supprimer security toolbar Résolu

Question

Bonjour,
j'ai eu uen grosse intrusion de virus dans mon ordinateur et suite à cela security toolbar s'est installée sur le pc et je ne saisn pas comment la supprimer , merci de m'aider je poste mon log hijackthis ici 
si vous reperez d'autres anomalies mercu de me prevenir

Logfile of HijackThis v1.99.1 
Scan saved at 03:50:42, on 11/11/2007 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 
 
Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe 
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\system32\wuauclt.exe 
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe 
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe 
E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe 
C:\Program Files\WDC\SetIcon.exe 
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 
C:\Program Files\MessengerPlus! 3\MsgPlus.exe 
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
C:\WINDOWS\system32	askmgr.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe 
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe 
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - Default URLSearchHook is missing 
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll 
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file) 
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wmhvakbg.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll 
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll 
O2 - BHO: (no name) - {C649315D-A1E7-4570-8A42-1878B92E3DC4} - C:\WINDOWS\system32
nlkj.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll 
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmhvakbg.dll 
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe" 
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe 
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe 
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b 
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized 
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temphvqsuwb.exe" 
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" 
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1049.dll,InstantAccess 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe 
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe 
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO 
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1189811315 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL 
O18 - Filter: text/html - (no CLSID) - (no file) 
O20 - AppInit_DLLs: MsgPlusLoader.dll 
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll 
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll 
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll 
O20 - Winlogon Notify: wmhvakbg - C:\WINDOWS\SYSTEM32\wmhvakbg.dll 
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll 
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe 
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe 
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) 
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ecilevnt.exe (file missing) 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

kris6943 · Answer

1.telecharge ComboFix
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

2. Double click sur combofix.exe et suis les indications
3. Quand il aura fini, un rapport va se créer que tu colleras dans ta réponse

PS: certains antivirus le détectent comme un virus aussi il faut désactive provisoirementr l'antivirus dans ce cas là

kris6943 · Answer

j'ai oublié ceci: 

4) puis tu redémarres et tu me refais un log hijackthis

roni0345 · Answer

salut merci de ta reponse

voici le log combofix :

ComboFix 07-11-08.1 - Administrateur 2007-11-11 13:02:42.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Running from: F:\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Mes documents\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Mes documents\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1
C:\Documents and Settings\Administrateur\Mes documents\ECURIT~1\HiJackThis_v2.exe
C:\Documents and Settings\Aharon\Bureau\internet.lnk
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Program Files\Fichiers communs\WinSoftware
C:\UGA6P
C:\WINDOWS\asks~1
C:\WINDOWS\asks~1\?asks\
C:\WINDOWS\system32\dylfiwms.dat
C:\WINDOWS\system32\dylfiwms_nav.dat
C:\WINDOWS\system32\dylfiwms_navps.dat
C:\WINDOWS\system32\jklnn.bak1
C:\WINDOWS\system32\jklnn.bak2
C:\WINDOWS\system32\jklnn.ini
C:\WINDOWS\system32\jklnn.ini2
C:\WINDOWS\system32\jklnn.tmp
C:\WINDOWS\system32\msegcompid.dll
C:\WINDOWS\system32\nnlkj.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\wmhvakbg.dllbox
C:\WINDOWS\system32\xafyxdvj.dat
C:\WINDOWS\system32\xafyxdvj_nav.dat
C:\WINDOWS\system32\xafyxdvj_navps.dat
C:\WINDOWS\tmlpcert2007
E:\sonicstage\Nouveau dossier\BestsellerAntivirus
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\Activate.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\bnlink.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Dat\pv.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\kb.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\Online.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\rm.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Graphics\Support.url
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\LA\lapv.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\settings.ini
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\ASupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\PGupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\UBupdater.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\up.dat
E:\sonicstage\Nouveau dossier\BestsellerAntivirus\Up\updater.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))))))))
.

2007-11-11 13:11 282,839 --a--c--- C:\catchme.zip
2007-11-11 12:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 04:23 2,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 04:21 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 04:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 04:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 04:21 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 04:21 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 03:49 <REP> d-------- E:\sonicstage\Nouveau dossier\Hijackthis Version Fran‡aise
2007-11-10 19:50 81,472 --a------ C:\WINDOWS\system32\ggxudvde.dll
2007-11-10 19:49 85,056 --a------ C:\WINDOWS\system32\njhmpjwq.dll
2007-11-08 22:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-08 22:13 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 13:17 80,448 --a------ C:\WINDOWS\system32\oiniqpki.dll
2007-11-08 13:14 145,984 --a------ C:\WINDOWS\system32\wmhvakbg.dll
2007-11-08 13:14 145,984 --a------ C:\WINDOWS\system32\tijaqfdl.dll
2007-11-07 23:28 36,352 --a------ C:\WINDOWS\system32\urqnnll.dll
2007-11-07 23:06 36,352 --a------ C:\WINDOWS\system32\urqroll.dll
2007-11-07 22:51 36,352 --a------ C:\WINDOWS\system32\ssqqnop.dll
2007-10-31 20:58 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-28 10:54 <REP> d-------- E:\sonicstage\Nouveau dossier\Java

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-11 10:57 --------- d-----w E:\sonicstage\Nouveau dossier\Hijackthis Version Française
2007-11-11 03:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\EoRezo
2007-11-11 03:26 23,423,264 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-11 02:01 575,264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-11 02:01 56,564 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-11 02:01 317,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-15 20:42 --------- d-----w E:\sonicstage\Nouveau dossier\Windows Live Toolbar
2007-09-23 20:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2007-09-23 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-23 11:17 --------- d-----w E:\sonicstage\Nouveau dossier\MSN Messenger
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-07 22:51 36352 --a------ C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0fd8853-e7ab-4c05-a652-ba9248937d65}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-08 13:14 145984 --a------ C:\WINDOWS\system32\wmhvakbg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb28c7c5-ce45-4a64-a206-c79d6defbcf6}]
2007-11-08 13:17 80448 --a------ C:\WINDOWS\system32\oiniqpki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wmhvakbg.dll [2007-11-08 13:14 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-20 17:43]
"SunJavaUpdateSched"="E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 13:02]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-17 15:25]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-04-01 14:04]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"bc2b3d9b"="C:\WINDOWS\system32\bxxlaawc.dll" []
"!AVG Anti-Spyware"="E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 22:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 12:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 18:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\ssqqnop.dll [2007-11-07 22:51 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqnop]
ssqqnop.dll 2007-11-07 22:51 36352 C:\WINDOWS\system32\ssqqnop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmhvakbg]
wmhvakbg.dll 2007-11-08 13:14 145984 C:\WINDOWS\system32\wmhvakbg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnlkj.dll

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 13:25:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 13:30:38 - machine was rebooted
.
--- E O F ---

VOICI MAINTENANT LE RAPPORT HIJACKTHIS :

Logfile of HijackThis v1.99.1
Scan saved at 13:54:23, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wmhvakbg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wmhvakbg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunOnce: [VundoFix] "F:\\vundofix.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wmhvakbg - C:\WINDOWS\SYSTEM32\wmhvakbg.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

merci de tes reponses

kris6943 · Answer

# Télécharge VundoFix.exe http://www.atribune.org/ccount/click.php?id=4

    * Double-clic sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme  te demande de supprimer des fichiers, répondre OUI
    * Lorsque le programme a fini de scanner ton PC, ce dernier doit être arrêté puis redémarré

---

Ma config: dual boot Linux Kubuntu et (hélas...) Windows XP SP2
Vive le logiciel libre

roni0345 · Answer

j'ai fais vundo je crois qu'il a supprimer le fichiers qui geneger security toolbar merci bcp

a bientot

kris6943 · Answer

mets un log hijackthis pour une ultime verification

roni0345 · Answer

je t'envoie le dernier hijackthis effectivement il y a peut etre d'autre souci , nottament suite à tout cela mon internet explorer plante au bout de quelque minute , c'est la version 6.0 peux tu me dire si tu vois quelque chose stp merci


Logfile of HijackThis v1.99.1
Scan saved at 21:17:10, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
E:\sonicstage\Nouveau dossier\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqqnop.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\Program Files2\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: (no name) - {718F6D38-625E-4D2D-B056-368D07A524AA} - C:\WINDOWS\system32\mljgd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a0fd8853-e7ab-4c05-a652-ba9248937d65} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {6fcbfed6-d97c-602a-46a4-54ec5c7c82bb} - {bb28c7c5-ce45-4a64-a206-c79d6defbcf6} - C:\WINDOWS\system32\oiniqpki.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [bc2b3d9b] rundll32.exe "C:\WINDOWS\system32\bxxlaawc.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\sonicstage\Nouveau dossier\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\SONICS~2\NOUVEA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ssqqnop - C:\WINDOWS\SYSTEM32\ssqqnop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\sonicstage\Nouveau dossier\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Contrôle Parental Club Internet (OPTENET_FILTER) - Club Internet - C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe

merci a toi

Supprimer security toolbar

7 réponses

Votre réponse

Discussions similaires

Newsletters