Se connecter / S'enregistrer
Votre question

VBStat-C + Vundo-gen29 = Trojan-gen = MPT (Méga Prise de Tête)

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Mai 2007 06:52:57

Bonjour,

Je dois être la énième personne à parler de ce sujet, mais j'ai cru comprendre, en lisant plusieurs discussions sur différents forums, qu'il valait mieux suivre les procédures d'élimination des virus pour son propre PC, et non tenter d'appliquer les conseils destinés à un autre utilisateur, au risque d'empirer les choses !

Donc, je résume : j'ai été infecté par le Cheval de Troie VBStat-C, que je supporte depuis 2 mois sans qu'Avast ne puisse le détruire définitivement. A présent, 2 nouveaux "amis" de ce virus se sont manifestés : Trojan-gen et Vundo-gen29. Cette fois, ils ont carrément taquiné Avast, qui sonne l'alarme toutes les 20 secondes !
Après avoir lu plusieurs discussions, j'avoue que je me suis vite découragé lorsque j'ai vu leur longueur, que ce soit en nombre de pages (rapports et autres) ou en durée (3 jours pour certains utilisateurs, avant de pouvoir éradiquer complètement ces foutus virus !)
Je lance donc un appel à celui qui aura la gentillesse de me donner un coup de main à mon tour, pour continuer la lutte contre ces ignobles virus qui nous pourrissent la vie !
J'espère être à la hauteur car mes connaissances dans ce domaine sont très limitées.

Voici quelques infos utiles :

PC : SONY VAIO PCG-GRX416G
SE : Windows XP SP 2
Anti Virus : Avast4
Anti Spyware : AVG
Firewall : Windows
Navigateurs : Mozilla Firefox (par défaut), Internet Explorer
Autres programmes installés : RegCleaner, Error Guard

Symptômes : PC lent au démarrage, Page web ouvertes à tout bout de champ, VBStat-C détecté à chaque démarrage, Troja-gen et Vundo-gen29 détectés toutes les 20 secondes et impossible à mettre en quarantaine.

Merci d'avance.
Cocosable

Autres pages sur : vbstat vundo gen29 trojan gen mpt mega prise tete

3 Mai 2007 10:22:45

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    &

    Après le passage de VundoFix :

    Poste un rapport HijackThis

    Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).

    Dézippe-le dans un dossier ou directement sur ton bureau sur ton Bureau.

    Ensuite, lance le appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.

    Aide : N'hésite pas à consulter l'aide HiJackThis
    4 Mai 2007 06:25:49

    Bonjour,

    Désolé pour ma réponse tardive, mais il faut compter 12 heures de décalage entre Tahiti et la Métropole, sans parler que je n'allume mon PC que le soir après le boulot !

    Ci-dessous le rapport de VundoFix :

    VundoFix V6.3.21

    Checking Java version...

    Scan started at 17:56:43 03/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\iiijj.dll
    C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\urqpqrr.dll
    C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\ytgfsrhb.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\apmwrhku.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bcypafmk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\bydmstpl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\cctnwtev.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\didruopq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\dplkusvj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\fjiupfub.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jjiii.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kbhcifox.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\kmfapycb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\nchoglhs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\qtqxeute.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rrksount.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\rtvidbil.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\skmauvhp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\snghucah.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tgtdperk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\uqvmlree.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\wjpifugf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\xjvwseja.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
    C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ____________________

    A présent le rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:17:48, on 03/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\ezSP_PxEngine.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\ORDINA~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
    O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
    O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
    O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    __________________

    Et voilà pour le moment. Encore merci :) 

    Cocosable
    4 Mai 2007 19:02:51

    on continue ;) 

    Télécharge ComboFix (par sUBs) sur ton Bureau

    Double clique sur combofix.exe et suis les invites.

    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    5 Mai 2007 05:26:45

    Me revoilà :D 

    Avant que tu ne lise le rapport combofix, il faut que je te signale que des nouveaux trojans ont été détectés pendant le scan : Win32:Klone-BK et Win32:Klone-BL.

    Voici le rapport :
    _____________

    "Ordinateur" - 07-05-04 17:10:57 Service Pack 2
    ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Ordinateur\Bureau\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\cdgimryk.dll
    C:\WINDOWS\system32\dloygkrx.dll
    C:\WINDOWS\system32\mwcencph.dll
    C:\WINDOWS\system32\wkqkaqfd.dll
    C:\WINDOWS\system32\aurscweb.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))


    2007-05-03 17:56 <REP> d-------- C:\VundoFix Backups
    2007-05-01 21:27 <REP> d-------- C:\WINDOWS\Downloaded Installations


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-04-30 05:46 745600 --a------ C:\WINDOWS\system32\aswboot.exe
    2007-04-30 05:41 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 05:41 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 05:39 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 05:38 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 05:37 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 05:35 95872 --a------ C:\WINDOWS\system32\avastss.scr
    2007-04-21 18:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\skype
    2007-04-12 19:15 1428 --a------ C:\WINDOWS\mozver.dat
    2007-04-01 18:39 -------- d-------- C:\Program Files\windows installer clean up
    2007-04-01 18:38 -------- d-------- C:\Program Files\msecache
    2007-03-29 17:50 31844 --------- C:\WINDOWS\system32\xxyxx.exe
    2007-03-29 17:49 496568 ---hs---- C:\WINDOWS\system32\kkkmp.bak2
    2007-03-25 20:03 -------- d-------- C:\Program Files\regcleaner
    2007-03-25 17:31 0 --a------ C:\WINDOWS\nsreg.dat
    2007-03-25 17:31 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\talkback
    2007-03-25 16:40 86094 --a------ C:\WINDOWS\bpmnt.dll
    2007-03-25 16:40 71749 --a------ C:\WINDOWS\hcextoutput.dll
    2007-03-25 16:40 229957 --a------ C:\WINDOWS\tsc.exe
    2007-03-25 16:40 1101904 --a------ C:\WINDOWS\vsapi32.dll
    2007-03-19 18:25 -------- d-------- C:\Program Files\soliddocuments
    2007-03-19 18:19 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\soliddocuments
    2007-03-17 18:46 -------- d-------- C:\Program Files\icofx 1.5
    2007-03-17 03:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
    2007-03-16 12:46 69689 --a------ C:\WINDOWS\unzip.dll
    2007-03-16 12:46 507904 --a------ C:\WINDOWS\tmupdate.dll
    2007-03-16 12:46 286720 --a------ C:\WINDOWS\patch.exe
    2007-03-16 12:30 -------- d-------- C:\DOCUME~1\ORDINA~1\APPLIC~1\winantivirus pro 2006
    2007-03-16 11:58 706 --a------ C:\DOCUME~1\ORDINA~1\APPLIC~1\update.log
    2007-03-08 07:32 446678 ---hs---- C:\WINDOWS\system32\kkkmp.bak1
    2007-03-08 05:37 578560 --a------ C:\WINDOWS\system32\user32.dll
    2007-03-08 05:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
    2007-03-08 05:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-03-08 05:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
    2007-02-20 20:05 64052 --a------ C:\WINDOWS\system32\perfc00c.dat
    2007-02-20 20:05 445672 --a------ C:\WINDOWS\system32\perfh00c.dat
    2007-02-05 10:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    {97961D16-329B-4743-B0DA-AD645435D52a} C:\WINDOWS\system32\nhoniflp.dll [x]
    {EC782C05-509F-430B-9B99-301F9D999108} C:\WINDOWS\system32\iiijj.dll [x]
    {F97DA966-F09D-4cab-BF29-75A0026986EA} C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_PxEngine.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "JOGSERV2.EXE"="C:\\Program Files\\Sony\\Jog Dial Navigator\\JogServ2.exe"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\apmwrhku.dll\",realset"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{E44527F6-1296-4A84-B67D-A6CEA6ED4B69}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiijj
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkkk
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpqrr

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\HPpromotions journeysoftware.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-04 17:16:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    ********************************************************************

    Completion time: 07-05-04 17:16:33
    C:\ComboFix-quarantined-files.txt ... 07-05-04 17:16

    __________________________

    A plus tard :) 

    8 Mai 2007 07:09:14

    Bonjour Bob !

    Avant que tu ne m'oublies, il faut que je te signale qu'une fenêtre s'ouvre au démarrage, indiquant que le module C:\WINDOWS\system32\apmwrhku.dll est manquant. Je dois systématiquement fermer cette fenêtre à chaque démarrage, et je ne sais pas trop comment corriger ça.
    9 Mai 2007 18:59:05

    Bonsoir cocosable,

    Le forum avait soit une mise à jour soit un probleme je n'ai pas retrouvé ton sujet :( 

    Repasse un coup de VundoFix et poste le rapport.
    11 Mai 2007 07:06:07

    Bonsoir Bob,

    Merci pour ton suivi :) 

    Voici le résultat du 2ème scan de VundoFix :

    _____________________________________
    VundoFix V6.3.21

    Checking Java version...

    Scan started at 17:56:43 03/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\iiijj.dll
    C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\urqpqrr.dll
    C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\ytgfsrhb.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\apmwrhku.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bcypafmk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\bydmstpl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\cctnwtev.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\didruopq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\dplkusvj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\fjiupfub.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jjiii.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kbhcifox.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\kmfapycb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\nchoglhs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\qtqxeute.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rrksount.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\rtvidbil.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\skmauvhp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\snghucah.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tgtdperk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\uqvmlree.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\wjpifugf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\xjvwseja.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
    C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.21

    Checking Java version...

    Scan started at 18:38:29 10/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\iiijj.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    _________________________________
    Espérons que tu vas m'annoncer de bonnes nouvelles :ange: 

    A+
    cocosable

    11 Mai 2007 10:16:11

    Bonjour,

    Reposte un nouveau rapport HijackThis
    12 Mai 2007 04:24:34

    Bonjour Bob !

    Voici mon rapport HiJackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:22:29, on 11/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\ezSP_PxEngine.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
    O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
    O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    ________________

    A+
    cocosable
    12 Mai 2007 11:09:06

    Relance Vundofix

    - Ne clique pas sur Scan for a vundo"
    - Clique droit au milieux de la fenêtre
    - Clique sur Add more files ?
    - Copie/colle les fichiers ci-dessous ( un par case) :

    Citation :
    C:\WINDOWS\system32\pmkkk


    - Clique sur Add files
    - Ensuite clique sur Close Windows
    - Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    - Si l'outils demande un redémarrage, accepte
    - Poste le rapport Vundofix, ainsi qu'un nouveau log HijackThis
    13 Mai 2007 09:03:49

    OK, j'ai accompli toutes les étapes.
    Voici ce que dit VundoFix :

    __________________________
    VundoFix V6.3.21

    Checking Java version...

    Scan started at 17:56:43 03/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\iiijj.dll
    C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\urqpqrr.dll
    C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\ytgfsrhb.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\apmwrhku.dll
    C:\WINDOWS\system32\apmwrhku.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bcypafmk.ini
    C:\WINDOWS\system32\bcypafmk.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bhegaqkc.dll
    C:\WINDOWS\system32\bhegaqkc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\bydmstpl.dll
    C:\WINDOWS\system32\bydmstpl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cctnwtev.dll
    C:\WINDOWS\system32\cctnwtev.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\didruopq.dll
    C:\WINDOWS\system32\didruopq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dplkusvj.ini
    C:\WINDOWS\system32\dplkusvj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\eivbxpgf.dll
    C:\WINDOWS\system32\eivbxpgf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ekcfuhle.dll
    C:\WINDOWS\system32\ekcfuhle.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fjiupfub.dll
    C:\WINDOWS\system32\fjiupfub.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iohwmgrj.dll
    C:\WINDOWS\system32\iohwmgrj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak1
    C:\WINDOWS\system32\jjiii.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.bak2
    C:\WINDOWS\system32\jjiii.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini
    C:\WINDOWS\system32\jjiii.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.ini2
    C:\WINDOWS\system32\jjiii.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jjiii.tmp
    C:\WINDOWS\system32\jjiii.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jvsuklpd.dll
    C:\WINDOWS\system32\jvsuklpd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kbhcifox.dll
    C:\WINDOWS\system32\kbhcifox.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kmfapycb.dll
    C:\WINDOWS\system32\kmfapycb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lbrvwucn.dll
    C:\WINDOWS\system32\lbrvwucn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nchoglhs.dll
    C:\WINDOWS\system32\nchoglhs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ocsicvmh.dll
    C:\WINDOWS\system32\ocsicvmh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qhqlveiy.dll
    C:\WINDOWS\system32\qhqlveiy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtqxeute.dll
    C:\WINDOWS\system32\qtqxeute.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rkfscmbl.dll
    C:\WINDOWS\system32\rkfscmbl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rrksount.dll
    C:\WINDOWS\system32\rrksount.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rtvidbil.dll
    C:\WINDOWS\system32\rtvidbil.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skcqsxbv.dll
    C:\WINDOWS\system32\skcqsxbv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skmauvhp.dll
    C:\WINDOWS\system32\skmauvhp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\snghucah.dll
    C:\WINDOWS\system32\snghucah.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tdnfvjyk.dll
    C:\WINDOWS\system32\tdnfvjyk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tgtdperk.dll
    C:\WINDOWS\system32\tgtdperk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tlgjytcx.dll
    C:\WINDOWS\system32\tlgjytcx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ukhrwmpa.ini
    C:\WINDOWS\system32\ukhrwmpa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uqvmlree.dll
    C:\WINDOWS\system32\uqvmlree.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uvoxtswy.dll
    C:\WINDOWS\system32\uvoxtswy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vhmavlbn.dll
    C:\WINDOWS\system32\vhmavlbn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wjpifugf.dll
    C:\WINDOWS\system32\wjpifugf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjvwseja.dll
    C:\WINDOWS\system32\xjvwseja.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ytgfsrhb.dll
    C:\WINDOWS\system32\ytgfsrhb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.21

    Checking Java version...

    Scan started at 18:38:29 10/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\iiijj.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Beginning removal...

    Beginning removal...

    Beginning removal...

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.21

    Checking Java version...

    Scan started at 20:38:17 12/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\iiijj.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    __________________________________________
    Et HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:58:06, on 12/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\ezSP_PxEngine.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - C:\WINDOWS\system32\nhoniflp.dll (file missing)
    O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - C:\WINDOWS\system32\iiijj.dll (file missing)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\apmwrhku.dll",realset
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: iiijj - C:\WINDOWS\system32\iiijj.dll (file missing)
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
    O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    _________________________________

    C'est tout pour cette fois !
    La suite au prochaine épisode ;) 
    14 Mai 2007 14:20:01

    Bonjour,

    L'infection Vundo résiste :( 

    Télécharge VirtumundoBegone sur le bureau:

    http://secured2k.home.comcast.net/tools/VirtumundoBeGon...

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.

    Une fois terminé, redémarre ton PC et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
    15 Mai 2007 06:31:42

    Bonjour Bob,

    Je n'ai pas eu d'écran bleu comme prévu et j'ai l'impression que rien n'a été détecté. Bref, voici le rapport VBG :


    [05/14/2007, 18:21:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ordinateur\Bureau\VirtumundoBeGone.exe" )
    [05/14/2007, 18:21:35] - Detected System Information:
    [05/14/2007, 18:21:35] - Windows Version: 5.1.2600, Service Pack 2
    [05/14/2007, 18:21:35] - Current Username: Ordinateur (Admin)
    [05/14/2007, 18:21:35] - Windows is in NORMAL mode.
    [05/14/2007, 18:21:35] - Searching for Browser Helper Objects:
    [05/14/2007, 18:21:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
    [05/14/2007, 18:21:36] - BHO 2: {590CEACC-6120-43F5-8031-306EE9B991C3} ()
    [05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/14/2007, 18:21:36] - No filename found. Continuing.
    [05/14/2007, 18:21:36] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/14/2007, 18:21:36] - BHO 4: {97961D16-329B-4743-B0DA-AD645435D52a} ()
    [05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/14/2007, 18:21:36] - No filename found. Continuing.
    [05/14/2007, 18:21:36] - BHO 5: {EC782C05-509F-430B-9B99-301F9D999108} ()
    [05/14/2007, 18:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/14/2007, 18:21:36] - No filename found. Continuing.
    [05/14/2007, 18:21:36] - BHO 6: {F97DA966-F09D-4cab-BF29-75A0026986EA} (XBTP02634 Class)
    [05/14/2007, 18:21:36] - Finished Searching Browser Helper Objects
    [05/14/2007, 18:21:36] - Finishing up...
    [05/14/2007, 18:21:36] - Nothing found! Exiting...

    ___________________

    Et le rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:22:49, on 14/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\ezSP_PxEngine.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ScanSoft\OmniPageSE\OmniPage.exe
    C:\Documents and Settings\Ordinateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
    O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: iiijj - C:\WINDOWS\
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
    O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    ______________

    Bizarre tout ça :heink: 
    Merci quand-même :D 

    15 Mai 2007 09:21:00

    Bonjour,

    Refait un nouveau scan VundoFix.
    16 Mai 2007 06:36:52

    Bonjour Bob,

    Je n'ai pas de rapport à poster car VundoFix n'a rien trouvé. Est-ce que ça veut dire que ça a marché ? Si c'est le cas, c'est génial :wahoo: 
    Encore merci pour ton aide précieuse. Heureusement qu'on peut compter sur des gens comme toi :hello: 
    16 Mai 2007 08:39:26

    Bonjour,

    Reposte un nouveau rapport HijackThis.
    17 Mai 2007 06:36:01

    Bonjour Bob,

    Voilà ce que dit HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 18:32:47, on 16/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\System32\ezSP_PxEngine.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Utilitaires Anti-Virus\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
    O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
    O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
    O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
    O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {590CEACC-6120-43F5-8031-306EE9B991C3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {97961D16-329B-4743-B0DA-AD645435D52a} - (no file)
    O2 - BHO: (no name) - {EC782C05-509F-430B-9B99-301F9D999108} - (no file)
    O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_PxEngine.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: iiijj - C:\WINDOWS\
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: pmkkk - C:\WINDOWS\
    O20 - Winlogon Notify: urqpqrr - urqpqrr.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

    ________________
    Espérons que cette fois est la bonne !

    A+
    cocosable
    20 Mai 2007 06:28:19

    Bonsoir Bob,

    C'est fait ! Faut-il que je désinstalle AVG Anti-Spyware du coup ? Ca risque de faire doublon.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS