(Virus) - "csrss.exe" mon PC rame

bonsoir tu es pas mal infecter commence par telecharger

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
decompresse le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp

a+++

Merci pour votre réactivité et votre aide.

J'ai téléchargé Smitfraudfix puis je l'ai décompréssé, mais quand je clique sur Smitfraudfix.cmd, une fenêtre noire s'ouvre et disparaît rapidement, puis plus rien. Que dois-je faire ?

Merci

ce n'est pas grave
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer.
Coche Run VundoFix as a task.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton Scan for Vundo.

Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

a++

Bonjour,

Merci encore pour ton aide.

J'ai fait l'action demandée sur Vundofix. Ci-joint le rapport + un nouveau rapport Hijack this.

Mon problème est toujours le même :

- Les processus "cvchost.exe", "winlogon" et csrss.exe" tourne en fond sur mon ordi de manière anormale (il prennent 100% de l'UC). Je parviens à utiliser mon PC 30 min en supprimant les processus ou les mettant en basse priorité.
- Lorsque j'ouvre Internet sur Firefox, un message d'erreur apparait (je peux quand même naviguer sur Internet, mais lentement)
- Je n'ai plus accès à l'explorateur windows, ni au panneau de configuration (ni par mes raccourci, ni par le menu

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 22:35:24 07/01/2007

Listing files found while scanning....

C:\WINDOWS\System32\jkkjk.dll
C:\WINDOWS\System32\kjkkj.ini
C:\WINDOWS\System32\kjkkj.bak1
C:\WINDOWS\System32\kjkkj.bak2
C:\WINDOWS\System32\kjkkj.ini2
C:\WINDOWS\System32\kjkkj.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\System32\jkkjk.dll
C:\WINDOWS\System32\jkkjk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\kjkkj.ini
C:\WINDOWS\System32\kjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.bak1
C:\WINDOWS\System32\kjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.bak2
C:\WINDOWS\System32\kjkkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.ini2
C:\WINDOWS\System32\kjkkj.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.tmp
C:\WINDOWS\System32\kjkkj.tmp Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\jkkjk.dll
C:\WINDOWS\System32\jkkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.ini
C:\WINDOWS\System32\kjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\kjkkj.ini2
C:\WINDOWS\System32\kjkkj.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 13:43:25 26/01/2007

Listing files found while scanning....

C:\WINDOWS\System32\pmkjh.dll
C:\WINDOWS\System32\hjkmp.ini
C:\WINDOWS\System32\hjkmp.bak2
C:\WINDOWS\System32\hjkmp.ini2
C:\WINDOWS\System32\hjkmp.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\System32\pmkjh.dll
C:\WINDOWS\System32\pmkjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjkmp.ini
C:\WINDOWS\System32\hjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjkmp.bak2
C:\WINDOWS\System32\hjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjkmp.ini2
C:\WINDOWS\System32\hjkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\hjkmp.tmp
C:\WINDOWS\System32\hjkmp.tmp Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 13:56:14, on 26/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\restorea2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31F5C8D1-60DA-47E8-98BE-543A689EAC79} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINDOWS\System32\nweipeg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\onxweyuy.dll
O2 - BHO: (no name) - {8E54C9CD-E10F-49C7-ABD9-56E82790EE41} - C:\WINDOWS\System32\jkklm.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C11485FE-14A2-4F45-AA7F-9F7869C30A18} - C:\WINDOWS\System32\pmkjh.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {D865CC89-3C41-4762-86C7-AD4909E46856} - C:\WINDOWS\System32\jkkjk.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKLM\..\Run: [SvcManager] restorea2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\loqxlxxb.dll",setvm
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S3CD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\RunServices: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\RunServices: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKCU\..\Run: [Nrac] "C:\WINDOWS\SMANTE~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Pxzet] C:\WINDOWS\system32\?icrosoft\w?crtupd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F27876A-E974-4336-9E52-2­C250103A4A6}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\svche.dll
O20 - Winlogon Notify: jkklm - C:\WINDOWS\System32\jkklm.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Remote Windows Services - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon App (Userinit Logon Application) - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

En attente de tes nouvelles instructions.
J'espère vraiment arriver à m'en sortir parceque là, c'est l'horreur.

bonjout tu es pas mal infecté mais on va y'arrivé :)


Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe­

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu



repasse aussi vundofix car il n'a pas pu supprimer jkkjk.dll

Attempting to delete C:\WINDOWS\System32\jkkjk.dll
C:\WINDOWS\System32\jkkjk.dll Could not be deleted.


a+++

Ci-joint mon rapport "virtumundobegone" :


[01/26/2007, 15:06:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\jean-yves\Bureau\VirtumundoBeGone.exe" )
[01/26/2007, 15:06:29] - Detected System Information:
[01/26/2007, 15:06:29] - Windows Version: 5.1.2600, Service Pack 1
[01/26/2007, 15:06:29] - Current Username: jean-yves (Admin)
[01/26/2007, 15:06:29] - Windows is in NORMAL mode.
[01/26/2007, 15:06:29] - Searching for Browser Helper Objects:
[01/26/2007, 15:06:29] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/26/2007, 15:06:29] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/26/2007, 15:06:29] - BHO 3: {31F5C8D1-60DA-47E8-98BE-543A689EAC79} ()
[01/26/2007, 15:06:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:29] - Checking for HKLM\...\Winlogon\Notify\vtsqq
[01/26/2007, 15:06:29] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
[01/26/2007, 15:06:29] - BHO 4: {371EE1EF-F177-1390-7807-08525DC0E55C} ()
[01/26/2007, 15:06:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:29] - Checking for HKLM\...\Winlogon\Notify\nweipeg
[01/26/2007, 15:06:29] - Key not found: HKLM\...\Winlogon\Notify\nweipeg, continuing.
[01/26/2007, 15:06:29] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/26/2007, 15:06:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:29] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/26/2007, 15:06:29] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/26/2007, 15:06:29] - BHO 6: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/26/2007, 15:06:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:29] - Checking for HKLM\...\Winlogon\Notify\onxweyuy
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\onxweyuy, continuing.
[01/26/2007, 15:06:30] - BHO 7: {8579C0D3-B27C-45A6-B92B-D80BD6143852} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\jkklm
[01/26/2007, 15:06:30] - Found: HKLM\...\Winlogon\Notify\jkklm - This is probably Virtumundo.
[01/26/2007, 15:06:30] - Assigning {8579C0D3-B27C-45A6-B92B-D80BD6143852} MSEvents Object
[01/26/2007, 15:06:30] - BHO list has been changed! Starting over...
[01/26/2007, 15:06:30] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/26/2007, 15:06:30] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/26/2007, 15:06:30] - BHO 3: {31F5C8D1-60DA-47E8-98BE-543A689EAC79} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\vtsqq
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
[01/26/2007, 15:06:30] - BHO 4: {371EE1EF-F177-1390-7807-08525DC0E55C} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\nweipeg
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\nweipeg, continuing.
[01/26/2007, 15:06:30] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/26/2007, 15:06:30] - BHO 6: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\onxweyuy
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\onxweyuy, continuing.
[01/26/2007, 15:06:30] - BHO 7: {8579C0D3-B27C-45A6-B92B-D80BD6143852} (MSEvents Object)
[01/26/2007, 15:06:30] - ALERT: Found MSEvents Object!
[01/26/2007, 15:06:30] - BHO 8: {991EF04C-93CF-469b-A2BE-CC1B3347566F} (support)
[01/26/2007, 15:06:30] - BHO 9: {C11485FE-14A2-4F45-AA7F-9F7869C30A18} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[01/26/2007, 15:06:30] - BHO 10: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[01/26/2007, 15:06:30] - BHO 11: {D865CC89-3C41-4762-86C7-AD4909E46856} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[01/26/2007, 15:06:30] - BHO 12: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/26/2007, 15:06:30] - BHO 13: {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} ()
[01/26/2007, 15:06:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:30] - Checking for HKLM\...\Winlogon\Notify\ozadddmc
[01/26/2007, 15:06:30] - Key not found: HKLM\...\Winlogon\Notify\ozadddmc, continuing.
[01/26/2007, 15:06:30] - Finished Searching Browser Helper Objects
[01/26/2007, 15:06:30] - *** Detected MSEvents Object
[01/26/2007, 15:06:30] - Trying to remove MSEvents Object...
[01/26/2007, 15:06:31] - Terminating Process: IEXPLORE.EXE
[01/26/2007, 15:06:31] - Terminating Process: RUNDLL32.EXE
[01/26/2007, 15:06:31] - Disabling Automatic Shell Restart
[01/26/2007, 15:06:31] - Terminating Process: EXPLORER.EXE
[01/26/2007, 15:06:31] - Suspending the NT Session Manager System Service
[01/26/2007, 15:06:31] - Terminating Windows NT Logon/Logoff Manager
[01/26/2007, 15:06:36] - Re-enabling Automatic Shell Restart
[01/26/2007, 15:06:36] - File to disable: C:\WINDOWS\System32\jkklm.dll
[01/26/2007, 15:06:36] - Renaming C:\WINDOWS\System32\jkklm.dll -> C:\WINDOWS\System32\jkklm.dll.vir
[01/26/2007, 15:06:36] - File successfully renamed!
[01/26/2007, 15:06:36] - Removing HKLM\...\Browser Helper Objects\{8579C0D3-B27C-45A6-B92B-D80BD6143852}
[01/26/2007, 15:06:36] - Removing HKCR\CLSID\{8579C0D3-B27C-45A6-B92B-D80BD6143852}
[01/26/2007, 15:06:36] - Adding Kill Bit for ActiveX for GUID: {8579C0D3-B27C-45A6-B92B-D80BD6143852}
[01/26/2007, 15:06:36] - Deleting ATLEvents/MSEvents Registry entries
[01/26/2007, 15:06:36] - Removing HKLM\...\Winlogon\Notify\jkklm
[01/26/2007, 15:06:36] - Searching for Browser Helper Objects:
[01/26/2007, 15:06:36] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[01/26/2007, 15:06:36] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/26/2007, 15:06:36] - BHO 3: {31F5C8D1-60DA-47E8-98BE-543A689EAC79} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\vtsqq
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\vtsqq, continuing.
[01/26/2007, 15:06:36] - BHO 4: {371EE1EF-F177-1390-7807-08525DC0E55C} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\nweipeg
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\nweipeg, continuing.
[01/26/2007, 15:06:36] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/26/2007, 15:06:36] - BHO 6: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\onxweyuy
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\onxweyuy, continuing.
[01/26/2007, 15:06:36] - BHO 7: {991EF04C-93CF-469b-A2BE-CC1B3347566F} (support)
[01/26/2007, 15:06:36] - BHO 8: {C11485FE-14A2-4F45-AA7F-9F7869C30A18} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[01/26/2007, 15:06:36] - BHO 9: {C1B4DEC2-2623-438e-9CA2-C9043AB28508} (Bar888)
[01/26/2007, 15:06:36] - BHO 10: {D865CC89-3C41-4762-86C7-AD4909E46856} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\jkkjk
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\jkkjk, continuing.
[01/26/2007, 15:06:36] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/26/2007, 15:06:36] - BHO 12: {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} ()
[01/26/2007, 15:06:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/26/2007, 15:06:36] - Checking for HKLM\...\Winlogon\Notify\ozadddmc
[01/26/2007, 15:06:36] - Key not found: HKLM\...\Winlogon\Notify\ozadddmc, continuing.
[01/26/2007, 15:06:36] - Finished Searching Browser Helper Objects
[01/26/2007, 15:06:36] - Finishing up...
[01/26/2007, 15:06:36] - A restart is needed.
[01/26/2007, 15:06:51] - Attempting to Restart via STOP error (Blue Screen!)

- Ci-joint le nouveau rapport vundofix (une fenêtre s'est ouverte et disait "no file found, vundofix will now be closed" et j'ai cliqué sur OK) :

Beginning removal...

- Et un nouveau rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 15:20:42, on 26/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\restorea2.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31F5C8D1-60DA-47E8-98BE-543A689EAC79} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINDOWS\System32\nweipeg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\onxweyuy.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C11485FE-14A2-4F45-AA7F-9F7869C30A18} - C:\WINDOWS\System32\pmkjh.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {D865CC89-3C41-4762-86C7-AD4909E46856} - C:\WINDOWS\System32\jkkjk.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKLM\..\Run: [SvcManager] restorea2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\loqxlxxb.dll",setvm
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S3CD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\RunServices: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\RunServices: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKCU\..\Run: [Nrac] "C:\WINDOWS\SMANTE~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Pxzet] C:\WINDOWS\system32\?icrosoft\w?crtupd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F27876A-E974-4336-9E52-2­C250103A4A6}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\svche.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Remote Windows Services - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Userinit Logon App (Userinit Logon Application) - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Alors, quel est le diagnostic ? Que dois je faire à présent.

Merci encore pour ton aide.

bonjour tu peu supprimer vundofix et VirtumundoBegon

maintenant Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 desque l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

a+++

il se passe la même chose que smitfraudfix pour SDfix : je le télécharge mais quand je veux ouvrir l'application en mode sans échec (ou en mode normal), une fenêtre noire s'ouvre puis se ferme rapidement, puis plus rien.

Que puis je faire ?

Pour info, au démarrage de mon ordi, après que les icones de mon bureau apparaissent, une fenêtre s'ouvre à chaque fois disant "C/ doc and setting/local server/local setting/application data/hrcopul.dll est introuvable"

En attente de tes instructions.
Merci

ok :)


enregistre les instruction suivantes pour ne rien oublié :

ouvre hijackthis coches ces lignes puis click sur fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O2 - BHO: (no name) - {31F5C8D1-60DA-47E8-98BE-543A689EAC79} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINDOWS\System32\nweipeg.dll (file missing)

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\onxweyuy.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C11485FE-14A2-4F45-AA7F-9F7869C30A18} - C:\WINDOWS\System32\pmkjh.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {D865CC89-3C41-4762-86C7-AD4909E46856} - C:\WINDOWS\System32\jkkjk.dll (file missing)
O2 - BHO: (no name) - {EFA36BE5-FC74-82F5-7404-F31A07C75CEF} - C:\WINDOWS\System32\ozadddmc.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30D80~1\Bar888.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKLM\..\Run: [SvcManager] restorea2.exe
O4 - HKLM\..\Run: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\loqxlxxb.dll",setvm
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\RunServices: [PXQr] C:\WINDOWS\System32\gkbacdveh.exe
O4 - HKLM\..\RunServices: [ukooaxfnspajdgcalcz] C:\WINDOWS\System32\gnvhiyrrns.exe
O4 - HKLM\..\RunServices: [aeuhxxgtkyxewrqtjtcp] C:\WINDOWS\System32\najwofpjzid.exe
O4 - HKCU\..\Run: [Nrac] "C:\WINDOWS\SMANTE~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Pxzet] C:\WINDOWS\system32\?icrosoft\w?crtupd.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\svche.dll

telecharge the killbox

http://www.downloads.subratam.org/KillBox.exe


1.redemarre en mode sans echec (redemarage + tapotte sans arret sur F8 desque l'ordi s'allume)

2.desactive ta restauration (pour win xp ) comme ceci :
clike droit sur post de travaille/proprietes/restauration system et la tu coche desactiver la restauration du systeme tu applique

3.Double clic sur killbox.exe (Pocket Killbox)

- Dans "Full Path of File to Delete"
copie et colle:


C:\WINDOWS\System32\iexplore.exe

-clique sur single file
- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation de suppression clique sur YES

tu fait pareil avec ces fichiers :

C:\WINDOWS\System32\gnvhiyrrns.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll
C:\WINDOWS\System32\winamp.exe
C:\WINDOWS\System32\najwofpjzid.exe
C:\WINDOWS\System32\restorea2.exe
C:\WINDOWS\System32\gkbacdveh.exe
C:\WINDOWS\System32\loqxlxxb.dll
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\System32\autosys.exe
C:\WINDOWS\System32\gkbacdveh.exe
C:\WINDOWS\System32\gnvhiyrrns.exe
C:\WINDOWS\System32\najwofpjzid.exe
C:\WINDOWS\system32\?icrosoft\w?crtupd.exe
C:\WINDOWS\System32\rpcc.dll
C:\WINDOWS\System32\svche.dll


redemare en mode normal

telecharge AVG anti spyware
http://www.01net.com/...

(n'oublie pas de le mettre a jour avant de lancer le scan)


Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici


a+++

Bonjour,

- J'ai fixé les éléments mentionnés sur Hijackthis.

- J'ai téléchargé the kill box et changé les paramètres en mode sans échec puis copier coller les élements dans the kill bo.
Mais problème : je ne peux pas cliqué sur "single file" car le bouton n'est pas accessible (grisé). Et quand je je clique sur la croix rouge, il me dit que le fichier a supprimé n'a pas été trouvé sur mon ordi.

J'ai fait tourné AVG à jour sur mon ordi.
Ci-joint le rapport :

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:33:02 26/01/2007

+ Résultat de l'analyse:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoSys -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\loadad[1].exe -> Downloader.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\loadad[2].exe -> Downloader.Small : Aucune action entreprise.
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\Infected\jarpew.exe -> Hijacker.Costrat.z : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.75:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.90:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\jean-yves\Application Data\Mozilla\Firefox\Profiles\20et0s31.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C7Q3AZ6D\uohhhtddnb[1].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C7Q3AZ6D\uohhhtddnb[2].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C7Q3AZ6D\uohhhtddnb[3].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DD980JJG\uohhhtddnb[1].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\uohhhtddnb[1].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\uohhhtddnb[2].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\uohhhtddnb[3].txt -> Trojan.Small : Aucune action entreprise.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9QJK5M7\uohhhtddnb[4].txt -> Trojan.Small : Aucune action entreprise.


Fin du rapport



- Ci-joint un rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 14:22:49, on 27/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\AVWLPSTA.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S3CD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\a