Suppression impossible par vundofix,

doba76 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je suis confronté au virus qomnopq.dll détecté par vundofix mais que ce programme ne peut supprimer.
J'ai essayé également en mode sans échec mais rien à faire vundofix me répond toujours qu'il ne peut pas supprimer ce fichier.
Merci de l'aide que vous pourrez m'apporter.
PS: windowx XP édition familiale.
Configuration: Windows XP
Internet Explorer 7.0

6 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,
    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _____________

    colle le rapport vundofix

    puis le rapport

    virtumondebegone

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _______________

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    a plus
    0
  2. doba76
     
    Re bonsoir,
    Tout d'abord, merci de prendre mon problème en considération.
    Ci-dessous les éléments demandés.
    Je n'ai pas de rapport pour virtumonde car le programme a stoppé et redemarré mon pc !

    **************************************************

    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 19:22:35 05/10/2007

    Listing files found while scanning....

    C:\windows\system32\qomnopq.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\qomnopq.dll
    C:\windows\system32\qomnopq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\qomnopq.dll
    C:\windows\system32\qomnopq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Scan started at 20:56:54 05/10/2007

    Listing files found while scanning....

    C:\windows\system32\qomnopq.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\qomnopq.dll
    C:\windows\system32\qomnopq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\qomnopq.dll
    C:\windows\system32\qomnopq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    ********************************************
    Logfile of HijackThis v1.99.1
    Scan saved at 21:34:32, on 05/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Razer\Habu\razerhid.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Habu\razertra.exe
    C:\Program Files\Razer\Habu\razerofa.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Hijackthis\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E731A69-624E-446A-83DD-84295C1A025E} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\qomnopq.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DFFF1DAC-EE27-4222-935C-09F32ABDF0EF} - C:\WINDOWS\system32\sstqr.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk879YYFR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: khfcdbc - khfcdbc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: DirectX Service (DirectWogp) - Unknown owner - c:\windows\system32\directx.exe (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dbwuesyt.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    ***************************************************************
    ComboFix 07-10-05.3 - HP_Propri‚taire 2007-10-05 21:38:43.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.161 [GMT 2:00]
    Running from: C:\Documents and Settings\HP_Propri‚taire\Mes documents\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\Documents and Settings\Elise\Application Data\FunWebProducts
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MSN Messenger\msimg32.dll
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\blwguopl.ini
    C:\WINDOWS\system32\clupqncu.ini
    C:\WINDOWS\system32\dpxndlhr.dll
    C:\WINDOWS\system32\eyrwewev.dll
    C:\WINDOWS\system32\ijbnyyxl.ini
    C:\WINDOWS\system32\lbnpcprq.exe
    C:\WINDOWS\system32\lnbbqtnr.dll
    C:\WINDOWS\system32\lpougwlb.dll
    C:\WINDOWS\system32\lxyynbji.dll
    C:\WINDOWS\system32\lyjqqwum.dll
    C:\WINDOWS\system32\mqxuoe.dat
    C:\WINDOWS\system32\mqxuoe.exe
    C:\WINDOWS\system32\mqxuoe_nav.dat
    C:\WINDOWS\system32\mqxuoe_navps.dat
    C:\WINDOWS\system32\muwqqjyl.ini
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\qomnopq.dll
    C:\WINDOWS\system32\rhldnxpd.ini
    C:\WINDOWS\system32\rntqbbnl.ini
    C:\WINDOWS\system32\rqtss.bak2
    C:\WINDOWS\system32\rqtss.ini
    C:\WINDOWS\system32\rtslrury.exe
    C:\WINDOWS\system32\sdcflcyk.dll
    C:\WINDOWS\system32\sstqr.dll
    C:\WINDOWS\system32\ubjljrpf.exe
    C:\WINDOWS\system32\ucnqpulc.dll
    C:\WINDOWS\system32\uglmvlyw.exe
    C:\WINDOWS\system32\vewewrye.ini
    C:\WINDOWS\system32\zfsguqrdk.dat
    C:\WINDOWS\system32\zfsguqrdk_nav.dat
    C:\WINDOWS\system32\zfsguqrdk_navps.dat
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_DOMAINSERVICE
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-05 to 2007-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-05 21:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-05 21:26 <REP> d-------- C:\Hijackthis
    2007-10-05 19:03 <REP> d-------- C:\Program Files\CCleaner
    2007-10-05 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-04 21:48 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-10-04 18:08 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2007-10-01 15:36 <REP> d-------- C:\Program Files\Apple Software Update
    2007-09-29 15:20 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP(2).dll
    2007-09-29 15:18 <REP> d-------- C:\Program Files\LogMeIn
    2007-09-27 10:35 <REP> d-------- C:\Program Files\Apple Software Update(2)
    2007-09-25 13:50 <REP> d-------- C:\Documents and Settings\Elise\Application Data\MysteryStudio
    2007-09-20 18:54 <REP> d-------- C:\Documents and Settings\Valentin\Application Data\Windows Desktop Search
    2007-09-20 18:21 <REP> d-------- C:\Documents and Settings\Elise\Application Data\My Games
    2007-09-20 18:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
    2007-09-20 16:55 <REP> d-------- C:\Documents and Settings\Elise\Application Data\Zylom
    2007-09-20 15:08 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-09-20 15:04 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-09-20 15:01 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-09-20 14:59 <REP> d-------- C:\Program Files\Windows Desktop Search
    2007-09-20 14:52 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2007-09-20 14:34 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-09-20 14:34 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-09-20 14:33 <REP> d-------- C:\Program Files\Windows Live
    2007-09-20 14:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-09-18 15:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aliasworlds
    2007-09-15 10:41 <REP> d-------- C:\Program Files\Navilog1
    2007-09-11 10:23 <REP> d-------- C:\Program Files\Delicious 2 Deluxe
    2007-09-10 12:57 81,832 --a------ C:\Documents and Settings\Elise\Application Data\GDIPFONTCACHEV1.DAT
    2007-09-10 12:14 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
    2007-09-10 11:48 <REP> d-------- C:\Documents and Settings\Elise\Application Data\Gaijin Ent

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-05 21:47 --------- d-------- C:\Program Files\MSN Messenger
    2007-10-05 21:40 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-05 15:22 --------- d-------- C:\Program Files\RegClean
    2007-10-04 23:29 --------- d-------- C:\Program Files\QuickTime
    2007-10-04 23:26 --------- d-------- C:\Program Files\Norton Personal Firewall
    2007-10-04 23:26 --------- d-------- C:\Program Files\Norton AntiVirus
    2007-10-04 23:23 --------- d-------- C:\Program Files\MessengerPlus! 3
    2007-10-04 23:21 --------- d-------- C:\Program Files\iTunes
    2007-10-04 20:14 --------- d-------- C:\Program Files\Steam
    2007-10-04 14:59 --------- d-------- C:\Program Files\eMule
    2007-09-25 13:21 --------- d-------- C:\Documents and Settings\Elise\Application Data\AdobeUM
    2007-09-25 12:13 --------- d-------- C:\Program Files\BoontyGames
    2007-09-21 23:43 --------- d-------- C:\Documents and Settings\Valentin\Application Data\Apple Computer
    2007-09-21 23:08 --------- d-------- C:\Program Files\GameSpy Arcade
    2007-09-17 11:50 --------- d-------- C:\Program Files\Zylom Games
    2007-09-16 12:36 --------- d-------- C:\Program Files\EA GAMES
    2007-09-14 19:08 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-10 18:45 --------- d-------- C:\Program Files\World of Warcraft
    2007-09-10 18:43 --------- d-------- C:\Program Files\Mu~Intensity IV
    2007-09-10 15:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\Zylom
    2007-08-31 14:51 --------- d-------- C:\Documents and Settings\Elise\Application Data\Sandlot Games
    2007-08-31 14:51 --------- d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2007-08-31 14:48 --------- dr-h----- C:\Documents and Settings\Elise\Application Data\SecuROM
    2007-08-30 16:41 --------- d-------- C:\Documents and Settings\Elise\Application Data\Apple Computer
    2007-08-29 14:44 --------- d-------- C:\Program Files\Daycare Nightmare
    2007-08-26 13:58 --------- d-------- C:\Program Files\mIRC
    2007-08-22 22:06 --------- d-------- C:\Documents and Settings\Valentin\Application Data\teamspeak2
    2007-08-16 18:39 --------- d-------- C:\Documents and Settings\Valentin\Application Data\dvdcss
    2007-08-15 16:17 580096 --a------ C:\WINDOWS\WLXPGSS.SCR
    2007-08-15 13:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2007-08-13 18:45 --------- d-------- C:\Program Files\IncrediMail
    2007-08-13 18:44 --------- d-------- C:\Program Files\Google
    2007-08-13 18:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-07-09 19:52 86094 --a------ C:\WINDOWS\BPMNT.dll
    2007-07-09 19:52 71749 --a------ C:\WINDOWS\hcextoutput.dll
    2007-07-09 19:52 267845 --a------ C:\WINDOWS\tsc.exe
    2007-07-09 19:52 1163344 --a------ C:\WINDOWS\vsapi32.dll
    2007-07-09 19:39 69689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-07-09 19:39 507904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-07-09 19:39 286720 --a------ C:\WINDOWS\PATCH.EXE
    --------- C:\Program Files\Mes Jeux Téléchargés
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000015-A527-34E7-25C2-03A4E313B2E9}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E731A69-624E-446A-83DD-84295C1A025E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2005-01-01 11:09]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]
    "VTTimer"="VTTimer.exe" []
    "SiSPower"="SiSPower.dll" [2004-09-24 10:49 C:\WINDOWS\system32\SiSPower.dll]
    "ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-02-21 18:12]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 C:\WINDOWS\ALCXMNTR.EXE]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-03-08 15:28]
    "SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 12:57]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-05 21:52]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
    "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]
    "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 12:20]
    "CmUsbSound"="cmcnfgu.cpl" []
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoClose"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcdbc]
    khfcdbc.dll

    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    R3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys
    R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S2 DirectWogp;DirectX Service;c:\windows\system32\directx.exe
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 mdxgthkn;mdxgthkn;\??\C:\DOCUME~1\Valentin\LOCALS~1\Temp\mdxgthkn.sys
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-05 19:00:00 C:\WINDOWS\Tasks\AB314EDC907AC2E4.job"
    "2007-09-29 17:18:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-05 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Elise.job"
    - c:\PROGRA~1\NORTON~1\Navw32.exe
    "2007-10-05 19:23:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-05 21:49:42
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-05 21:53:19 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-05 21:52
    .
    --- E O F ---
    0
  3. doba76
     
    Désolé, je ne suis pas un expert, j'ai retrouvé le rapport virtumonde..; ci -dessous.

    [10/05/2007, 21:55:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Mes documents\VirtumundoBeGone.exe" )
    [10/05/2007, 21:55:56] - Detected System Information:
    [10/05/2007, 21:55:56] - Windows Version: 5.1.2600, Service Pack 2
    [10/05/2007, 21:55:56] - Current Username: HP_Propriétaire (Admin)
    [10/05/2007, 21:55:56] - Windows is in NORMAL mode.
    [10/05/2007, 21:55:56] - Searching for Browser Helper Objects:
    [10/05/2007, 21:55:56] - BHO 1: {00000015-A527-34E7-25C2-03A4E313B2E9} (BHO)
    [10/05/2007, 21:55:56] - ALERT: Found BHO!
    [10/05/2007, 21:55:56] - BHO has no file associated with it.
    [10/05/2007, 21:55:56] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [10/05/2007, 21:55:56] - BHO 3: {7E731A69-624E-446A-83DD-84295C1A025E} ()
    [10/05/2007, 21:55:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 21:55:56] - No filename found. Continuing.
    [10/05/2007, 21:55:56] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [10/05/2007, 21:55:56] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
    [10/05/2007, 21:55:56] - BHO 6: {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} ()
    [10/05/2007, 21:55:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 21:55:56] - No filename found. Continuing.
    [10/05/2007, 21:55:56] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [10/05/2007, 21:55:56] - BHO 8: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
    [10/05/2007, 21:55:56] - Finished Searching Browser Helper Objects
    [10/05/2007, 21:55:56] - *** Detected Bho
    [10/05/2007, 21:55:56] - Trying to remove Bho...
    [10/05/2007, 21:55:57] - Terminating Process: IEXPLORE.EXE
    [10/05/2007, 21:55:57] - Removing HKLM\...\Browser Helper Objects\{00000015-A527-34E7-25C2-03A4E313B2E9}
    [10/05/2007, 21:55:57] - Removing HKCR\CLSID\{00000015-A527-34E7-25C2-03A4E313B2E9}
    [10/05/2007, 21:55:57] - Adding Kill Bit for ActiveX for GUID: {00000015-A527-34E7-25C2-03A4E313B2E9}
    [10/05/2007, 21:55:57] - Searching for Browser Helper Objects:
    [10/05/2007, 21:55:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [10/05/2007, 21:55:57] - BHO 2: {7E731A69-624E-446A-83DD-84295C1A025E} ()
    [10/05/2007, 21:55:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 21:55:57] - No filename found. Continuing.
    [10/05/2007, 21:55:57] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [10/05/2007, 21:55:57] - BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
    [10/05/2007, 21:55:57] - BHO 5: {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} ()
    [10/05/2007, 21:55:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 21:55:57] - No filename found. Continuing.
    [10/05/2007, 21:55:57] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [10/05/2007, 21:55:57] - BHO 7: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
    [10/05/2007, 21:55:57] - Finished Searching Browser Helper Objects
    [10/05/2007, 21:55:57] - Finishing up...
    [10/05/2007, 21:55:57] - A restart is needed.
    [10/05/2007, 21:56:16] - Attempting to Restart via STOP error (Blue Screen!)

    [10/05/2007, 22:17:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Propriétaire\Mes documents\VirtumundoBeGone.exe" )
    [10/05/2007, 22:17:50] - Detected System Information:
    [10/05/2007, 22:17:50] - Windows Version: 5.1.2600, Service Pack 2
    [10/05/2007, 22:17:50] - Current Username: HP_Propriétaire (Admin)
    [10/05/2007, 22:17:50] - Windows is in NORMAL mode.
    [10/05/2007, 22:17:50] - Searching for Browser Helper Objects:
    [10/05/2007, 22:17:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [10/05/2007, 22:17:50] - BHO 2: {7E731A69-624E-446A-83DD-84295C1A025E} ()
    [10/05/2007, 22:17:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 22:17:50] - No filename found. Continuing.
    [10/05/2007, 22:17:50] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [10/05/2007, 22:17:50] - BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
    [10/05/2007, 22:17:50] - BHO 5: {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} ()
    [10/05/2007, 22:17:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/05/2007, 22:17:50] - No filename found. Continuing.
    [10/05/2007, 22:17:50] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [10/05/2007, 22:17:50] - BHO 7: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
    [10/05/2007, 22:17:50] - Finished Searching Browser Helper Objects
    [10/05/2007, 22:17:50] - Finishing up...
    [10/05/2007, 22:17:50] - Nothing found! Exiting...
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle hijackthis svp
    __________
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. doba76
     
    Ci-dessous le rapport hijackthis
    Mon pc est maintenant beaucoup plus rapide...... je pense que ce que tu m'as conseillé a eu des effets bénéfiques.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:47:40, on 05/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Razer\Habu\razerhid.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Razer\Habu\razertra.exe
    C:\Program Files\Razer\Habu\razerofa.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Hijackthis\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E731A69-624E-446A-83DD-84295C1A025E} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
    O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk879YYFR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: khfcdbc - khfcdbc.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: DirectX Service (DirectWogp) - Unknown owner - c:\windows\system32\directx.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt, fix ces lignes avec hijackthis:

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {7E731A69-624E-446A-83DD-84295C1A025E} - (no file)
    O2 - BHO: (no name) - {A67CE00F-D3FD-4F33-B0E6-EADE7F6E8BD2} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

    O20 - Winlogon Notify: khfcdbc - khfcdbc.dll (file missing)

    ___________________

    mets les dernieres version d'adobe reader et java

    https://www.java.com/fr/

    https://get2.adobe.com/reader/otherversions/

    ____________________

    dans démarrer puis PANNEAU DE CONFIGURATION puis AJOUT SUPPRESSION DE PROGRAMME

    cherche quelque chose comme CID et msn plus et desinstalle les si presents
    si tu doit réinstaller msn plus fait le sans les sponsor surtout

    _______________

    utilise aussi pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    _______________

    télécharges et installes :

    kill box
    https://www.bleepingcomputer.com/download/linux/

    aide kill box
    http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

    - Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

    - Double-clic sur fix.reg

    Ouvres killbox
    - Sélectionne "delete on reboot"
    - Clique sur le dossier jaune à droite et sélectionne le fichier :

    C:\windows\system32\qomnopq.dll

    - Clique sur la croix rouge et et blanche
    - Répond yes et laisse redémarrer ton pc.
    N'hésite pas à consulter l'Aide killbox

    Vérifie que le fichier C:\windows\system32\qomnopq.dll n'est plus présent.

    __________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    _____________________

    colle un rapport vundofix pour voir si il reste rien

    ____________________

    télécharger sur le bureau
    Navilog.zip
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    = Double-Clic navilog1.zip
    = Extraire tout sur le bureau
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1

    un rapport : fixnavi.txt dans C : va se creer
    le copier/coller dans ton prochain message.

    ______________________

    recolle hijackthis et dis tes pbs

    a plus
    0