Infection VBStat-C (résolu, 1000 merci) - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 




Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Infection VBStat-C (résolu, 1000 merci)
 
Profil : IDNaute
Plus d'informations

Bonjour a tous,

J'ai grand besoin de votre aide car je suis infecté par un virus du nom de VBStat-C

En lisant les autres post sur ce sujet, je vous joins le rapport hijackthis.

En revanche, j'ai essayé Clean comme conseillé ici.:
http://www.infos-du-net.com/forum/ [...] at-infecte
y me dis que "le rapport de scan va s'ouvrir" mais rien ne s'ouvre ???

Merci d'avance pour votre aide...

P.S.: j'ai AVAST comme antivirus...

Logfile of HijackThis v1.99.1
Scan saved at 23:27:46, on 16.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Laurent 81\Mes documents\Utilitaire\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Adobe] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.fr
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT [...] _load.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfca [...] Config.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9732154453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.65.142.237/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/mother [...] oardID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/download [...] _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Message édité par Laurent81 le 19-04-2007 Ã  23:08:49
Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Profil : IDNaute
Plus d'informations

Rebonjour,

j'ai vu sur ce post ici.:
http://www.infos-du-net.com/forum/ [...] empestives
le programme Vundofix.

J'ai juste scanné car je ne voudrais pas supprimmer des fichiers qu'ils faut pas...

voici donc le rapport.:


VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:51:16 16.04.2007

Listing files found while scanning....

C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\vjqsymvg.dll


ça en fait un certain nombre !!!

Merci d'avance pour votre aide.

Profil : Helper
Plus d'informations

Bonjour


On fait du ménage.


$$ Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
* Démarre ton PC à nouveau.


Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


$$ Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt.


Désinstalle aussi et supprime les vieilles versions de Java (les 1.4.2.6, 1.5.0.2 et 1.5.0.6)

Profil : IDNaute
Plus d'informations

Salut chercheurpca.

Avant toute chose, merci beaucoup de t'être penché sur mon problème...

Alors, j'ai desinstallé les vieilles versions de Java.

J'ai utilisé Vundo et supprimer les fichiers.

En revanche, j'ai un souci avec Combofix, quand je l'execute, il m'ouvre
une petite fenetre qui se referme aussi tôt et je n'ai pas de rapport qui s'affiche ?


voici un nouveau HijackThis et le contenu du rapport de Vundo.:


Logfile of HijackThis v1.99.1
Scan saved at 10:41:28, on 17.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\MSI\SecureDoc\Logon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Laurent 81\Mes documents\Utilitaire\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {4D6EADB2-B344-4F6C-8171-35D77F34A5A3} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\xjefesrn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E44527F6-1296-4A84-B67D-A6CEA6ED4B69} - C:\WINDOWS\system32\urqrpqn.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Adobe] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\rqviedvu.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: SecureDoc.lnk = C:\Program Files\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.fr
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.msn.fr
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT [...] _load.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfca [...] Config.ocx
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/ac [...] 0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9732154453
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/so [...] launch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.65.142.237/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/mother [...] oardID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/download [...] _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe





VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:51:16 16.04.2007

Listing files found while scanning....

C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\vjqsymvg.dll

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 10:17:19 17.04.2007

Listing files found while scanning....

C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\bgycukvs.dll
C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\blhthjhn.dll
C:\WINDOWS\system32\eblfycpr.dll
C:\WINDOWS\system32\fbqcjltg.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\kfwwapam.dll
C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\kvatnaqa.dll
C:\WINDOWS\system32\lbcucoiy.dll
C:\WINDOWS\system32\mbekjycb.dll
C:\WINDOWS\system32\mdlhjvmy.dll
C:\WINDOWS\system32\mnluxqws.dll
C:\WINDOWS\system32\ndngrkpf.dll
C:\WINDOWS\system32\ngmybwlp.dll
C:\WINDOWS\system32\nntwupma.dll
C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\pnjygedh.dll
C:\WINDOWS\system32\pqtvykfn.dll
C:\WINDOWS\system32\pvkovtht.dll
C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\rqviedvu.dll
C:\WINDOWS\system32\sfpwxkoy.dll
C:\WINDOWS\system32\sgmflouv.dll
C:\WINDOWS\system32\smtfqiat.dll
C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\uvdeivqr.ini
C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\vjqsymvg.dll
C:\WINDOWS\system32\wamqqebs.dll
C:\WINDOWS\system32\xjefesrn.dll
C:\WINDOWS\system32\yelpfweh.dll
C:\WINDOWS\system32\ypufagxk.dll
C:\WINDOWS\system32\yqlhikge.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\aybeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\bgycukvs.dll
C:\WINDOWS\system32\bgycukvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\bjdmkeyf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\blhthjhn.dll
C:\WINDOWS\system32\blhthjhn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eblfycpr.dll
C:\WINDOWS\system32\eblfycpr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fbqcjltg.dll
C:\WINDOWS\system32\fbqcjltg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebya.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\gvwkbsdw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkjj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\jkkllji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kfwwapam.dll
C:\WINDOWS\system32\kfwwapam.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\kilvfhov.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvatnaqa.dll
C:\WINDOWS\system32\kvatnaqa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lbcucoiy.dll
C:\WINDOWS\system32\lbcucoiy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mbekjycb.dll
C:\WINDOWS\system32\mbekjycb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mdlhjvmy.dll
C:\WINDOWS\system32\mdlhjvmy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnluxqws.dll
C:\WINDOWS\system32\mnluxqws.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ndngrkpf.dll
C:\WINDOWS\system32\ndngrkpf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ngmybwlp.dll
C:\WINDOWS\system32\ngmybwlp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nntwupma.dll
C:\WINDOWS\system32\nntwupma.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\paadwysd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\pjyapgtg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnjygedh.dll
C:\WINDOWS\system32\pnjygedh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pqtvykfn.dll
C:\WINDOWS\system32\pqtvykfn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pvkovtht.dll
C:\WINDOWS\system32\pvkovtht.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\qomjhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\rqrsqpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqviedvu.dll
C:\WINDOWS\system32\rqviedvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sfpwxkoy.dll
C:\WINDOWS\system32\sfpwxkoy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgmflouv.dll
C:\WINDOWS\system32\sgmflouv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\smtfqiat.dll
C:\WINDOWS\system32\smtfqiat.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\ssqnmkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\urqrpqn.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvdeivqr.ini
C:\WINDOWS\system32\uvdeivqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\uvrtsoxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wamqqebs.dll
C:\WINDOWS\system32\wamqqebs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xjefesrn.dll
C:\WINDOWS\system32\xjefesrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yelpfweh.dll
C:\WINDOWS\system32\yelpfweh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ypufagxk.dll
C:\WINDOWS\system32\ypufagxk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yqlhikge.dll
C:\WINDOWS\system32\yqlhikge.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\urqrpqn.dll Has been deleted!

Performing Repairs to the registry.
Done!



Voilà j'espere que c'est bon ???

Merci encore chercheurpca.

Laurent 81

Profil : Helper
Plus d'informations

Bonjour


Gros travail de Vundofix. Il reste un fichier.

  • Double-clique VundoFix.exe afin de le lancer.

[***]Ne clique pas sur "Scan for Vundo"

  • Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
  • Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):


C:\WINDOWS\system32\rqviedvu.dll

  • Clique sur le bouton "Add File(s)"
  • Clique sur le bouton "Close Window"
  • Clique à nouveau sur "Remove Vundo"
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
  • Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
  • Démarre ton PC à nouveau.
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.




Pour Combofix, on vérifie quelque chose.
Ouvre le bloc-notes
- Menu Démarrer, Tous les programmes, Accessoires, Bloc notes
ou
- Menu Démarrer, Exécuter : tape notepad

Copie-colle ce qui suit dans le bloc-notes et sauvegarde sur le bureau comme ceci :
C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt
start notepad look.txt


Nom : look.bat
Type : Tous les fichiers

Double-clique sur Look.bat. Cela va t'ouvrir un fichier au format TXT Look.txt

Copie et colle ici le contenu de Look.txt.

Profil : IDNaute
Plus d'informations

Re,

t'es incroyable toi, la rapidité a laquelle tu reponds !!!
Medaille d'Or je vous le dis... :bounce:

Bon, alors dans l'ordre, le vundofix.txt, le HijackThis et le Look.txt .:



VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 23:51:16 16.04.2007

Listing files found while scanning....

C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\vjqsymvg.dll

VundoFix V6.3.19

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 10:17:19 17.04.2007

Listing files found while scanning....

C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\bgycukvs.dll
C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\blhthjhn.dll
C:\WINDOWS\system32\eblfycpr.dll
C:\WINDOWS\system32\fbqcjltg.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gvwkbsdw.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkkllji.dll
C:\WINDOWS\system32\kfwwapam.dll
C:\WINDOWS\system32\kilvfhov.dll
C:\WINDOWS\system32\kvatnaqa.dll
C:\WINDOWS\system32\lbcucoiy.dll
C:\WINDOWS\system32\mbekjycb.dll
C:\WINDOWS\system32\mdlhjvmy.dll
C:\WINDOWS\system32\mnluxqws.dll
C:\WINDOWS\system32\ndngrkpf.dll
C:\WINDOWS\system32\ngmybwlp.dll
C:\WINDOWS\system32\nntwupma.dll
C:\WINDOWS\system32\paadwysd.dll
C:\WINDOWS\system32\pjyapgtg.dll
C:\WINDOWS\system32\pnjygedh.dll
C:\WINDOWS\system32\pqtvykfn.dll
C:\WINDOWS\system32\pvkovtht.dll
C:\WINDOWS\system32\qomjhhi.dll
C:\WINDOWS\system32\rqrsqpm.dll
C:\WINDOWS\system32\rqviedvu.dll
C:\WINDOWS\system32\sfpwxkoy.dll
C:\WINDOWS\system32\sgmflouv.dll
C:\WINDOWS\system32\smtfqiat.dll
C:\WINDOWS\system32\ssqnmkj.dll
C:\WINDOWS\system32\urqrpqn.dll
C:\WINDOWS\system32\uvdeivqr.ini
C:\WINDOWS\system32\uvrtsoxw.dll
C:\WINDOWS\system32\vjqsymvg.dll
C:\WINDOWS\system32\wamqqebs.dll
C:\WINDOWS\system32\xjefesrn.dll
C:\WINDOWS\system32\yelpfweh.dll
C:\WINDOWS\system32\ypufagxk.dll
C:\WINDOWS\system32\yqlhikge.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\aybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\aybeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.ini
C:\WINDOWS\system32\aybeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.ini2
C:\WINDOWS\system32\aybeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\aybeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\bgycukvs.dll
C:\WINDOWS\system32\bgycukvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjdmkeyf.dll
C:\WINDOWS\system32\bjdmkeyf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\blhthjhn.dll
C:\WINDOWS\system32\blhthjhn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eblfycpr.dll
C:\WINDOWS\system32\eblfycpr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system3