VBStat-C + Vundo-gen29 = Trojan-gen = MPT (Méga Prise de Tête)
Dernière réponse : dans Sécurité
Bonjour,
Je dois être la énième personne à parler de ce sujet, mais j'ai cru comprendre, en lisant plusieurs discussions sur différents forums, qu'il valait mieux suivre les procédures d'élimination des virus pour son propre PC, et non tenter d'appliquer les conseils destinés à un autre utilisateur, au risque d'empirer les choses !
Donc, je résume : j'ai été infecté par le Cheval de Troie VBStat-C, que je supporte depuis 2 mois sans qu'Avast ne puisse le détruire définitivement. A présent, 2 nouveaux "amis" de ce virus se sont manifestés : Trojan-gen et Vundo-gen29. Cette fois, ils ont carrément taquiné Avast, qui sonne l'alarme toutes les 20 secondes !
Après avoir lu plusieurs discussions, j'avoue que je me suis vite découragé lorsque j'ai vu leur longueur, que ce soit en nombre de pages (rapports et autres) ou en durée (3 jours pour certains utilisateurs, avant de pouvoir éradiquer complètement ces foutus virus !)
Je lance donc un appel à celui qui aura la gentillesse de me donner un coup de main à mon tour, pour continuer la lutte contre ces ignobles virus qui nous pourrissent la vie !
J'espère être à la hauteur car mes connaissances dans ce domaine sont très limitées.
Voici quelques infos utiles :
PC : SONY VAIO PCG-GRX416G
SE : Windows XP SP 2
Anti Virus : Avast4
Anti Spyware : AVG
Firewall : Windows
Navigateurs : Mozilla Firefox (par défaut), Internet Explorer
Autres programmes installés : RegCleaner, Error Guard
Symptômes : PC lent au démarrage, Page web ouvertes à tout bout de champ, VBStat-C détecté à chaque démarrage, Troja-gen et Vundo-gen29 détectés toutes les 20 secondes et impossible à mettre en quarantaine.
Merci d'avance.
Cocosable
Je dois être la énième personne à parler de ce sujet, mais j'ai cru comprendre, en lisant plusieurs discussions sur différents forums, qu'il valait mieux suivre les procédures d'élimination des virus pour son propre PC, et non tenter d'appliquer les conseils destinés à un autre utilisateur, au risque d'empirer les choses !
Donc, je résume : j'ai été infecté par le Cheval de Troie VBStat-C, que je supporte depuis 2 mois sans qu'Avast ne puisse le détruire définitivement. A présent, 2 nouveaux "amis" de ce virus se sont manifestés : Trojan-gen et Vundo-gen29. Cette fois, ils ont carrément taquiné Avast, qui sonne l'alarme toutes les 20 secondes !
Après avoir lu plusieurs discussions, j'avoue que je me suis vite découragé lorsque j'ai vu leur longueur, que ce soit en nombre de pages (rapports et autres) ou en durée (3 jours pour certains utilisateurs, avant de pouvoir éradiquer complètement ces foutus virus !)
Je lance donc un appel à celui qui aura la gentillesse de me donner un coup de main à mon tour, pour continuer la lutte contre ces ignobles virus qui nous pourrissent la vie !
J'espère être à la hauteur car mes connaissances dans ce domaine sont très limitées.
Voici quelques infos utiles :
PC : SONY VAIO PCG-GRX416G
SE : Windows XP SP 2
Anti Virus : Avast4
Anti Spyware : AVG
Firewall : Windows
Navigateurs : Mozilla Firefox (par défaut), Internet Explorer
Autres programmes installés : RegCleaner, Error Guard
Symptômes : PC lent au démarrage, Page web ouvertes à tout bout de champ, VBStat-C détecté à chaque démarrage, Troja-gen et Vundo-gen29 détectés toutes les 20 secondes et impossible à mettre en quarantaine.
Merci d'avance.
Cocosable
Autres pages sur : vbstat vundo gen29 trojan gen mpt mega prise tete
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
&
Après le passage de VundoFix :
Poste un rapport HijackThis
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Dézippe-le dans un dossier ou directement sur ton bureau sur ton Bureau.
Ensuite, lance le appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
Aide : N'hésite pas à consulter l'aide HiJackThis
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
&
Après le passage de VundoFix :
Poste un rapport HijackThis
Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Dézippe-le dans un dossier ou directement sur ton bureau sur ton Bureau.
Ensuite, lance le appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
Aide : N'hésite pas à consulter l'aide HiJackThis
Bonjour,
Désolé pour ma réponse tardive, mais il faut compter 12 heures de décalage entre Tahiti et la Métropole, sans parler que je n'allume mon PC que le soir après le boulot !
Ci-dessous le rapport de VundoFix :
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
____________________
A présent le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:17:48, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
__________________
Et voilà pour le moment. Encore merci![:)]( ":)")
Cocosable
Désolé pour ma réponse tardive, mais il faut compter 12 heures de décalage entre Tahiti et la Métropole, sans parler que je n'allume mon PC que le soir après le boulot !
Ci-dessous le rapport de VundoFix :
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
____________________
A présent le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:17:48, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
__________________
Et voilà pour le moment. Encore merci
Cocosable
on continue ![;)]( ";)")
Télécharge ComboFix (par sUBs) sur ton Bureau
Double clique sur combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Télécharge ComboFix (par sUBs) sur ton Bureau
Double clique sur combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Me revoilà ![:D]( ":D")
Avant que tu ne lise le rapport combofix, il faut que je te signale que des nouveaux trojans ont été détectés pendant le scan : Win32:Klone-BK et Win32:Klone-BL.
Voici le rapport :
_____________
"Ordinateur" - 07-05-04 17:10:57 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Ordinateur\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cdgimryk.dll
C:\WINDOWS\system32\dloygkrx.dll
C:\WINDOWS\system32\mwcencph.dll
C:\WINDOWS\system32\wkqkaqfd.dll
C:\WINDOWS\system32\aurscweb.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))
2007-05-03 17:56 <REP> d-------- C:\VundoFix Backups
2007-05-01 21:27 <REP> d-------- C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-30 05:46 745600 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-30 05:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 05:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 05:39 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 05:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 05:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 05:35 95872 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-21 18:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\skype
2007-04-12 19:15 1428 --a------ C:\WINDOWS\mozver.dat
2007-04-01 18:39 -------- d-------- C:\Program Files\windows installer clean up
2007-04-01 18:38 -------- d-------- C:\Program Files\msecache
2007-03-29 17:50 31844 --------- C:\WINDOWS\system32\xxyxx.exe
2007-03-29 17:49 496568 ---hs---- C:\WINDOWS\system32\kkkmp.bak2
2007-03-25 20:03 -------- d-------- C:\Program Files\regcleaner
2007-03-25 17:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-25 17:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\talkback
2007-03-25 16:40 86094 --a------ C:\WINDOWS\bpmnt.dll
2007-03-25 16:40 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-03-25 16:40 229957 --a------ C:\WINDOWS\tsc.exe
2007-03-25 16:40 1101904 --a------ C:\WINDOWS\vsapi32.dll
2007-03-19 18:25 -------- d-------- C:\Program Files\soliddocuments
2007-03-19 18:19 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\soliddocuments
2007-03-17 18:46 -------- d-------- C:\Program Files\icofx 1.5
2007-03-17 03:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 12:46 69689 --a------ C:\WINDOWS\unzip.dll
2007-03-16 12:46 507904 --a------ C:\WINDOWS\tmupdate.dll
2007-03-16 12:46 286720 --a------ C:\WINDOWS\patch.exe
2007-03-16 12:30 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\winantivirus pro 2006
2007-03-16 11:58 706 --a------ C:\DOCUME~1\ORDINA~1\APPLIC~1\update.log
2007-03-08 07:32 446678 ---hs---- C:\WINDOWS\system32\kkkmp.bak1
2007-03-08 05:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 05:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 05:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 05:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-20 20:05 64052 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-20 20:05 445672 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-02-05 10:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{97961D16-329B-4743-B0DA-AD645435D52a} C:\WINDOWS\system32\nhoniflp.dll [x]
{EC782C05-509F-430B-9B99-301F9D999108} C:\WINDOWS\system32\iiijj.dll [x]
{F97DA966-F09D-4cab-BF29-75A0026986EA} C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_PxEngine.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"JOGSERV2.EXE"="C:\\Program Files\\Sony\\Jog Dial Navigator\\JogServ2.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\apmwrhku.dll\",realset"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiijj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkkk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpqrr
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-04 17:16:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-04 17:16:33
C:\ComboFix-quarantined-files.txt ... 07-05-04 17:16
__________________________
A plus tard![:)]( ":)")
Avant que tu ne lise le rapport combofix, il faut que je te signale que des nouveaux trojans ont été détectés pendant le scan : Win32:Klone-BK et Win32:Klone-BL.
Voici le rapport :
_____________
"Ordinateur" - 07-05-04 17:10:57 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Ordinateur\Bureau\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cdgimryk.dll
C:\WINDOWS\system32\dloygkrx.dll
C:\WINDOWS\system32\mwcencph.dll
C:\WINDOWS\system32\wkqkaqfd.dll
C:\WINDOWS\system32\aurscweb.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))
2007-05-03 17:56 <REP> d-------- C:\VundoFix Backups
2007-05-01 21:27 <REP> d-------- C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-30 05:46 745600 --a------ C:\WINDOWS\system32\aswboot.exe
2007-04-30 05:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 05:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 05:39 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 05:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 05:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 05:35 95872 --a------ C:\WINDOWS\system32\avastss.scr
2007-04-21 18:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\skype
2007-04-12 19:15 1428 --a------ C:\WINDOWS\mozver.dat
2007-04-01 18:39 -------- d-------- C:\Program Files\windows installer clean up
2007-04-01 18:38 -------- d-------- C:\Program Files\msecache
2007-03-29 17:50 31844 --------- C:\WINDOWS\system32\xxyxx.exe
2007-03-29 17:49 496568 ---hs---- C:\WINDOWS\system32\kkkmp.bak2
2007-03-25 20:03 -------- d-------- C:\Program Files\regcleaner
2007-03-25 17:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-25 17:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\talkback
2007-03-25 16:40 86094 --a------ C:\WINDOWS\bpmnt.dll
2007-03-25 16:40 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-03-25 16:40 229957 --a------ C:\WINDOWS\tsc.exe
2007-03-25 16:40 1101904 --a------ C:\WINDOWS\vsapi32.dll
2007-03-19 18:25 -------- d-------- C:\Program Files\soliddocuments
2007-03-19 18:19 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\soliddocuments
2007-03-17 18:46 -------- d-------- C:\Program Files\icofx 1.5
2007-03-17 03:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 12:46 69689 --a------ C:\WINDOWS\unzip.dll
2007-03-16 12:46 507904 --a------ C:\WINDOWS\tmupdate.dll
2007-03-16 12:46 286720 --a------ C:\WINDOWS\patch.exe
2007-03-16 12:30 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\winantivirus pro 2006
2007-03-16 11:58 706 --a------ C:\DOCUME~1\ORDINA~1\APPLIC~1\update.log
2007-03-08 07:32 446678 ---hs---- C:\WINDOWS\system32\kkkmp.bak1
2007-03-08 05:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 05:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 05:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 05:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-20 20:05 64052 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-02-20 20:05 445672 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-02-05 10:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{97961D16-329B-4743-B0DA-AD645435D52a} C:\WINDOWS\system32\nhoniflp.dll [x]
{EC782C05-509F-430B-9B99-301F9D999108} C:\WINDOWS\system32\iiijj.dll [x]
{F97DA966-F09D-4cab-BF29-75A0026986EA} C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_PxEngine.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"JOGSERV2.EXE"="C:\\Program Files\\Sony\\Jog Dial Navigator\\JogServ2.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\apmwrhku.dll\",realset"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiijj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkkk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpqrr
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-04 17:16:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-04 17:16:33
C:\ComboFix-quarantined-files.txt ... 07-05-04 17:16
__________________________
A plus tard
Bonsoir Bob,
Merci pour ton suivi![:)]( ":)")
Voici le résultat du 2ème scan de VundoFix :
_____________________________________
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 18:38:29 10/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
_________________________________
Espérons que tu vas m'annoncer de bonnes nouvelles![:ange:]( ":ange:")
A+
cocosable
Merci pour ton suivi
Voici le résultat du 2ème scan de VundoFix :
_____________________________________
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 18:38:29 10/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
_________________________________
Espérons que tu vas m'annoncer de bonnes nouvelles
A+
cocosable
Bonjour Bob !
Voici mon rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:22:29, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
________________
A+
cocosable
Voici mon rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:22:29, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
________________
A+
cocosable
Relance Vundofix
- Ne clique pas sur Scan for a vundo"
- Clique droit au milieux de la fenêtre
- Clique sur Add more files ?
- Copie/colle les fichiers ci-dessous ( un par case) :
- Clique sur Add files
- Ensuite clique sur Close Windows
- Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
- Si l'outils demande un redémarrage, accepte
- Poste le rapport Vundofix, ainsi qu'un nouveau log HijackThis
- Ne clique pas sur Scan for a vundo"
- Clique droit au milieux de la fenêtre
- Clique sur Add more files ?
- Copie/colle les fichiers ci-dessous ( un par case) :
Citation :
C:\WINDOWS\system32\pmkkk- Clique sur Add files
- Ensuite clique sur Close Windows
- Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
- Si l'outils demande un redémarrage, accepte
- Poste le rapport Vundofix, ainsi qu'un nouveau log HijackThis
OK, j'ai accompli toutes les étapes.
Voici ce que dit VundoFix :
__________________________
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 18:38:29 10/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Beginning removal...
Beginning removal...
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 20:38:17 12/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
__________________________________________
Et HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 20:58:06, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
_________________________________
C'est tout pour cette fois !
La suite au prochaine épisode![;)]( ";)")
Voici ce que dit VundoFix :
__________________________
VundoFix V6.3.21
Checking Java version...
Scan started at 17:56:43 03/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\iiijj.dll
C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\urqpqrr.dll
C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\ytgfsrhb.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
C:\WINDOWS\system32\apmwrhku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
C:\WINDOWS\system32\bcypafmk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
C:\WINDOWS\system32\bydmstpl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
C:\WINDOWS\system32\cctnwtev.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\didruopq.dll
C:\WINDOWS\system32\didruopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
C:\WINDOWS\system32\dplkusvj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
C:\WINDOWS\system32\fjiupfub.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak1
C:\WINDOWS\system32\jjiii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.bak2
C:\WINDOWS\system32\jjiii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini
C:\WINDOWS\system32\jjiii.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.ini2
C:\WINDOWS\system32\jjiii.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjiii.tmp
C:\WINDOWS\system32\jjiii.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
C:\WINDOWS\system32\kbhcifox.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
C:\WINDOWS\system32\kmfapycb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
C:\WINDOWS\system32\nchoglhs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
C:\WINDOWS\system32\qtqxeute.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rrksount.dll
C:\WINDOWS\system32\rrksount.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
C:\WINDOWS\system32\rtvidbil.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
C:\WINDOWS\system32\skmauvhp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\snghucah.dll
C:\WINDOWS\system32\snghucah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
C:\WINDOWS\system32\tgtdperk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
C:\WINDOWS\system32\uqvmlree.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
C:\WINDOWS\system32\wjpifugf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
C:\WINDOWS\system32\xjvwseja.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 18:38:29 10/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Beginning removal...
Beginning removal...
Beginning removal...
Beginning removal...
Beginning removal...
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Scan started at 20:38:17 12/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiijj.dll
Beginning removal...
Performing Repairs to the registry.
Done!
__________________________________________
Et HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 20:58:06, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
_________________________________
C'est tout pour cette fois !
La suite au prochaine épisode
Bonjour,
L'infection Vundo résiste![:(]( ":(")
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGon...
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre ton PC et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
L'infection Vundo résiste
Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGon...
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre ton PC et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
Bonjour Bob,
Je n'ai pas eu d'écran bleu comme prévu et j'ai l'impression que rien n'a été détecté. Bref, voici le rapport VBG :
[05/14/2007, 18:21:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ordinateur\Bureau\VirtumundoBeGone.exe" )
[05/14/2007, 18:21:35] - Detected System Information:
[05/14/2007, 18:21:35] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 18:21:35] - Current Username: Ordinateur (Admin)
[05/14/2007, 18:21:35] - Windows is in NORMAL mode.
[05/14/2007, 18:21:35] - Searching for Browser Helper Objects:
[05/14/2007, 18:21:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 18:21:36] - BHO 2: {590CEACC-6120-43F5-8031-306EE9B991C3} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 18:21:36] - BHO 4: {97961D16-329B-4743-B0DA-AD645435D52a} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 5: {EC782C05-509F-430B-9B99-301F9D999108} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 6: {F97DA966-F09D-4cab-BF29-75A0026986EA} (XBTP02634 Class)
[05/14/2007, 18:21:36] - Finished Searching Browser Helper Objects
[05/14/2007, 18:21:36] - Finishing up...
[05/14/2007, 18:21:36] - Nothing found! Exiting...
___________________
Et le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:22:49, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE\OmniPage.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
______________
Bizarre tout ça![:heink:]( ":heink:")
Merci quand-même![:D]( ":D")
Je n'ai pas eu d'écran bleu comme prévu et j'ai l'impression que rien n'a été détecté. Bref, voici le rapport VBG :
[05/14/2007, 18:21:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ordinateur\Bureau\VirtumundoBeGone.exe" )
[05/14/2007, 18:21:35] - Detected System Information:
[05/14/2007, 18:21:35] - Windows Version: 5.1.2600, Service Pack 2
[05/14/2007, 18:21:35] - Current Username: Ordinateur (Admin)
[05/14/2007, 18:21:35] - Windows is in NORMAL mode.
[05/14/2007, 18:21:35] - Searching for Browser Helper Objects:
[05/14/2007, 18:21:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[05/14/2007, 18:21:36] - BHO 2: {590CEACC-6120-43F5-8031-306EE9B991C3} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/14/2007, 18:21:36] - BHO 4: {97961D16-329B-4743-B0DA-AD645435D52a} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 5: {EC782C05-509F-430B-9B99-301F9D999108} ()
[05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/14/2007, 18:21:36] - No filename found. Continuing.
[05/14/2007, 18:21:36] - BHO 6: {F97DA966-F09D-4cab-BF29-75A0026986EA} (XBTP02634 Class)
[05/14/2007, 18:21:36] - Finished Searching Browser Helper Objects
[05/14/2007, 18:21:36] - Finishing up...
[05/14/2007, 18:21:36] - Nothing found! Exiting...
___________________
Et le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:22:49, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE\OmniPage.exe
C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
______________
Bizarre tout ça
Merci quand-même
Bonjour Bob,
Voilà ce que dit HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 18:32:47, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Utilitaires Anti-Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
________________
Espérons que cette fois est la bonne !
A+
cocosable
Voilà ce que dit HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 18:32:47, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ezSP_PxEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Utilitaires Anti-Virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iiijj - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
________________
Espérons que cette fois est la bonne !
A+
cocosable
Bonsoir,
Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Regarde le Tutorial d’utilisation avant de t’en servir :
http://www.malekal.com/tutorial_SpywareTerminator.html
Telecharge Spyware Terminator
http://www.spywareterminator.com/
Installe le dans son répertoire.
Regarde le Tutorial d’utilisation avant de t’en servir :
http://www.malekal.com/tutorial_SpywareTerminator.html
Lassé par la pub ? Créez un compte
- Contenus similaires :
