Pc infecté par virtumonde

inconico Messages postés 29 Statut Membre -  
 salwa5 -
bonjour, je viens de m'inscrire sur le site pour trouver des solutions à une infection par virtumonde.j'ai vu des remarques et des commentaires sur ce virus et j'ai essayé de l'erradiquer, avec vundo...etc...mais envain.j'espère donc trouver une solution auprès des surdoués de l'informatique sur ce site.
merci d'avance.
Configuration: Windows XP
Firefox 1.5.0.11

30 réponses

  • 1
  • 2
Résumé de la discussion

La discussion porte sur une infection par Virtumonde (Vundo) sous Windows XP et Firefox, avec des difficultés à éradiquer le malware et la recherche de méthodes efficaces.
Plusieurs participants proposent l'emploi d'HijackThis et de VundoFix pour analyser les entrées système, supprimer des fichiers DLL malveillants et réparer les entrées de registre, puis générer des rapports de scan.
Des logs détaillent des listes de processus et de services à examiner, des chemins DLL à nettoyer, et des étapes de redémarrage, avec des indications sur les fichiers à ajouter ou à exclure.
En parallèle, certains rapports évoquent des éléments comme des DLL manquantes, des tentatives de suppression et des vérifications Java, et montrent des variations entre les journaux de différentes sessions.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    Double-clique VundoFix.exe afin de le lancer
    NE clique PAS sur le bouton Scan for Vundo
    Clique Droit dans la fenêtre blanche, choisis Add more files ?
    Rajoute dans la première ligne :
    C:\WINDOWS\system32\yejagkds.dll
    Dans la deuxième ligne :
    C:\WINDOWS\system32\cijryljx.dll

    Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo

    Si l'outil te demande de redémarrer, accepte.
    Copie/Colle ensuite le rapport C:\vundofix.txt

    Si tu ne trouves pas le 2ème fichier, tu continues.

    remets un nouveau log Hijackthis.
    @+

    1
    1. inconico Messages postés 29 Statut Membre
       
      re,
      ci dessous le rapport:


      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 19:57:45 25/04/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\opnolif.dll
      C:\WINDOWS\system32\qpqss.bak1
      C:\WINDOWS\system32\qpqss.ini2
      C:\WINDOWS\system32\qpqss.tmp
      C:\WINDOWS\system32\ssqpq.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\gebaxvv.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\opnolif.dll
      C:\WINDOWS\system32\opnolif.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.bak1
      C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.ini2
      C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.tmp
      C:\WINDOWS\system32\qpqss.tmp Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpq.dll
      C:\WINDOWS\system32\ssqpq.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\gebaxvv.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpq.dll
      C:\WINDOWS\system32\ssqpq.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 21:50:26 23/05/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\opqss.bak1
      C:\WINDOWS\system32\opqss.bak2
      C:\WINDOWS\system32\opqss.ini
      C:\WINDOWS\system32\opqss.ini2
      C:\WINDOWS\system32\opqss.tmp
      C:\WINDOWS\system32\ssqpo.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\opqss.bak1
      C:\WINDOWS\system32\opqss.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.bak2
      C:\WINDOWS\system32\opqss.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.ini
      C:\WINDOWS\system32\opqss.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.ini2
      C:\WINDOWS\system32\opqss.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.tmp
      C:\WINDOWS\system32\opqss.tmp Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpo.dll
      C:\WINDOWS\system32\ssqpo.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 22:36:10 23/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 07:22:22 25/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 23:31:21 25/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 01:06:48 27/05/2007

      Listing files found while scanning....

      No infected files were found.


      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 15:30:28 27/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\yejagkds.dll
      C:\WINDOWS\system32\yejagkds.dll Has been deleted!

      Performing Repairs to the registry.
      Done!


      et le log hijackthis:

      Logfile of HijackThis v1.99.1
      Scan saved at 22:54:08, on 31/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Télécharge HijackThis ici:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)

    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.

    à+
    0
    1. inconico Messages postés 29 Statut Membre
       
      merci pour les conseils ci joint le rapport j'ai fait 2 fois la manip mais sans résultat avec vundofix:
      Logfile of HijackThis v1.99.1
      Scan saved at 21:59:55, on 24/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Documents and Settings\vundoscan.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {0233D1D6-E00D-4C45-BF14-485759765168} - C:\WINDOWS\system32\yayywwu.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {0C08621B-321A-4AE6-9771-6BF96C9FDA09} - C:\WINDOWS\system32\ssqpo.dll (file missing)
      O2 - BHO: (no name) - {260C7507-52FB-451A-B3D9-42D194BE7ECD} - (no file)
      O2 - BHO: (no name) - {28E44312-08D8-4531-94A1-DB35E891D59B} - C:\WINDOWS\system32\jkkli.dll
      O2 - BHO: (no name) - {2EDB63B7-7432-42B8-B484-B7DE2779F848} - (no file)
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {B817A4B5-E3A1-46AE-9340-5448A8AC3033} - C:\WINDOWS\system32\jkkji.dll (file missing)
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P 2006] Command Conquer 3 Tiberium Wars
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Command Conquer 3 Tiberium Wars Kane Edition
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
      O20 - Winlogon Notify: ddccc - C:\WINDOWS\
      O20 - Winlogon Notify: jkkji - C:\WINDOWS\
      O20 - Winlogon Notify: jkkli - C:\WINDOWS\
      O20 - Winlogon Notify: mljjg - C:\WINDOWS\
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O20 - Winlogon Notify: yayywwu - C:\WINDOWS\SYSTEM32\yayywwu.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je ne vois pas hijackthis.
    @+
    0
  4. inconico Messages postés 29 Statut Membre
     
    re,
    tu ne vois pas hijackthis? tu ne vois pas le rapport?peux tu m'éclairer?
    merci
    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    re,

    OK, je vais être pluus clair,

    donne la référence du post où le helper t'a fait renommer Hgijackthis.exe en vundoscan.exe.

    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      re,
      j'ai recommencé la procédure décrite dans ton premier mail et ci joint le nouveau rapport, jespère que c'est bon,merci
      Logfile of HijackThis v1.99.1
      Scan saved at 22:36:36, on 24/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {0233D1D6-E00D-4C45-BF14-485759765168} - C:\WINDOWS\system32\yayywwu.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {0C08621B-321A-4AE6-9771-6BF96C9FDA09} - C:\WINDOWS\system32\ssqpo.dll (file missing)
      O2 - BHO: (no name) - {260C7507-52FB-451A-B3D9-42D194BE7ECD} - (no file)
      O2 - BHO: (no name) - {28E44312-08D8-4531-94A1-DB35E891D59B} - C:\WINDOWS\system32\jkkli.dll
      O2 - BHO: (no name) - {2EDB63B7-7432-42B8-B484-B7DE2779F848} - (no file)
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {B817A4B5-E3A1-46AE-9340-5448A8AC3033} - C:\WINDOWS\system32\jkkji.dll (file missing)
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P 2006] Command Conquer 3 Tiberium Wars
      O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Command Conquer 3 Tiberium Wars Kane Edition
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
      O20 - Winlogon Notify: ddccc - C:\WINDOWS\
      O20 - Winlogon Notify: jkkji - C:\WINDOWS\
      O20 - Winlogon Notify: jkkli - C:\WINDOWS\
      O20 - Winlogon Notify: mljjg - C:\WINDOWS\
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O20 - Winlogon Notify: yayywwu - C:\WINDOWS\SYSTEM32\yayywwu.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    re,

    dans ton premier log hijackthis, je lis ça :

    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\vundoscan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr


    Je veux que tu me dises qui t'a demandé de renommer Hijackthis.exe en vundoscan.ecxe et la référence (l'url)de ce traitement.

    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      re,
      désolé, mais depuis quelques jours je regarde différent forum et essaye de faire des manips pour me débarrasser de virtumonde.franchement je ne m'en rappel plus.
      a+
      0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    désinstalle Command Conquer 3 Tiberium Wars et FlashGet.

    Je n'ai pas eu le rapport de Vundofix. Mets le dans ta réponse avec un nouveau log Hijackthis.

    @+
    0
  9. inconico Messages postés 29 Statut Membre
     
    bonjour,
    j'ai supprimé command conquer et flasget, puis lancé vundofix, celui-ci n'a rien détecté, ci dessous le rapport,
    merci

    Logfile of HijackThis v1.99.1
    Scan saved at 08:01:41, on 25/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {0233D1D6-E00D-4C45-BF14-485759765168} - C:\WINDOWS\system32\yayywwu.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0C08621B-321A-4AE6-9771-6BF96C9FDA09} - C:\WINDOWS\system32\ssqpo.dll (file missing)
    O2 - BHO: (no name) - {260C7507-52FB-451A-B3D9-42D194BE7ECD} - (no file)
    O2 - BHO: (no name) - {28E44312-08D8-4531-94A1-DB35E891D59B} - C:\WINDOWS\system32\jkkli.dll
    O2 - BHO: (no name) - {2EDB63B7-7432-42B8-B484-B7DE2779F848} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B817A4B5-E3A1-46AE-9340-5448A8AC3033} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P 2006] Command Conquer 3 Tiberium Wars
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Command Conquer 3 Tiberium Wars Kane Edition
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
    O20 - Winlogon Notify: ddccc - C:\WINDOWS\
    O20 - Winlogon Notify: jkkji - C:\WINDOWS\
    O20 - Winlogon Notify: jkkli - C:\WINDOWS\
    O20 - Winlogon Notify: mljjg - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O20 - Winlogon Notify: yayywwu - C:\WINDOWS\SYSTEM32\yayywwu.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    puis lancé vundofix, celui-ci n'a rien détecté

    Où est le rapport ?

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu
    @+
    0
  11. inconico Messages postés 29 Statut Membre
     
    re,merci pour les conseils, je ne sais pas si j'ai bien fait l'analyse avec virtumondobegone,
    voici le rapport

    [05/25/2007, 19:26:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicolas\Bureau\VirtumundoBeGone.exe" )
    [05/25/2007, 19:26:12] - Detected System Information:
    [05/25/2007, 19:26:12] - Windows Version: 5.1.2600, Service Pack 2
    [05/25/2007, 19:26:12] - Current Username: nicolas (Admin)
    [05/25/2007, 19:26:12] - Windows is in NORMAL mode.
    [05/25/2007, 19:26:12] - Searching for Browser Helper Objects:
    [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\yayywwu
    [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\yayywwu - This is probably Virtumundo.
    [05/25/2007, 19:26:12] - Assigning {0233D1D6-E00D-4C45-BF14-485759765168} MSEvents Object
    [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
    [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
    [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\jkkli
    [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\jkkli - This is probably Virtumundo.
    [05/25/2007, 19:26:12] - Assigning {28E44312-08D8-4531-94A1-DB35E891D59B} MSEvents Object
    [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
    [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
    [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
    [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:12] - BHO 6: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:26:12] - BHO 8: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:26:12] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:26:12] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:26:12] - BHO 12: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\jkkji - This is probably Virtumundo.
    [05/25/2007, 19:26:12] - Assigning {B817A4B5-E3A1-46AE-9340-5448A8AC3033} MSEvents Object
    [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
    [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
    [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
    [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:12] - BHO 6: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:12] - No filename found. Continuing.
    [05/25/2007, 19:26:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:26:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:26:13] - BHO 8: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:26:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:13] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:26:13] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:26:13] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:26:13] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:26:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:13] - No filename found. Continuing.
    [05/25/2007, 19:26:13] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:26:13] - BHO 12: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
    [05/25/2007, 19:26:13] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:13] - Finished Searching Browser Helper Objects
    [05/25/2007, 19:26:13] - *** Detected MSEvents Object
    [05/25/2007, 19:26:13] - Trying to remove MSEvents Object...
    [05/25/2007, 19:26:14] - Terminating Process: IEXPLORE.EXE
    [05/25/2007, 19:26:14] - Terminating Process: RUNDLL32.EXE
    [05/25/2007, 19:26:14] - Disabling Automatic Shell Restart
    [05/25/2007, 19:26:14] - Terminating Process: EXPLORER.EXE
    [05/25/2007, 19:26:14] - Suspending the NT Session Manager System Service
    [05/25/2007, 19:26:14] - Terminating Windows NT Logon/Logoff Manager
    [05/25/2007, 19:26:15] - Re-enabling Automatic Shell Restart
    [05/25/2007, 19:26:15] - File to disable: C:\WINDOWS\system32\yayywwu.dll
    [05/25/2007, 19:26:15] - Renaming C:\WINDOWS\system32\yayywwu.dll -> C:\WINDOWS\system32\yayywwu.dll.vir
    [05/25/2007, 19:26:15] - File successfully renamed!
    [05/25/2007, 19:26:15] - Removing HKLM\...\Browser Helper Objects\{0233D1D6-E00D-4C45-BF14-485759765168}
    [05/25/2007, 19:26:15] - Removing HKCR\CLSID\{0233D1D6-E00D-4C45-BF14-485759765168}
    [05/25/2007, 19:26:15] - Adding Kill Bit for ActiveX for GUID: {0233D1D6-E00D-4C45-BF14-485759765168}
    [05/25/2007, 19:26:15] - Deleting ATLEvents/MSEvents Registry entries
    [05/25/2007, 19:26:15] - Removing HKLM\...\Winlogon\Notify\yayywwu
    [05/25/2007, 19:26:15] - Searching for Browser Helper Objects:
    [05/25/2007, 19:26:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:15] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:15] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - No filename found. Continuing.
    [05/25/2007, 19:26:15] - BHO 4: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
    [05/25/2007, 19:26:15] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:15] - BHO 5: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - No filename found. Continuing.
    [05/25/2007, 19:26:15] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:26:15] - BHO 7: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:26:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:26:15] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:15] - No filename found. Continuing.
    [05/25/2007, 19:26:15] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:26:15] - BHO 11: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
    [05/25/2007, 19:26:15] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:15] - Finished Searching Browser Helper Objects
    [05/25/2007, 19:26:15] - *** Detected MSEvents Object
    [05/25/2007, 19:26:15] - Trying to remove MSEvents Object...
    [05/25/2007, 19:26:16] - Terminating Process: IEXPLORE.EXE
    [05/25/2007, 19:26:17] - Terminating Process: RUNDLL32.EXE
    [05/25/2007, 19:26:17] - Disabling Automatic Shell Restart
    [05/25/2007, 19:26:17] - Terminating Process: EXPLORER.EXE
    [05/25/2007, 19:26:17] - Suspending the NT Session Manager System Service
    [05/25/2007, 19:26:17] - Terminating Windows NT Logon/Logoff Manager
    [05/25/2007, 19:26:17] - Re-enabling Automatic Shell Restart
    [05/25/2007, 19:26:17] - File to disable: C:\WINDOWS\system32\jkkli.dll
    [05/25/2007, 19:26:17] - Removing HKLM\...\Browser Helper Objects\{28E44312-08D8-4531-94A1-DB35E891D59B}
    [05/25/2007, 19:26:17] - Removing HKCR\CLSID\{28E44312-08D8-4531-94A1-DB35E891D59B}
    [05/25/2007, 19:26:17] - Adding Kill Bit for ActiveX for GUID: {28E44312-08D8-4531-94A1-DB35E891D59B}
    [05/25/2007, 19:26:17] - Deleting ATLEvents/MSEvents Registry entries
    [05/25/2007, 19:26:17] - Removing HKLM\...\Winlogon\Notify\jkkli
    [05/25/2007, 19:26:17] - Searching for Browser Helper Objects:
    [05/25/2007, 19:26:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:17] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:17] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - No filename found. Continuing.
    [05/25/2007, 19:26:17] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - No filename found. Continuing.
    [05/25/2007, 19:26:17] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:26:17] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:26:17] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:26:17] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:17] - No filename found. Continuing.
    [05/25/2007, 19:26:17] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:26:17] - BHO 10: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
    [05/25/2007, 19:26:17] - ALERT: Found MSEvents Object!
    [05/25/2007, 19:26:17] - Finished Searching Browser Helper Objects
    [05/25/2007, 19:26:17] - *** Detected MSEvents Object
    [05/25/2007, 19:26:17] - Trying to remove MSEvents Object...
    [05/25/2007, 19:26:18] - Terminating Process: IEXPLORE.EXE
    [05/25/2007, 19:26:19] - Terminating Process: RUNDLL32.EXE
    [05/25/2007, 19:26:19] - Disabling Automatic Shell Restart
    [05/25/2007, 19:26:19] - Terminating Process: EXPLORER.EXE
    [05/25/2007, 19:26:19] - Suspending the NT Session Manager System Service
    [05/25/2007, 19:26:19] - Terminating Windows NT Logon/Logoff Manager
    [05/25/2007, 19:26:19] - Re-enabling Automatic Shell Restart
    [05/25/2007, 19:26:19] - File to disable: C:\WINDOWS\system32\jkkji.dll
    [05/25/2007, 19:26:19] - Removing HKLM\...\Browser Helper Objects\{B817A4B5-E3A1-46AE-9340-5448A8AC3033}
    [05/25/2007, 19:26:19] - Removing HKCR\CLSID\{B817A4B5-E3A1-46AE-9340-5448A8AC3033}
    [05/25/2007, 19:26:19] - Adding Kill Bit for ActiveX for GUID: {B817A4B5-E3A1-46AE-9340-5448A8AC3033}
    [05/25/2007, 19:26:19] - Deleting ATLEvents/MSEvents Registry entries
    [05/25/2007, 19:26:19] - Removing HKLM\...\Winlogon\Notify\jkkji
    [05/25/2007, 19:26:19] - Searching for Browser Helper Objects:
    [05/25/2007, 19:26:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:26:19] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:26:19] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - No filename found. Continuing.
    [05/25/2007, 19:26:19] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - No filename found. Continuing.
    [05/25/2007, 19:26:19] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:26:19] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:26:19] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:26:19] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:26:19] - No filename found. Continuing.
    [05/25/2007, 19:26:19] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:26:19] - Finished Searching Browser Helper Objects
    [05/25/2007, 19:26:19] - Finishing up...
    [05/25/2007, 19:26:19] - A restart is needed.
    [05/25/2007, 19:26:28] - Attempting to Restart via STOP error (Blue Screen!)

    [05/25/2007, 19:48:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicolas\Bureau\VirtumundoBeGone.exe" )
    [05/25/2007, 19:48:26] - Detected System Information:
    [05/25/2007, 19:48:26] - Windows Version: 5.1.2600, Service Pack 2
    [05/25/2007, 19:48:26] - Current Username: nicolas (Admin)
    [05/25/2007, 19:48:26] - Windows is in NORMAL mode.
    [05/25/2007, 19:48:26] - Searching for Browser Helper Objects:
    [05/25/2007, 19:48:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/25/2007, 19:48:26] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\ssqpo
    [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
    [05/25/2007, 19:48:26] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - No filename found. Continuing.
    [05/25/2007, 19:48:26] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - No filename found. Continuing.
    [05/25/2007, 19:48:26] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/25/2007, 19:48:26] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\yejagkds
    [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
    [05/25/2007, 19:48:26] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/25/2007, 19:48:26] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/25/2007, 19:48:26] - No filename found. Continuing.
    [05/25/2007, 19:48:26] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [05/25/2007, 19:48:26] - Finished Searching Browser Helper Objects
    [05/25/2007, 19:48:26] - Finishing up...
    [05/25/2007, 19:48:26] - Nothing found! Exiting...

    ainsi que le rapport de hyjackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:58:41, on 25/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0C08621B-321A-4AE6-9771-6BF96C9FDA09} - C:\WINDOWS\system32\ssqpo.dll (file missing)
    O2 - BHO: (no name) - {260C7507-52FB-451A-B3D9-42D194BE7ECD} - (no file)
    O2 - BHO: (no name) - {2EDB63B7-7432-42B8-B484-B7DE2779F848} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P 2006] Command Conquer 3 Tiberium Wars
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Command Conquer 3 Tiberium Wars Kane Edition
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
    O20 - Winlogon Notify: ddccc - C:\WINDOWS\
    O20 - Winlogon Notify: mljjg - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    merci encore
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    relance hijackthis, choisis do a scan only.

    coche la case devant ces lignes :

    O2 - BHO: (no name) - {0C08621B-321A-4AE6-9771-6BF96C9FDA09} - C:\WINDOWS\system32\ssqpo.dll (file missing)
    O2 - BHO: (no name) - {260C7507-52FB-451A-B3D9-42D194BE7ECD} - (no file)
    O2 - BHO: (no name) - {2EDB63B7-7432-42B8-B484-B7DE2779F848} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P 2006] Command Conquer 3 Tiberium Wars
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Command Conquer 3 Tiberium Wars Kane Edition
    O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
    O20 - Winlogon Notify: ddccc - C:\WINDOWS\
    O20 - Winlogon Notify: mljjg - C:\WINDOWS\

    Ferme toutes les fenêtres actives et clique sur fix checked.

    Ferme Hijackthis.

    Relance Vundofix et poste le log.

    remats aussi un log Hijackthis.
    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      re,
      j'ai fixer les cases demandés, j'ai relancé vundofix (rien trouvé) et voici le rapport de hyjackthis:
      merci

      Logfile of HijackThis v1.99.1
      Scan saved at 08:43:49, on 26/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      0
  13. alexplorer
     
    Bonjour, je me glisse vite fait dans la convers...
    Juste que j'ai été infecté par virtumonde ya peu de temps et grace à VirtumundoBegone (lien donné plus haut par lyonnais92) j'ai pu l'eradiquer.
    Voili voilou bon courage.
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Poste le log de Vundofix.

    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      bonjour;


      [05/25/2007, 19:26:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicolas\Bureau\VirtumundoBeGone.exe" )
      [05/25/2007, 19:26:12] - Detected System Information:
      [05/25/2007, 19:26:12] - Windows Version: 5.1.2600, Service Pack 2
      [05/25/2007, 19:26:12] - Current Username: nicolas (Admin)
      [05/25/2007, 19:26:12] - Windows is in NORMAL mode.
      [05/25/2007, 19:26:12] - Searching for Browser Helper Objects:
      [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\yayywwu
      [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\yayywwu - This is probably Virtumundo.
      [05/25/2007, 19:26:12] - Assigning {0233D1D6-E00D-4C45-BF14-485759765168} MSEvents Object
      [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
      [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
      [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\jkkli
      [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\jkkli - This is probably Virtumundo.
      [05/25/2007, 19:26:12] - Assigning {28E44312-08D8-4531-94A1-DB35E891D59B} MSEvents Object
      [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
      [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
      [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
      [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:12] - BHO 6: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:26:12] - BHO 8: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:26:12] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:26:12] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:26:12] - BHO 12: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\jkkji
      [05/25/2007, 19:26:12] - Found: HKLM\...\Winlogon\Notify\jkkji - This is probably Virtumundo.
      [05/25/2007, 19:26:12] - Assigning {B817A4B5-E3A1-46AE-9340-5448A8AC3033} MSEvents Object
      [05/25/2007, 19:26:12] - BHO list has been changed! Starting over...
      [05/25/2007, 19:26:12] - BHO 1: {0233D1D6-E00D-4C45-BF14-485759765168} (MSEvents Object)
      [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:12] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:12] - BHO 3: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:12] - BHO 4: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 5: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
      [05/25/2007, 19:26:12] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:12] - BHO 6: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:12] - No filename found. Continuing.
      [05/25/2007, 19:26:12] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:26:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:26:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:26:13] - BHO 8: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:26:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:13] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:26:13] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:26:13] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:26:13] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:26:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:13] - No filename found. Continuing.
      [05/25/2007, 19:26:13] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:26:13] - BHO 12: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
      [05/25/2007, 19:26:13] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:13] - Finished Searching Browser Helper Objects
      [05/25/2007, 19:26:13] - *** Detected MSEvents Object
      [05/25/2007, 19:26:13] - Trying to remove MSEvents Object...
      [05/25/2007, 19:26:14] - Terminating Process: IEXPLORE.EXE
      [05/25/2007, 19:26:14] - Terminating Process: RUNDLL32.EXE
      [05/25/2007, 19:26:14] - Disabling Automatic Shell Restart
      [05/25/2007, 19:26:14] - Terminating Process: EXPLORER.EXE
      [05/25/2007, 19:26:14] - Suspending the NT Session Manager System Service
      [05/25/2007, 19:26:14] - Terminating Windows NT Logon/Logoff Manager
      [05/25/2007, 19:26:15] - Re-enabling Automatic Shell Restart
      [05/25/2007, 19:26:15] - File to disable: C:\WINDOWS\system32\yayywwu.dll
      [05/25/2007, 19:26:15] - Renaming C:\WINDOWS\system32\yayywwu.dll -> C:\WINDOWS\system32\yayywwu.dll.vir
      [05/25/2007, 19:26:15] - File successfully renamed!
      [05/25/2007, 19:26:15] - Removing HKLM\...\Browser Helper Objects\{0233D1D6-E00D-4C45-BF14-485759765168}
      [05/25/2007, 19:26:15] - Removing HKCR\CLSID\{0233D1D6-E00D-4C45-BF14-485759765168}
      [05/25/2007, 19:26:15] - Adding Kill Bit for ActiveX for GUID: {0233D1D6-E00D-4C45-BF14-485759765168}
      [05/25/2007, 19:26:15] - Deleting ATLEvents/MSEvents Registry entries
      [05/25/2007, 19:26:15] - Removing HKLM\...\Winlogon\Notify\yayywwu
      [05/25/2007, 19:26:15] - Searching for Browser Helper Objects:
      [05/25/2007, 19:26:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:15] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:15] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - No filename found. Continuing.
      [05/25/2007, 19:26:15] - BHO 4: {28E44312-08D8-4531-94A1-DB35E891D59B} (MSEvents Object)
      [05/25/2007, 19:26:15] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:15] - BHO 5: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - No filename found. Continuing.
      [05/25/2007, 19:26:15] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:26:15] - BHO 7: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:26:15] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:26:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:26:15] - BHO 9: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:26:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:15] - No filename found. Continuing.
      [05/25/2007, 19:26:15] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:26:15] - BHO 11: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
      [05/25/2007, 19:26:15] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:15] - Finished Searching Browser Helper Objects
      [05/25/2007, 19:26:15] - *** Detected MSEvents Object
      [05/25/2007, 19:26:15] - Trying to remove MSEvents Object...
      [05/25/2007, 19:26:16] - Terminating Process: IEXPLORE.EXE
      [05/25/2007, 19:26:17] - Terminating Process: RUNDLL32.EXE
      [05/25/2007, 19:26:17] - Disabling Automatic Shell Restart
      [05/25/2007, 19:26:17] - Terminating Process: EXPLORER.EXE
      [05/25/2007, 19:26:17] - Suspending the NT Session Manager System Service
      [05/25/2007, 19:26:17] - Terminating Windows NT Logon/Logoff Manager
      [05/25/2007, 19:26:17] - Re-enabling Automatic Shell Restart
      [05/25/2007, 19:26:17] - File to disable: C:\WINDOWS\system32\jkkli.dll
      [05/25/2007, 19:26:17] - Removing HKLM\...\Browser Helper Objects\{28E44312-08D8-4531-94A1-DB35E891D59B}
      [05/25/2007, 19:26:17] - Removing HKCR\CLSID\{28E44312-08D8-4531-94A1-DB35E891D59B}
      [05/25/2007, 19:26:17] - Adding Kill Bit for ActiveX for GUID: {28E44312-08D8-4531-94A1-DB35E891D59B}
      [05/25/2007, 19:26:17] - Deleting ATLEvents/MSEvents Registry entries
      [05/25/2007, 19:26:17] - Removing HKLM\...\Winlogon\Notify\jkkli
      [05/25/2007, 19:26:17] - Searching for Browser Helper Objects:
      [05/25/2007, 19:26:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:17] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:17] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - No filename found. Continuing.
      [05/25/2007, 19:26:17] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - No filename found. Continuing.
      [05/25/2007, 19:26:17] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:26:17] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:26:17] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:26:17] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:26:17] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:26:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:17] - No filename found. Continuing.
      [05/25/2007, 19:26:17] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:26:17] - BHO 10: {B817A4B5-E3A1-46AE-9340-5448A8AC3033} (MSEvents Object)
      [05/25/2007, 19:26:17] - ALERT: Found MSEvents Object!
      [05/25/2007, 19:26:17] - Finished Searching Browser Helper Objects
      [05/25/2007, 19:26:17] - *** Detected MSEvents Object
      [05/25/2007, 19:26:17] - Trying to remove MSEvents Object...
      [05/25/2007, 19:26:18] - Terminating Process: IEXPLORE.EXE
      [05/25/2007, 19:26:19] - Terminating Process: RUNDLL32.EXE
      [05/25/2007, 19:26:19] - Disabling Automatic Shell Restart
      [05/25/2007, 19:26:19] - Terminating Process: EXPLORER.EXE
      [05/25/2007, 19:26:19] - Suspending the NT Session Manager System Service
      [05/25/2007, 19:26:19] - Terminating Windows NT Logon/Logoff Manager
      [05/25/2007, 19:26:19] - Re-enabling Automatic Shell Restart
      [05/25/2007, 19:26:19] - File to disable: C:\WINDOWS\system32\jkkji.dll
      [05/25/2007, 19:26:19] - Removing HKLM\...\Browser Helper Objects\{B817A4B5-E3A1-46AE-9340-5448A8AC3033}
      [05/25/2007, 19:26:19] - Removing HKCR\CLSID\{B817A4B5-E3A1-46AE-9340-5448A8AC3033}
      [05/25/2007, 19:26:19] - Adding Kill Bit for ActiveX for GUID: {B817A4B5-E3A1-46AE-9340-5448A8AC3033}
      [05/25/2007, 19:26:19] - Deleting ATLEvents/MSEvents Registry entries
      [05/25/2007, 19:26:19] - Removing HKLM\...\Winlogon\Notify\jkkji
      [05/25/2007, 19:26:19] - Searching for Browser Helper Objects:
      [05/25/2007, 19:26:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:26:19] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:26:19] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - No filename found. Continuing.
      [05/25/2007, 19:26:19] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - No filename found. Continuing.
      [05/25/2007, 19:26:19] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:26:19] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:26:19] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:26:19] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:26:19] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:26:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:26:19] - No filename found. Continuing.
      [05/25/2007, 19:26:19] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:26:19] - Finished Searching Browser Helper Objects
      [05/25/2007, 19:26:19] - Finishing up...
      [05/25/2007, 19:26:19] - A restart is needed.
      [05/25/2007, 19:26:28] - Attempting to Restart via STOP error (Blue Screen!)

      [05/25/2007, 19:48:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicolas\Bureau\VirtumundoBeGone.exe" )
      [05/25/2007, 19:48:26] - Detected System Information:
      [05/25/2007, 19:48:26] - Windows Version: 5.1.2600, Service Pack 2
      [05/25/2007, 19:48:26] - Current Username: nicolas (Admin)
      [05/25/2007, 19:48:26] - Windows is in NORMAL mode.
      [05/25/2007, 19:48:26] - Searching for Browser Helper Objects:
      [05/25/2007, 19:48:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
      [05/25/2007, 19:48:26] - BHO 2: {0C08621B-321A-4AE6-9771-6BF96C9FDA09} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\ssqpo
      [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\ssqpo, continuing.
      [05/25/2007, 19:48:26] - BHO 3: {260C7507-52FB-451A-B3D9-42D194BE7ECD} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - No filename found. Continuing.
      [05/25/2007, 19:48:26] - BHO 4: {2EDB63B7-7432-42B8-B484-B7DE2779F848} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - No filename found. Continuing.
      [05/25/2007, 19:48:26] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [05/25/2007, 19:48:26] - BHO 6: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - Checking for HKLM\...\Winlogon\Notify\yejagkds
      [05/25/2007, 19:48:26] - Key not found: HKLM\...\Winlogon\Notify\yejagkds, continuing.
      [05/25/2007, 19:48:26] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [05/25/2007, 19:48:26] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [05/25/2007, 19:48:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [05/25/2007, 19:48:26] - No filename found. Continuing.
      [05/25/2007, 19:48:26] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [05/25/2007, 19:48:26] - Finished Searching Browser Helper Objects
      [05/25/2007, 19:48:26] - Finishing up...
      [05/25/2007, 19:48:26] - Nothing found! Exiting...

      [05/27/2007, 10:58:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicolas\Bureau\VirtumundoBeGone.exe" )
      [05/27/2007, 10:59:10] - User choose NOT to continue. Exiting...


      a+
      0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    is it necessary that I speak english ?

    post 16 Poste le log de Vundofix.
    post 17 VirtumundoBeGone v1.5

    J'attends le post de Vundofix.
    @+

    0
    1. inconico Messages postés 29 Statut Membre
       
      re,

      désolé mais je ne sais pas faire un log de vundofix,
      je fais un scan, mais rien n'est trouvé.
      merci de me réexpliquer..
      0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    1) Regarde si tu as ce fichier : C:\vundofix.txt . Sinon cherche avec la fonction rechercher de Windows.

    Pour le copier-coller, ouvre le avec le bloc-notes (notepad).

    2) Tu ne sembles pas avoir de parefeu (sauf si NOD32 a cette fonction sans qu'elle transparaise dans le log). Ouvre ce lien et télécharge et configure kerio (gratuit même aperès la période d'essai) :

    http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm

    3) Double-clique VundoFix.exe afin de le lancer.

    Fais un clic droit dans la fenêtre blanche et clique "Add more files?"

    Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

    C:\WINDOWS\system32\yejagkds.dll

    Clique sur le bouton "Add File(s)"

    Clique sur le bouton "Close Window".

    Clique à nouveau sur "Remove Vundo"

    Une invite te demandera si tu veux supprimer les fichiers, clique YES

    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

    4) remets un log Hijackthis

    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      bonjour je viens de trouver le fichier que tu voulais:


      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 19:57:45 25/04/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\opnolif.dll
      C:\WINDOWS\system32\qpqss.bak1
      C:\WINDOWS\system32\qpqss.ini2
      C:\WINDOWS\system32\qpqss.tmp
      C:\WINDOWS\system32\ssqpq.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\gebaxvv.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\opnolif.dll
      C:\WINDOWS\system32\opnolif.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.bak1
      C:\WINDOWS\system32\qpqss.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.ini2
      C:\WINDOWS\system32\qpqss.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\qpqss.tmp
      C:\WINDOWS\system32\qpqss.tmp Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpq.dll
      C:\WINDOWS\system32\ssqpq.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\gebaxvv.dll
      C:\WINDOWS\system32\gebaxvv.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpq.dll
      C:\WINDOWS\system32\ssqpq.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 21:50:26 23/05/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\opqss.bak1
      C:\WINDOWS\system32\opqss.bak2
      C:\WINDOWS\system32\opqss.ini
      C:\WINDOWS\system32\opqss.ini2
      C:\WINDOWS\system32\opqss.tmp
      C:\WINDOWS\system32\ssqpo.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\opqss.bak1
      C:\WINDOWS\system32\opqss.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.bak2
      C:\WINDOWS\system32\opqss.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.ini
      C:\WINDOWS\system32\opqss.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.ini2
      C:\WINDOWS\system32\opqss.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\opqss.tmp
      C:\WINDOWS\system32\opqss.tmp Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ssqpo.dll
      C:\WINDOWS\system32\ssqpo.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 22:36:10 23/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 07:22:22 25/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 23:31:21 25/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...

      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 01:06:48 27/05/2007

      Listing files found while scanning....

      No infected files were found.


      VundoFix V6.3.20

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Java version is 1.5.0.11

      Scan started at 15:30:28 27/05/2007

      Listing files found while scanning....

      No infected files were found.


      Beginning removal...
      0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    OK, c'était bien ça.

    remets un log Hijackthis.
    @+
    0
  18. inconico Messages postés 29 Statut Membre
     
    re,
    ci joint le log:

    Logfile of HijackThis v1.99.1
    Scan saved at 08:13:58, on 31/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\yejagkds.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cijryljx.dll",realset
    O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    on va supprimer les vieilles versions de java.

    Démarrer, panneau de configuration, Ajout/suppression de programmes.

    Cherche java Run time environment;

    Supprimmes les vieilles versions ( Java version is 1.4.2.5
    Java version is 1.5.0.6
    Java version is 1.5.0.9
    Java version is 1.5.0.10
    Java version is 1.5.0.11 ).

    redémarre l'ordi et remets un log Hijackthis.
    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      bonjour,
      merci encore pour les manips de nettoyage...
      ci dessous le log:

      Logfile of HijackThis v1.99.1
      Scan saved at 07:50:08, on 01/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\TomTom HOME\TomTomHOME.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      0
    2. inconico Messages postés 29 Statut Membre
       
      bonjour
      je permets de te relancer pour savoir si le log que j'ai envoyé a bien été recu
      merci d'avance
      0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    désolé de t'avoir un peu zappé, mais ton log est propre et je suis un peu bousculé.

    par contre, tu n'as pas de parefeu. Ouvre ce lien télécharge et configure Kerio

    http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm

    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      bonsoir

      merci pour toutes les manips et conseils
      0
  21. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    de rien, par contre, j'aimerai bien avoir un log Hijackthis avec Kerio;
    @+
    0
    1. inconico Messages postés 29 Statut Membre
       
      bonjour,

      ci dessous le log demandé:

      Logfile of HijackThis v1.99.1
      Scan saved at 07:14:07, on 06/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTSvcCDA.EXE
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\AGEIA Technologies\TrayIcon.exe
      C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
      O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [Anti-Blaxx Manager] :C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
      O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: hp psc 1000 series.lnk = ?
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      0
  • 1
  • 2