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\UBupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\up.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\updater.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 13:11 282,839 --a--c--- C:\catchme.zip
2007-11-11 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 04:23 2,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 04:21 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 04:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 04:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 04:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 04:21 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 03:49 <REP> d-------- E:\sonicstage\Nouveau dossier\Hijackthis Version Fran‡aise
2007-11-10 19:50 81,472 --a------ C:\WINDOWS\system32\ggxudvde.dll
2007-11-10 19:49 85,056 --a------ C:\WINDOWS\system32\njhmpjwq.dll
2007-11-08 22:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-08 22:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 13:17 80,448 --a------ C:\WINDOWS\system32\oiniqpki.dll
2007-11-08 13:14 145,984 --a------ C:\WINDOWS\system32\wmhvakbg.dll
2007-11-08 13:14 145,984 --a------ C:\WINDOWS\system32\tijaqfdl.dll
2007-11-07 23:28 36,352 --a------ C:\WINDOWS\system32\urqnnll.dll
2007-11-07 23:06 36,352 --a------ C:\WINDOWS\system32\urqroll.dll
2007-11-07 22:51 36,352 --a------ C:\WINDOWS\system32\ssqqnop.dll
2007-10-31 20:58 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-28 10:54 <REP> d-------- E:\sonicstage\Nouveau dossier\Java

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-11 10:57 --------- d-----w E:\sonicstage\Nouveau dossier\Hijackthis Version Française
2007-11-11 03:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\EoRezo
2007-11-11 03:26 23,423,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 02:01 575,264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 02:01 56,564 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-11 02:01 317,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-15 20:42 --------- d-----w E:\sonicstage\Nouveau dossier\Windows Live Toolbar
2007-09-23 20:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2007-09-23 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-23 11:17 --------- d-----w E:\sonicstage\Nouveau dossier\MSN Messenger
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-07 22:51 36352 --a------ C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0fd8853-e7ab-4c05-a652-ba9248937d65}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-08 13:14 145984 --a------ C:\WINDOWS\system32\wmhvakbg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb28c7c5-ce45-4a64-a206-c79d6defbcf6}]
2007-11-08 13:17 80448 --a------ C:\WINDOWS\system32\oiniqpki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wmhvakbg.dll [2007-11-08 13:14 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-20 17:43]
"SunJavaUpdateSched"="E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 13:02]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-17 15:25]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-04-01 14:04]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"bc2b3d9b"="C:\WINDOWS\system32\bxxlaawc.dll" []
"!AVG Anti-Spyware"="E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 12:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\ssqqnop.dll [2007-11-07 22:51 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnop]
ssqqnop.dll 2007-11-07 22:51 36352 C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmhvakbg]
wmhvakbg.dll 2007-11-08 13:14 145984 C:\WINDOWS\system32\wmhvakbg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnlkj.dll


.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 13:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 13:30:38 - machine was rebooted
.
--- E O F ---
et pour finir le rapport hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:54:23, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wmhvakbg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmhvakbg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunOnce: [VundoFix] "F:\\vundofix.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wmhvakbg - C:\WINDOWS\SYSTEM32\wmhvakbg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

merci
Contenus similaires
11 Novembre 2007 14:20:03

Désinstalle Eoreozo et ses amis via ajout/suppression de programmes.

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\ggxudvde.dll
C:\WINDOWS\system32\njhmpjwq.dll
C:\WINDOWS\system32\oiniqpki.dll
C:\WINDOWS\system32\wmhvakbg.dll
C:\WINDOWS\system32\tijaqfdl.dll
C:\WINDOWS\system32\urqnnll.dll
C:\WINDOWS\system32\urqroll.dll
C:\WINDOWS\system32\ssqqnop.dll
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\bxxlaawc.dll

Folder::
C:\Documents and Settings\Administrateur\Application Data\EoRezo
C:\Program Files\EoRezo
E:\Program Files2\eoRezo\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0fd8853-e7ab-4c05-a652-ba9248937d65}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb28c7c5-ce45-4a64-a206-c79d6defbcf6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bc2b3d9b"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnop]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmhvakbg]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
11 Novembre 2007 16:37:13

merci

alors voici le le rapport de combofix apres la manipulation demandé :

ComboFix 07-11-08.1 - Administrateur 2007-11-11 16:10:28.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Mes documents\Bureau\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wmhvakbg.dllbox

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 16:24 <REP> d-------- C:\WINDOWS\LastGood
2007-11-11 15:39 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-11 14:50 <REP> d-------- E:\sonicstage\Nouveau dossier\MSXML 4.0
2007-11-11 13:32 <REP> d----c--- C:\VundoFix Backups
2007-11-11 13:11 282,839 --a--c--- C:\catchme.zip
2007-11-11 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 04:23 2,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 04:21 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 04:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 04:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 04:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 04:21 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 03:49 <REP> d-------- E:\sonicstage\Nouveau dossier\Hijackthis Version Fran‡aise
2007-11-10 19:50 81,472 --a------ C:\WINDOWS\system32\ggxudvde.dll
2007-11-10 19:49 85,056 --a------ C:\WINDOWS\system32\njhmpjwq.dll
2007-11-08 22:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-08 22:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 13:17 80,448 --a------ C:\WINDOWS\system32\oiniqpki.dll
2007-11-08 13:14 145,984 --a------ C:\WINDOWS\system32\tijaqfdl.dll
2007-11-07 23:28 36,352 --a------ C:\WINDOWS\system32\urqnnll.dll
2007-11-07 23:06 36,352 --a------ C:\WINDOWS\system32\urqroll.dll
2007-11-07 22:51 36,352 --a------ C:\WINDOWS\system32\ssqqnop.dll
2007-10-31 20:58 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-28 10:54 <REP> d-------- E:\sonicstage\Nouveau dossier\Java

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 15:27 577,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 15:27 23,469,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-11 15:17 57,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-11 15:17 318,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-11 15:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\EoRezo
2007-11-11 12:54 --------- d-----w E:\sonicstage\Nouveau dossier\Hijackthis Version Française
2007-10-15 20:42 --------- d-----w E:\sonicstage\Nouveau dossier\Windows Live Toolbar
2007-09-23 20:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2007-09-23 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-23 11:17 --------- d-----w E:\sonicstage\Nouveau dossier\MSN Messenger
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_13.27.05.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-04-16 16:11:08 1,051,136 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:15:25 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:15:26 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:15:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:15:45 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
- 2007-04-12 08:11:23 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-11 13:57:10 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-04-12 08:11:23 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-11 13:57:11 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-04-12 08:11:24 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-11 13:57:11 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-04-12 08:11:23 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-11 13:57:10 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-04-12 08:11:24 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-11 13:57:11 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-04-12 08:11:24 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-11 13:57:11 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-04-12 08:11:24 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-11 13:57:11 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-04-12 08:11:24 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-11 13:57:11 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-04-12 08:11:23 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-11 13:57:10 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-04-12 08:11:23 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-11 13:57:10 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-04-12 08:11:24 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-11 13:57:12 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-04-12 08:11:22 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-11 13:57:10 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-04-12 08:11:22 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-11 13:57:09 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-11 13:53:49 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2006-07-05 10:56:38 1,049,088 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:14:18 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2002-12-31 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
- 2002-12-31 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2006-04-29 04:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2002-12-31 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2006-07-05 10:56:38 1,049,088 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2007-04-03 20:48:52 13,511,640 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-27 21:19:40 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2006-11-04 12:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2002-12-31 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2005-10-12 23:15:23 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-08-11 18:14:00 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2006-04-29 04:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-03-09 10:24:03 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-06-12 22:53:14 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-07 22:51 36352 --a------ C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0fd8853-e7ab-4c05-a652-ba9248937d65}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb28c7c5-ce45-4a64-a206-c79d6defbcf6}]
2007-11-08 13:17 80448 --a------ C:\WINDOWS\system32\oiniqpki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-20 17:43]
"SunJavaUpdateSched"="E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 13:02]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-17 15:25]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-04-01 14:04]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"bc2b3d9b"="C:\WINDOWS\system32\bxxlaawc.dll" []
"!AVG Anti-Spyware"="E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 12:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\ssqqnop.dll [2007-11-07 22:51 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnop]
ssqqnop.dll 2007-11-07 22:51 36352 C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll


.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 16:23:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 16:32:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-11 13:30
.
--- E O F ---



VOICI LE POST HIJACKTHIS :


Logfile of HijackThis v1.99.1
Scan saved at 16:35:35, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

merci pour tes reponses
11 Novembre 2007 17:58:57

Tu n'as pas correctement fais le script.
Refais le. Fais bien ce que je t'ai indiqué plus haut.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS