Probleme de trojan et adware

Résolu
mimi65800 -  
 mimi65800 -
bonjour, il y a quelques jours en copiant une clé de série j'ai attrapé un virus un trojan cheval de troie il était impossoble de le mettre en quarantaien un logiciel s'est téléchargé le win pro 2006 un truc comme ca et je me suis rendue compte très vite que c'était pas bon donc j'ai mis en route un scan en ligne le bitdefender qui m'a désinfecté 3 virus puis j'ai fait un scan au démarrage de avast qui m'a enlevé aussi 2 et par la suite the cleaner puis plus rien après j'ai mis le adaware qui m'a supprimé des objets critiques.
Depuis je sublis des attaques de trojan ver et de suite après adware comme si ils était liés quelle poisse à première vue c'est un générateur puisque c'est marqué win32.trojan.gen
par contre avast les met directement en quarantaine sans aucun problème quel élevage je vais faire donc je peux m'en débarrasser complètement pour éviter le formatage et surtout pour enlever aussi les fenetres intempestives qui sont vraiment énervantes merci car je suis novice dans ce domaine et je n'y comprend pas grand chose car cela fait que 6 mois que j'ai l'ordi sinon comme anti virus j'ai avast et avg antispyware. merci
Configuration: Windows XP
Internet Explorer 6.0

28 réponses

  • 1
  • 2
  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    * Télécharge Blacklight
    https://europe.f-secure.com/exclude/blacklight/index.shtml
    (de F-Secure)
    (le premier de la page)

    Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
    Double-clique blbeta.exe et accepte la licence;
    clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
    sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse.
    NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
    car des fichiers légitimes peuvent être présents, tel wbemtest.exe
    0
    1. mimi65800
       
      02/21/07 15:56:46 [Info]: BlackLight Engine 1.0.55 initialized
      02/21/07 15:56:46 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      02/21/07 15:56:47 [Note]: 7019 4
      02/21/07 15:56:47 [Note]: 7005 0
      02/21/07 15:56:51 [Note]: 7006 0
      02/21/07 15:56:51 [Note]: 7011 2028
      02/21/07 15:56:51 [Note]: 7026 0
      02/21/07 15:56:51 [Note]: 7026 0
      02/21/07 15:57:07 [Note]: FSRAW library version 1.7.1021
      02/21/07 15:59:42 [Note]: 2000 1012
      02/21/07 15:59:42 [Note]: 2000 1012
      02/21/07 15:59:42 [Note]: 2000 1012
      02/21/07 16:02:23 [Note]: 7007 0
      02/21/07 16:02:48 [Info]: BlackLight Engine 1.0.55 initialized
      02/21/07 16:02:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      02/21/07 16:02:48 [Note]: 7019 4
      02/21/07 16:02:48 [Note]: 7005 0
      02/21/07 16:02:54 [Note]: 7007 0
      0
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    * Télécharge HijackThis et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
    1. mimi65800
       
      Logfile of HijackThis v1.99.1
      Scan saved at 17:28:55, on 21/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\cbxvsrq.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {98518E7B-F257-436F-A6C4-5DC1DB4D834E} - C:\WINDOWS\system32\efcya.dll
      O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\gagperep.dll
      O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      O4 - HKLM\..\Run: [thjfboi.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MIMI\Local Settings\Application Data\thjfboi.dll",hjhjlmc
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
      O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: cbxvsrq - C:\WINDOWS\SYSTEM32\cbxvsrq.dll
      O20 - Winlogon Notify: efcya - C:\WINDOWS\system32\efcya.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: winjrp32 - C:\WINDOWS\SYSTEM32\winjrp32.dll
      O20 - Winlogon Notify: xxwww - C:\WINDOWS\system32\xxwww.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

      je vous transmet le rapport merci de votre aide
      0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ok merci

    * Télécharge VundoFix.exe (par Atribune) sur ton Bureau

    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer

    * Clique sur le bouton Scan for Vundo

    * Lorsque le scan est complété, clique sur le bouton Remove Vundo

    * Une invite te demandera si tu veux supprimer les fichiers, clique YES

    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    0
    1. mimi65800
       
      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.7

      Scan started at 20:22:20 21/02/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\aycfe.bak1
      C:\WINDOWS\system32\aycfe.bak2
      C:\WINDOWS\system32\aycfe.ini
      C:\WINDOWS\system32\aydarxkm.dll
      C:\WINDOWS\system32\efcya.dll
      C:\WINDOWS\system32\gagperep.dll
      C:\WINDOWS\system32\viinamnl.dll
      C:\WINDOWS\system32\xxwww.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\aycfe.bak1
      C:\WINDOWS\system32\aycfe.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\aycfe.bak2
      C:\WINDOWS\system32\aycfe.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\aycfe.ini
      C:\WINDOWS\system32\aycfe.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\aydarxkm.dll
      C:\WINDOWS\system32\aydarxkm.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\efcya.dll
      C:\WINDOWS\system32\efcya.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\gagperep.dll
      C:\WINDOWS\system32\gagperep.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\viinamnl.dll
      C:\WINDOWS\system32\viinamnl.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\xxwww.dll
      C:\WINDOWS\system32\xxwww.dll Has been deleted!

      Performing Repairs to the registry.
      Done!
      Logfile of HijackThis v1.99.1
      Scan saved at 20:41:58, on 21/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\cbxvsrq.dll
      O2 - BHO: (no name) - {73676373-AAC9-465B-816E-181215A6ABF0} - C:\WINDOWS\system32\rqomn.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {98518E7B-F257-436F-A6C4-5DC1DB4D834E} - C:\WINDOWS\system32\efcya.dll (file missing)
      O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\gagperep.dll (file missing)
      O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      O4 - HKLM\..\Run: [thjfboi.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MIMI\Local Settings\Application Data\thjfboi.dll",hjhjlmc
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
      O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: cbxvsrq - C:\WINDOWS\SYSTEM32\cbxvsrq.dll
      O20 - Winlogon Notify: rqomn - C:\WINDOWS\system32\rqomn.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: winjrp32 - C:\WINDOWS\SYSTEM32\winjrp32.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

      voivi le rapport de vundo et celui de hijackthis merci de votre aide
      0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    Telecharge: Pocket Killbox
    http://www.downloads.subratam.org/killBox.exe

    puis

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\cbxvsrq.dll
    C:\WINDOWS\system32\rqomn.dll
    C:\WINDOWS\SYSTEM32\winjrp32.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix,

    puis

    * lance hijackthis pour un "scan seulement" et coche ces lignes :

    O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\cbxvsrq.dll
    O2 - BHO: (no name) - {73676373-AAC9-465B-816E-181215A6ABF0} - C:\WINDOWS\system32\rqomn.dll
    02 - BHO: (no name) - {98518E7B-F257-436F-A6C4-5DC1DB4D834E} - C:\WINDOWS\system32\efcya.dll (file missing)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\gagperep.dll (file missing)
    O4 - HKLM\..\Run: [thjfboi.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\MIMI\Local Settings\Application Data\thjfboi.dll",hjhjlmc
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O20 - Winlogon Notify: cbxvsrq - C:\WINDOWS\SYSTEM32\cbxvsrq.dll
    O20 - Winlogon Notify: rqomn - C:\WINDOWS\system32\rqomn.dll
    O20 - Winlogon Notify: winjrp32 - C:\WINDOWS\SYSTEM32\winjrp32.dll

    * toutes fenêtres fermées y compris internet explorer, clique sur "fixer objet"

    puis

    1- Double-clic sur KillBox.exe
    2- Selectionne "Delete on Reboot"
    3 - Dans "Full Path of File to Delete"
    copie et colle:

    C:\Documents and Settings\MIMI\Local Settings\Application Data\thjfboi.dll

    5- clic sur le rond rouge
    6- une fenetre va apparaitre pour confirmation clic sur OUI
    7- une seconde fenetre te demande si tu veux redemarrer clic sur OUI

    poste le rapport de vundo, ainsi qu'un nouveau rapport hijackthis

    0
    1. mimi65800
       
      petit problème avec killbox , la page est introuvable j'ai essayé avec le lien qu'ils donnent mais ca marche pas non plus
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ici

    http://www.downloads.subratam.org/KillBox.exe

    0
  7. mimi65800
     
    je vous pos
    Beginning removal...

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rqomn.dll
    C:\WINDOWS\system32\rqomn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\winjrp32.dll
    C:\WINDOWS\SYSTEM32\winjrp32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    te le rapport de vundo
    je continue donc ce que vous avez demandé
    0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    OK, j'attends la suite
    0
  9. mimi65800
     
    je n'ai pas toutes les lignes que vous m'avez envoyer les lignes qui sont à cocher
    0
  10. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Quelles sont celles que tu n'as pas.
    0
  11. mimi65800
     
    voici le
    Beginning removal...

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rqomn.dll
    C:\WINDOWS\system32\rqomn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\winjrp32.dll
    C:\WINDOWS\SYSTEM32\winjrp32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 22:25:24 21/02/2007

    Listing files found while scanning....

    rapport de vundoLogfile of HijackThis v1.99.1
    Scan saved at 22:29:39, on 21/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - C:\WINDOWS\system32\oppnk.dll
    O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\cbxvsrq.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: cbxvsrq - C:\WINDOWS\SYSTEM32\cbxvsrq.dll
    O20 - Winlogon Notify: oppnk - C:\WINDOWS\system32\oppnk.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    il y en a encore

    * Double-clique VundoFix.exe afin de le lancer

    * Clique sur le bouton Scan for Vundo

    * Lorsque le scan est complété, clique sur le bouton Remove Vundo

    * Une invite te demandera si tu veux supprimer les fichiers, clique YES

    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    ainsi qu'un nouveau rapport Hijackthis
    (je serais absente demain)
    0
    1. mimi65800
       
      Beginning removal...

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\rqomn.dll
      C:\WINDOWS\system32\rqomn.dll Has been deleted!

      Attempting to delete C:\WINDOWS\SYSTEM32\winjrp32.dll
      C:\WINDOWS\SYSTEM32\winjrp32.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.7

      Scan started at 22:25:24 21/02/2007

      Listing files found while scanning....


      VundoFix V6.3.9

      Checking Java version...

      Java version is 1.5.0.7

      Scan started at 08:22:57 22/02/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\foywgnms.dll
      C:\WINDOWS\system32\knppo.bak1
      C:\WINDOWS\system32\knppo.ini
      C:\WINDOWS\system32\lilhdvlr.dll
      C:\WINDOWS\system32\oppnk.dll
      C:\WINDOWS\system32\qktqcmfo.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\foywgnms.dll
      C:\WINDOWS\system32\foywgnms.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\knppo.bak1
      C:\WINDOWS\system32\knppo.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\knppo.ini
      C:\WINDOWS\system32\knppo.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\lilhdvlr.dll
      C:\WINDOWS\system32\lilhdvlr.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\oppnk.dll
      C:\WINDOWS\system32\oppnk.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qktqcmfo.dll
      C:\WINDOWS\system32\qktqcmfo.dll Has been deleted!

      Performing Repairs to the registry.
      Done!
      Logfile of HijackThis v1.99.1
      Scan saved at 08:53:03, on 22/02/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\MSI\Live Update 3\LMonitor.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
      C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
      C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - C:\WINDOWS\system32\oppnk.dll (file missing)
      O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\cbxvsrq.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {A8E964EE-38C5-4338-863E-EA88C6D69465} - C:\WINDOWS\system32\nnllm.dll
      O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oidpxmnq.dll
      O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
      O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
      O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
      O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: cbxvsrq - C:\WINDOWS\SYSTEM32\cbxvsrq.dll
      O20 - Winlogon Notify: nnllm - C:\WINDOWS\system32\nnllm.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

      et voila les 2 rapports que tu m'as demandé
      0
  13. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    il n'y a visiblement pas que vundo
    * Télécharge VirtumundoBeGone sur ton bureau .
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    * double-clic sur VirtumundoBeGone.exe

    * Suis les instructions à l'écran

    * Quand le scan est terminé, enregistre le rapport.

    * Copie/Colle le ici

    (je serais absente aujourd'hui)
    0
  14. mimi65800
     
    [02/22/2007, 11:06:28] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MIMI\Bureau\VirtumundoBeGone.exe" )
    [02/22/2007, 11:06:36] - Detected System Information:
    [02/22/2007, 11:06:36] - Windows Version: 5.1.2600, Service Pack 2
    [02/22/2007, 11:06:36] - Current Username: MIMI (Admin)
    [02/22/2007, 11:06:36] - Windows is in NORMAL mode.
    [02/22/2007, 11:06:36] - Searching for Browser Helper Objects:
    [02/22/2007, 11:06:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/22/2007, 11:06:36] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
    [02/22/2007, 11:06:36] - BHO 3: {55892248-95D3-45DA-A818-453B0DD9FAE1} ()
    [02/22/2007, 11:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:36] - No filename found. Continuing.
    [02/22/2007, 11:06:36] - BHO 4: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} ()
    [02/22/2007, 11:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:37] - Checking for HKLM\...\Winlogon\Notify\cbxvsrq
    [02/22/2007, 11:06:37] - Found: HKLM\...\Winlogon\Notify\cbxvsrq - This is probably Virtumundo.
    [02/22/2007, 11:06:37] - Assigning {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} MSEvents Object
    [02/22/2007, 11:06:37] - BHO list has been changed! Starting over...
    [02/22/2007, 11:06:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/22/2007, 11:06:37] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
    [02/22/2007, 11:06:37] - BHO 3: {55892248-95D3-45DA-A818-453B0DD9FAE1} ()
    [02/22/2007, 11:06:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:37] - No filename found. Continuing.
    [02/22/2007, 11:06:37] - BHO 4: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object)
    [02/22/2007, 11:06:37] - ALERT: Found MSEvents Object!
    [02/22/2007, 11:06:37] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/22/2007, 11:06:37] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [02/22/2007, 11:06:37] - BHO 7: {A8E964EE-38C5-4338-863E-EA88C6D69465} ()
    [02/22/2007, 11:06:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:37] - Checking for HKLM\...\Winlogon\Notify\nnllm
    [02/22/2007, 11:06:37] - Found: HKLM\...\Winlogon\Notify\nnllm - This is probably Virtumundo.
    [02/22/2007, 11:06:37] - Assigning {A8E964EE-38C5-4338-863E-EA88C6D69465} MSEvents Object
    [02/22/2007, 11:06:37] - BHO list has been changed! Starting over...
    [02/22/2007, 11:06:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/22/2007, 11:06:37] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
    [02/22/2007, 11:06:37] - BHO 3: {55892248-95D3-45DA-A818-453B0DD9FAE1} ()
    [02/22/2007, 11:06:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:37] - No filename found. Continuing.
    [02/22/2007, 11:06:37] - BHO 4: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object)
    [02/22/2007, 11:06:37] - ALERT: Found MSEvents Object!
    [02/22/2007, 11:06:37] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/22/2007, 11:06:37] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [02/22/2007, 11:06:37] - BHO 7: {A8E964EE-38C5-4338-863E-EA88C6D69465} (MSEvents Object)
    [02/22/2007, 11:06:37] - ALERT: Found MSEvents Object!
    [02/22/2007, 11:06:37] - BHO 8: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
    [02/22/2007, 11:06:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:37] - Checking for HKLM\...\Winlogon\Notify\oidpxmnq
    [02/22/2007, 11:06:37] - Key not found: HKLM\...\Winlogon\Notify\oidpxmnq, continuing.
    [02/22/2007, 11:06:37] - Finished Searching Browser Helper Objects
    [02/22/2007, 11:06:38] - *** Detected MSEvents Object
    [02/22/2007, 11:06:38] - Trying to remove MSEvents Object...
    [02/22/2007, 11:06:39] - Terminating Process: IEXPLORE.EXE
    [02/22/2007, 11:06:39] - Terminating Process: RUNDLL32.EXE
    [02/22/2007, 11:06:40] - Disabling Automatic Shell Restart
    [02/22/2007, 11:06:40] - Terminating Process: EXPLORER.EXE
    [02/22/2007, 11:06:40] - Suspending the NT Session Manager System Service
    [02/22/2007, 11:06:40] - Terminating Windows NT Logon/Logoff Manager
    [02/22/2007, 11:06:41] - Re-enabling Automatic Shell Restart
    [02/22/2007, 11:06:41] - File to disable: C:\WINDOWS\system32\cbxvsrq.dll
    [02/22/2007, 11:06:41] - Renaming C:\WINDOWS\system32\cbxvsrq.dll -> C:\WINDOWS\system32\cbxvsrq.dll.vir
    [02/22/2007, 11:06:41] - File successfully renamed!
    [02/22/2007, 11:06:41] - Removing HKLM\...\Browser Helper Objects\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
    [02/22/2007, 11:06:41] - Removing HKCR\CLSID\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
    [02/22/2007, 11:06:41] - Adding Kill Bit for ActiveX for GUID: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
    [02/22/2007, 11:06:41] - Deleting ATLEvents/MSEvents Registry entries
    [02/22/2007, 11:06:41] - Removing HKLM\...\Winlogon\Notify\cbxvsrq
    [02/22/2007, 11:06:42] - Searching for Browser Helper Objects:
    [02/22/2007, 11:06:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/22/2007, 11:06:42] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
    [02/22/2007, 11:06:42] - BHO 3: {55892248-95D3-45DA-A818-453B0DD9FAE1} ()
    [02/22/2007, 11:06:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:42] - No filename found. Continuing.
    [02/22/2007, 11:06:42] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/22/2007, 11:06:42] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [02/22/2007, 11:06:42] - BHO 6: {A8E964EE-38C5-4338-863E-EA88C6D69465} (MSEvents Object)
    [02/22/2007, 11:06:42] - ALERT: Found MSEvents Object!
    [02/22/2007, 11:06:42] - BHO 7: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
    [02/22/2007, 11:06:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:42] - Checking for HKLM\...\Winlogon\Notify\oidpxmnq
    [02/22/2007, 11:06:42] - Key not found: HKLM\...\Winlogon\Notify\oidpxmnq, continuing.
    [02/22/2007, 11:06:42] - Finished Searching Browser Helper Objects
    [02/22/2007, 11:06:42] - *** Detected MSEvents Object
    [02/22/2007, 11:06:42] - Trying to remove MSEvents Object...
    [02/22/2007, 11:06:43] - Terminating Process: IEXPLORE.EXE
    [02/22/2007, 11:06:43] - Terminating Process: RUNDLL32.EXE
    [02/22/2007, 11:06:43] - Disabling Automatic Shell Restart
    [02/22/2007, 11:06:43] - Terminating Process: EXPLORER.EXE
    [02/22/2007, 11:06:43] - Suspending the NT Session Manager System Service
    [02/22/2007, 11:06:43] - Terminating Windows NT Logon/Logoff Manager
    [02/22/2007, 11:06:44] - Re-enabling Automatic Shell Restart
    [02/22/2007, 11:06:44] - File to disable: C:\WINDOWS\system32\nnllm.dll
    [02/22/2007, 11:06:44] - Renaming C:\WINDOWS\system32\nnllm.dll -> C:\WINDOWS\system32\nnllm.dll.vir
    [02/22/2007, 11:06:44] - File successfully renamed!
    [02/22/2007, 11:06:44] - Removing HKLM\...\Browser Helper Objects\{A8E964EE-38C5-4338-863E-EA88C6D69465}
    [02/22/2007, 11:06:44] - Removing HKCR\CLSID\{A8E964EE-38C5-4338-863E-EA88C6D69465}
    [02/22/2007, 11:06:44] - Adding Kill Bit for ActiveX for GUID: {A8E964EE-38C5-4338-863E-EA88C6D69465}
    [02/22/2007, 11:06:44] - Deleting ATLEvents/MSEvents Registry entries
    [02/22/2007, 11:06:44] - Removing HKLM\...\Winlogon\Notify\nnllm
    [02/22/2007, 11:06:44] - Searching for Browser Helper Objects:
    [02/22/2007, 11:06:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [02/22/2007, 11:06:44] - BHO 2: {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
    [02/22/2007, 11:06:44] - BHO 3: {55892248-95D3-45DA-A818-453B0DD9FAE1} ()
    [02/22/2007, 11:06:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:44] - No filename found. Continuing.
    [02/22/2007, 11:06:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [02/22/2007, 11:06:44] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [02/22/2007, 11:06:44] - BHO 6: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
    [02/22/2007, 11:06:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [02/22/2007, 11:06:44] - Checking for HKLM\...\Winlogon\Notify\oidpxmnq
    [02/22/2007, 11:06:44] - Key not found: HKLM\...\Winlogon\Notify\oidpxmnq, continuing.
    [02/22/2007, 11:06:44] - Finished Searching Browser Helper Objects
    [02/22/2007, 11:06:44] - Finishing up...
    [02/22/2007, 11:06:44] - A restart is needed.
    [02/22/2007, 11:06:44] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
    [02/22/2007, 11:06:53] - Attempting to Restart via STOP error (Blue Screen!)

    [02/22/2007, 11:11:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MIMI\Bureau\VirtumundoBeGone.exe" )
    [02/22/2007, 11:11:36] - User choose NOT to continue. Exiting...
    voici ce qui a été notifié par viturmundo
    0
  15. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    merci

    reposte un nouveau rapport hijackthis stp
    0
  16. mimi65800
     
    Logfile of HijackThis v1.99.1
    Scan saved at 11:44:52, on 22/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oidpxmnq.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    et voila je te poste ce rapport comme convenu
    0
  17. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    RE

    avant de partir

    * Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\oidpxmnq.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

    puis

    lance hijackthis et coche et fixe
    O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - (no file)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oidpxmnq.dll (qui devrait être no file en principe)

    reposte un nouveau rapport + celui de vundo stp.
    0
  18. piston
     
    Beginning removal...

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rqomn.dll
    C:\WINDOWS\system32\rqomn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\winjrp32.dll
    C:\WINDOWS\SYSTEM32\winjrp32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 22:25:24 21/02/2007

    Listing files found while scanning....

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 08:22:57 22/02/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\foywgnms.dll
    C:\WINDOWS\system32\knppo.bak1
    C:\WINDOWS\system32\knppo.ini
    C:\WINDOWS\system32\lilhdvlr.dll
    C:\WINDOWS\system32\oppnk.dll
    C:\WINDOWS\system32\qktqcmfo.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\foywgnms.dll
    C:\WINDOWS\system32\foywgnms.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knppo.bak1
    C:\WINDOWS\system32\knppo.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knppo.ini
    C:\WINDOWS\system32\knppo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lilhdvlr.dll
    C:\WINDOWS\system32\lilhdvlr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oppnk.dll
    C:\WINDOWS\system32\oppnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qktqcmfo.dll
    C:\WINDOWS\system32\qktqcmfo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\oidpxmnq.dll
    C:\WINDOWS\system32\oidpxmnq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!Logfile of HijackThis v1.99.1
    Scan saved at 15:17:20, on 22/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oidpxmnq.dll (file missing)
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    voila je te poste le vundo et le rapport hijackthis
    0
  19. mimi65800
     
    Logfile of HijackThis v1.99.1
    Scan saved at 15:22:51, on 22/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    voila le deuxième rapport demandé après avoir coché les deux lignes demandées
    Beginning removal...

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\rqomn.dll
    C:\WINDOWS\system32\rqomn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\SYSTEM32\winjrp32.dll
    C:\WINDOWS\SYSTEM32\winjrp32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 22:25:24 21/02/2007

    Listing files found while scanning....

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 08:22:57 22/02/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\foywgnms.dll
    C:\WINDOWS\system32\knppo.bak1
    C:\WINDOWS\system32\knppo.ini
    C:\WINDOWS\system32\lilhdvlr.dll
    C:\WINDOWS\system32\oppnk.dll
    C:\WINDOWS\system32\qktqcmfo.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\foywgnms.dll
    C:\WINDOWS\system32\foywgnms.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knppo.bak1
    C:\WINDOWS\system32\knppo.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\knppo.ini
    C:\WINDOWS\system32\knppo.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lilhdvlr.dll
    C:\WINDOWS\system32\lilhdvlr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oppnk.dll
    C:\WINDOWS\system32\oppnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qktqcmfo.dll
    C:\WINDOWS\system32\qktqcmfo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\oidpxmnq.dll
    C:\WINDOWS\system32\oidpxmnq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.9

    Checking Java version...

    Java version is 1.5.0.7

    Scan started at 15:24:15 22/02/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\vgjiqsvg.dll
    voici l'autre rapport de vundo le logiciel de vundo me demande remove vundo car il apparait dans la fenetre c:\\windows\system32\vgjiqsvg.dll
    0
  20. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    lance hijackthis coche et fixe :

    O2 - BHO: (no name) - {55892248-95D3-45DA-A818-453B0DD9FAE1} - (no file)
    O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\oidpxmnq.dll (file missing)

    voilà, j'espère qu'on en a vu le bout....lol
    peux tu faire un scan avec AVG et poster le rapport stp
    0
  • 1
  • 2