Bonjour,
Voilà je pense avoir le trojan vundo du coup je viens de faire Vundofix dont voici le rapport ainsi qu'un nouveau rapport Hijackthis suite au premier, mais que dois-je faire ensuite ? "Fix checked" mais quelles lignes ??? Merci de votre aide :
Rapport Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 12:49:21 04/02/2008
Listing files found while scanning....
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\windows\system32\aqcbpwcs.dll
C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yugmospl.dll
Beginning removal...
Attempting to delete C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe Has been deleted!
Attempting to delete C:\windows\system32\aqcbpwcs.dll
C:\windows\system32\aqcbpwcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\dpesvnvq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\evtllpvk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iryyqqjo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\iysxvkhf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\jmousdon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\kvplltve.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mdrkkpse.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\mwalbjah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\NexPlayerX.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\obwisewm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qarnkqku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbipuruy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qbqpanmb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\scyprwwa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\slwgucpj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\veydphbm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\xwwbqpko.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yansfgwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yugmospl.dll
C:\WINDOWS\system32\yugmospl.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:46:52 07/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\xyvyvpvk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\gjmfycsx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\lnmoq.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\ooqjlmyc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\roblibcr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyvyvpvk.dll
C:\WINDOWS\system32\xyvyvpvk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:44, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\qomnl.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {143CEC6F-CEA3-478A-BC59-F15D278E1768} - C:\WINDOWS\system32\qomnl.dll (file missing)
O2 - BHO: (no name) - {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} - C:\WINDOWS\system32\aqcbpwcs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: {de8976bf-4444-af88-8fd4-81e9c7b8263a} - {a3628b7c-9e18-4df8-88fa-4444fb6798ed} - C:\WINDOWS\system32\ooqjlmyc.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mlqwpsrw.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=
http://storageprotector.com ad=
http://storageprotector.com sd=
http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [d4fbde05] rundll32.exe "C:\WINDOWS\system32\roblibcr.dll",b
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\StorageProtector\strpmon .exe" dm=
http://storageprotector.com ad=
http://storageprotector.com sd=
http://inspaid.storageprotector.com
O4 - HKLM\..\RunOnce: [CleanUp] CleanUp.exe
O4 - HKLM\..\RunOnce: [SpkrCnfg] DSndUp.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{F0A37~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{F0A37~1\reboot.ini
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\de poortere\Bureau\vundofix.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [speakersettings] regedit /s c:\pnp\audio\speaker_setting.reg
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -
https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: gebxxus - gebxxus.dll (file missing)
O20 - Winlogon Notify: mlqwpsrw - C:\WINDOWS\SYSTEM32\mlqwpsrw.dll
O20 - Winlogon Notify: winblg32 - winblg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qugugrbo.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Afficher la suite
