Infectée par trojan downloader

voilà

Logfile of HijackThis v1.99.1
Scan saved at 01:22:25, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerTV.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GUEVEL\Bureau\Vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DFDAA04-D717-47B6-821F-0E7D91007B0F} - C:\windows\system32\jkhhf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} - C:\windows\system32\pmnmjkk.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {A4F64D63-3576-4754-8DD5-4D0A49345FD5} - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: jkhhf - C:\windows\system32\jkhhf.dll
O20 - Winlogon Notify: pmnmjkk - C:\windows\SYSTEM32\pmnmjkk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

bonsoir,

les lignes 02 et 20 étaient toujours là j'ai donc suivi le post 39

voici tous les rapports
a+



"GUEVEL" - 07-02-07 21:01:15 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\GUEVEL
C:\qoobox\purity\DOCUME~1\GUEVEL\Application Data
C:\qoobox\purity\DOCUME~1\GUEVEL\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\GUEVEL\Application Data\YSTEM3~1
C:\qoobox\purity\WINDOWS\ASKS~1
C:\qoobox\purity\WINDOWS\FNTS~1
C:\qoobox\purity\WINDOWS\system32\ECURIT~1
C:\qoobox\purity\WINDOWS\system32\MCROSO~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


2007-02-07 17:19 118,804 --a------ C:\WINDOWS\system32\whefqcch.dll
2007-02-07 05:33 76,412 --a------ C:\WINDOWS\system32\bgxpcxow.dll
2007-02-06 13:20 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-06 05:33 76,412 --a------ C:\WINDOWS\system32\tcwleyec.dll
2007-02-05 22:06 <REP> d-------- C:\Downloads
2007-02-05 22:06 <REP> d-------- C:\Bases
2007-02-05 12:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-05 05:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-05 05:52 <REP> d-------- C:\Program Files\Grisoft
2007-02-05 01:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-05 01:01 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-02-05 01:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-05 01:00 <REP> d-------- C:\WINDOWS\Internet Logs
2007-02-04 16:27 <REP> d-------- C:\Program Files\Kerio
2007-02-03 16:32 3,648 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-03 15:26 <REP> d-------- C:\WINDOWS\Sun
2007-02-03 15:26 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Sun
2007-02-03 13:40 <REP> d-------- C:\Program Files\Yahoo!
2007-02-02 17:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Talkback
2007-02-02 14:19 94,720 --a------ C:\WINDOWS\system32\xaygtbc.dll
2007-02-02 14:13 <REP> d-------- C:\Program Files\a-squared Free
2007-02-02 12:38 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-02-02 12:38 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-02-02 12:38 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-02-02 02:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-02 02:20 95,232 --a------ C:\WINDOWS\system32\uguzrcf.dll
2007-02-01 19:51 277,234 --------- C:\WINDOWS\system32\jkhhf.dll
2007-02-01 19:45 22,591 --------- C:\WINDOWS\system32\pmnmjkk.dll
2007-02-01 13:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-01 13:14 <REP> d-------- C:\DOCUME~1\GUEVEL\Contacts
2007-02-01 13:12 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-02-01 13:11 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-01 12:13 95,232 --a------ C:\WINDOWS\system32\gaunhre.dll
2007-02-01 02:11 <REP> d-------- C:\DOCUME~1\GUEVEL\Mes documents
2007-01-31 23:51 <REP> d-------- C:\Program Files\PeDevice
2007-01-31 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-30 17:34 <REP> d-------- C:\Program Files\Java
2007-01-30 17:33 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-30 15:05 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\SecondLife
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\PlayFirst
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PlayFirst
2007-01-30 02:48 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-24 13:56 <REP> d-------- C:\Program Files\Real
2007-01-24 13:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-01-24 13:56 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Real
2007-01-24 13:28 <REP> d-------- C:\Program Files\MSN Apps
2007-01-22 22:26 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-01-19 15:43 <REP> d-------- C:\Program Files\MSXML 4.0
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 10:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-19 10:32 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-19 10:12 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Lavasoft
2007-01-19 01:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-18 17:26 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-18 17:20 3,757 --a------ C:\WINDOWS\mozver.dat
2007-01-18 17:20 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-18 16:53 <REP> d-------- C:\Program Files\Lavasoft
2007-01-18 14:29 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Google
2007-01-18 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-18 14:14 <REP> d-------- C:\Program Files\Google
2007-01-18 14:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-01-18 12:57 <REP> d---s---- C:\DOCUME~1\GUEVEL\UserData
2007-01-18 12:17 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-01-18 12:17 <REP> d-------- C:\Program Files\Free
2007-01-11 14:15 53,248 -ra------ C:\WINDOWS\system32\NeroCo.dll
2007-01-11 14:15 1,658,880 --------- C:\WINDOWS\UNNeroBurnRights.exe
2007-01-11 14:08 99,568 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2007-01-11 14:08 9,561 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2007-01-11 14:08 27,664 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2007-01-11 14:08 1,769,472 --------- C:\WINDOWS\NuNinst.exe
2007-01-11 14:08 <REP> d-------- C:\WINDOWS\InCD


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-06 01:08 -------- d---s---- C:\DOCUME~1\GUEVEL\Application Data\microsoft
2007-02-05 12:38 -------- d-------- C:\Program Files\avpersonal
2007-02-02 00:25 -------- d-------- C:\Program Files\ahead
2007-02-01 13:18 3665 --a------ C:\WINDOWS\urls.dat
2007-02-01 13:18 17896 --a------ C:\WINDOWS\htmlcode.dat
2007-01-31 12:10 -------- d--h----- C:\Program Files\installshield installation information
2007-01-31 12:10 -------- d-------- C:\Program Files\epson
2007-01-31 10:27 -------- d-------- C:\Program Files\quicktime
2007-01-28 11:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobeum
2007-01-20 01:56 48616 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-01-20 01:56 367658 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-01-19 15:46 -------- d-------- C:\Program Files\messenger
2007-01-19 01:30 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\mozilla
2007-01-18 15:20 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\macromedia
2007-01-18 12:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobe
2007-01-11 15:12 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\ahead
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\windows\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"regkeyname"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\windows\\system32\\NeroCheck.exe"
"AVGCtrl"="C:\\Program Files\\AVPersonal\\AVGNT.EXE /min"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"EPSON Stylus Photo RX420 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P31 \"EPSON Stylus Photo RX420 Series\" /O6 \"USB001\" /M \"Stylus Photo RX420\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AVSCHED32"="C:\\Program Files\\AVPersonal\\AVSCHED32.EXE /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"DllRunning"="rundll32.exe \"C:\\windows\\system32\\whefqcch.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjkk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6359eeb0-4e50-11db-82f0-001109630ca1}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4x3_LIEVIN_BIS.PDF


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-07 21:05:41









SmitFraudFix v2.140

Rapport fait à 21:06:59,37, 07/02/2007
Executé à partir de C:\Documents and Settings\GUEVEL\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\GUEVEL


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\GUEVEL\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GUEVEL\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin










Search Navipromo version 1.0.3 commencé le 07/02/2007 à 21:09:16,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Documents and Settings\GUEVEL\Bureau\navilog1
Mise a jour le 01.02.2007 a 21h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\windows ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\GUEVEL\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.

[+] Started on 02/07/07 at 21:09:20.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ........................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 02/07/07 at 21:12:34 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)



*** Analyse Terminé le 07/02/2007 à 21:14:26,28 ***










Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 07/02/2007 a 21:18:07,57

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\windows\

*** Recherche des fichiers dans C:\windows\system32
C:\windows\system32\mcrh.tmp FOUND
C:\windows\system32\SpoonUninstall.exe FOUND

"C:\Program Files\PeDevice\" FOUND
*** Fin du rapport !










---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 22:21:40 07/02/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{2C7AF1E4-B2BC-4175-A4AF-DF9EB1EDFECC}\RP330\A0117616.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{2C7AF1E4-B2BC-4175-A4AF-DF9EB1EDFECC}\RP330\A0117618.dll -> Adware.Virtumonde : Nettoyé.
C:\WINDOWS\system32\pmnmjkk.dll -> Adware.Virtumonde : Nettoyé.
:mozilla.39:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.40:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.42:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.43:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.44:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.145:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.164:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.58:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.8:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.122:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.123:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.131:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.132:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.133:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.134:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.9:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.62:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.124:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.125:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.126:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.7:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.15:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.105:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.106:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.107:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.108:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.71:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.109:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.110:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.111:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.112:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.118:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.119:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.61:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.11:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.12:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.13:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.53:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

salut

ben chez moi l'heure s'écrit 10111h100111 et ça s'énonce 23h39

voici les 2 rapports
à+

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 07/02/2007 a 23:35:59,89

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\windows\

*** Suppression des fichiers dans C:\windows\system32
tentative de suppression de C:\windows\system32\mcrh.tmp
tentative de suppression de C:\windows\system32\SpoonUninstall.exe

tentative de suppression de "C:\Program Files\PeDevice\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !




Logfile of HijackThis v1.99.1
Scan saved at 23:45:02, on 07/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerTV.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\GUEVEL\Bureau\Hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Salut

voici les 2 scans


VundoFix V6.3.5

Checking Java version...

Scan started at 00:51:04 08/02/2007

Listing files found while scanning....

C:\windows\system32\fhhkj.ini
C:\windows\system32\hccqfehw.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\pmnmjkk.dll
C:\windows\system32\whefqcch.dll

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\hccqfehw.ini
C:\windows\system32\hccqfehw.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Attempting to delete C:\windows\system32\whefqcch.dll
C:\windows\system32\whefqcch.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...





Logfile of HijackThis v1.99.1
Scan saved at 01:28:16, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerTV.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} - C:\windows\system32\pmnmjkk.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A5B13795-07A4-4DFF-8157-708B3BDF7DD2} - C:\windows\system32\jkhhf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: jkhhf - C:\windows\system32\jkhhf.dll
O20 - Winlogon Notify: pmnmjkk - C:\windows\SYSTEM32\pmnmjkk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

salut

voici les rapports

j'ai relancé combofix à la fin car je crois que vundofix n'arrive pas à venir à bout de C:\windows\system32\jkhhf.dll et C:\windows\system32\pmnmjkk.dl
je l'ai relancé +sieurs fois, j'ai essayé aussi en faisant add files mais rien y fait.
à+




Complete scanning result of "gaunhre.dll", received in VirusTotal at 02.08.2007, 13:10:34 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.34 02.08.2007 TR/Crypt.XPACK.Gen
Authentium 4.93.8 02.07.2007 Possibly a new variant of W32/new-malware!Maximus
Avast 4.7.936.0 02.07.2007 no virus found
AVG 386 02.07.2007 no virus found
BitDefender 7.2 02.08.2007 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 02.07.2007 no virus found
ClamAV devel-20060426 02.08.2007 no virus found
DrWeb 4.33 02.08.2007 Trojan.DownLoader.based
eSafe 7.0.14.0 02.08.2007 suspicious Trojan/Worm
eTrust-InoculateIT 30.4.3378 02.08.2007 no virus found
eTrust-Vet 30.4.3378 02.08.2007 no virus found
Ewido 4.0 02.07.2007 no virus found
Fortinet 2.85.0.0 02.08.2007 suspicious
F-Prot 4.2.1.29 02.07.2007 W32/new-malware!Maximus
F-Secure 6.70.13030.0 02.08.2007 W32/Malware
Ikarus T3.1.0.31 02.08.2007 Trojan-Downloader.Win32.Busky.gen
Kaspersky 4.0.2.24 02.08.2007 no virus found
McAfee 4958 02.07.2007 Downloader-AXI.gen
Microsoft 1.2101 02.08.2007 Trojan:Win32/Busky.gen
NOD32v2 2045 02.08.2007 a variant of Win32/TrojanDownloader.Busky.AZ
Norman 5.80.02 02.07.2007 W32/Malware
Panda 9.0.0.4 02.08.2007 Suspicious file
Prevx1 V2 02.08.2007 no virus found
Sophos 4.13.0 02.08.2007 no virus found
Sunbelt 2.2.907.0 02.02.2007 no virus found
Symantec 10 02.08.2007 Trojan.Busky
TheHacker 6.1.6.053 02.07.2007 no virus found
UNA 1.83 02.07.2007 no virus found
VBA32 3.11.2 02.07.2007 no virus found
VirusBuster 4.3.19:9 02.07.2007 Trojan.DL.Obfusc.Gen3

Aditional Information
File size: 95232 bytes
MD5: 840e31a35bb9d69227a3e56d73c3a180
SHA1: a84b73cd1ac64ef2d4a4f1328482c7d5e881368c
packers: UPX
packers: UPX
packers: UPX, embedded
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 95232 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWSSYSTEM32gaunhre.dll.
* Creates file C:WINDOWSSYSTEM32 qgrrwk.dll.

[ Changes to registry ]
* Creates key "HKLMSoftwareAdwareDisableKey4".
* Sets value "default"="1166912096" in key "HKLMSoftwareAdwareDisableKey4".
* Creates key "HKCUSoftwareAdwareDisableKey4".
* Sets value "default"="1166912096" in key "HKCUSoftwareAdwareDisableKey4".
* Deletes value "e7d22331.exe" in key "HKCUSoftwareMicrosoftWindowsCurrentVersionRun".
* Deletes value "e7d22331.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
* Creates value "gaunhre.dll"="C:WINDOWS undll32.exe C:WINDOWSSYSTEM32gaunhre.dll,gshxpzc" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".
* Creates key "HKCRCLSID{33D72701-74C4-8352-1C1F-00B72AF60CDD}InprocServer32".
* Sets value "default"="C:WINDOWSSYSTEM32 qgrrwk.dll" in key "HKCRCLSID{33D72701-74C4-8352-1C1F-00B72AF60CDD}InprocServer32".
* Sets value "ThreadingModel"="Apartment" in key "HKCRCLSID{33D72701-74C4-8352-1C1F-00B72AF60CDD}InprocServer32".

[ Process/window information ]
* Creates a mutex a4d22331.
* Enumerates running processes.
* Will automatically restart after boot (I'll be back...).









VundoFix V6.3.5

Checking Java version...

Scan started at 13:36:09 08/02/2007

Listing files found while scanning....

C:\windows\system32\fhhkj.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\pmnmjkk.dll

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...









Logfile of HijackThis v1.99.1
Scan saved at 14:00:55, on 08/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} - C:\windows\system32\pmnmjkk.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A691EB64-4E4C-459A-B644-BF428E54624A} - C:\windows\system32\jkhhf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: jkhhf - C:\windows\system32\jkhhf.dll
O20 - Winlogon Notify: pmnmjkk - C:\windows\SYSTEM32\pmnmjkk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe










"GUEVEL" - 07-02-08 14:02:03 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\GUEVEL\Bureau"

((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-08 00:51 <REP> d-------- C:\VundoFix Backups
2007-02-07 21:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-06 13:20 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-06 05:33 76,412 --a------ C:\WINDOWS\system32\tcwleyec.dll
2007-02-05 22:06 <REP> d-------- C:\Downloads
2007-02-05 22:06 <REP> d-------- C:\Bases
2007-02-05 05:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-05 05:52 <REP> d-------- C:\Program Files\Grisoft
2007-02-05 01:02 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-05 01:01 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-02-05 01:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-05 01:00 <REP> d-------- C:\WINDOWS\Internet Logs
2007-02-04 16:27 <REP> d-------- C:\Program Files\Kerio
2007-02-03 16:32 3,094 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-03 15:26 <REP> d-------- C:\WINDOWS\Sun
2007-02-03 15:26 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Sun
2007-02-03 13:40 <REP> d-------- C:\Program Files\Yahoo!
2007-02-02 17:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Talkback
2007-02-02 14:19 94,720 --a------ C:\WINDOWS\system32\xaygtbc.dll
2007-02-02 14:13 <REP> d-------- C:\Program Files\a-squared Free
2007-02-02 12:38 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-02-02 12:38 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-02-02 12:38 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-02-02 02:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-02 02:20 95,232 --a------ C:\WINDOWS\system32\uguzrcf.dll
2007-02-01 19:51 277,234 --------- C:\WINDOWS\system32\jkhhf.dll
2007-02-01 19:45 22,591 --------- C:\WINDOWS\system32\pmnmjkk.dll
2007-02-01 13:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-01 13:14 <REP> d-------- C:\DOCUME~1\GUEVEL\Contacts
2007-02-01 13:12 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-02-01 13:11 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-01 12:13 95,232 --a------ C:\WINDOWS\system32\gaunhre.dll
2007-02-01 02:11 <REP> d-------- C:\DOCUME~1\GUEVEL\Mes documents
2007-01-31 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-30 17:34 <REP> d-------- C:\Program Files\Java
2007-01-30 17:33 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-30 15:05 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\SecondLife
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\PlayFirst
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PlayFirst
2007-01-30 02:48 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-24 13:56 <REP> d-------- C:\Program Files\Real
2007-01-24 13:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-01-24 13:56 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Real
2007-01-24 13:28 <REP> d-------- C:\Program Files\MSN Apps
2007-01-22 22:26 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-01-19 15:43 <REP> d-------- C:\Program Files\MSXML 4.0
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 10:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-19 10:32 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-19 10:12 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Lavasoft
2007-01-19 01:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-18 17:26 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-18 17:20 3,757 --a------ C:\WINDOWS\mozver.dat
2007-01-18 17:20 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-18 16:53 <REP> d-------- C:\Program Files\Lavasoft
2007-01-18 14:29 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Google
2007-01-18 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-18 14:14 <REP> d-------- C:\Program Files\Google
2007-01-18 14:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-01-18 12:57 <REP> d---s---- C:\DOCUME~1\GUEVEL\UserData
2007-01-18 12:17 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-01-18 12:17 <REP> d-------- C:\Program Files\Free
2007-01-11 14:15 53,248 -ra------ C:\WINDOWS\system32\NeroCo.dll
2007-01-11 14:15 1,658,880 --------- C:\WINDOWS\UNNeroBurnRights.exe
2007-01-11 14:08 99,568 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2007-01-11 14:08 9,561 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2007-01-11 14:08 27,664 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2007-01-11 14:08 1,769,472 --------- C:\WINDOWS\NuNinst.exe
2007-01-11 14:08 <REP> d-------- C:\WINDOWS\InCD


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 09:41 -------- d-------- C:\Program Files\avpersonal
2007-02-06 01:08 -------- d---s---- C:\DOCUME~1\GUEVEL\Application Data\microsoft
2007-02-02 00:25 -------- d-------- C:\Program Files\ahead
2007-02-01 13:18 3665 --a------ C:\WINDOWS\urls.dat
2007-02-01 13:18 17896 --a------ C:\WINDOWS\htmlcode.dat
2007-01-31 12:10 -------- d--h----- C:\Program Files\installshield installation information
2007-01-31 12:10 -------- d-------- C:\Program Files\epson
2007-01-31 10:27 -------- d-------- C:\Program Files\quicktime
2007-01-28 11:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobeum
2007-01-20 01:56 48616 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-01-20 01:56 367658 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-01-19 15:46 -------- d-------- C:\Program Files\messenger
2007-01-19 01:30 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\mozilla
2007-01-18 15:20 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\macromedia
2007-01-18 12:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobe
2007-01-11 15:12 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\ahead
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\windows\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"regkeyname"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\windows\\system32\\NeroCheck.exe"
"AVGCtrl"="C:\\Program Files\\AVPersonal\\AVGNT.EXE /min"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"EPSON Stylus Photo RX420 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P31 \"EPSON Stylus Photo RX420 Series\" /O6 \"USB001\" /M \"Stylus Photo RX420\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AVSCHED32"="C:\\Program Files\\AVPersonal\\AVSCHED32.EXE /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjkk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6359eeb0-4e50-11db-82f0-001109630ca1}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4x3_LIEVIN_BIS.PDF


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-08 14:09:47
C:\ComboFix2.txt ... 07-02-07 21:05

salut,

explorateur windows a trouvé
C:\WINDOWS\system32\xaygtbc.dll
C:\WINDOWS\system32\uguzrcf.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\gaunhre.dll

Sinon Vundofix me fait la même chose à chaque fois :
je lance le scan et il affiche
C:\Program files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\aiqsjwtf.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\fhhf.dll

après je fais remove vundo, l'ordi redémarre
vundo affiche
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\fhhf.dll

je refais remove vundo, l'ordi s'éteind et redémarre encore et vundo n'affiche plus rien dans la case blanche
je fais donc remove vundo et il m'explique qu'il n'y a plus rien et qu'il va s'arrêter. Le bureau s'affiche, je relance vundofix, puis scan for vundo et il m'affiche la même chose :
C:\Program files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\aiqsjwtf.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\fhhf.dll
dc ça redémarre etc etc

voilà...


VundoFix V6.3.5

Checking Java version...

Scan started at 13:49:42 08/02/2007

Listing files found while scanning....

C:\windows\system32\fhhkj.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\pmnmjkk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gaunhre.dll
C:\WINDOWS\system32\gaunhre.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\pmnmjkk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uguzrcf.dll
C:\WINDOWS\system32\uguzrcf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xaygtbc.dll
C:\WINDOWS\system32\xaygtbc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\pmnmjkk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmnmjkk.dll
C:\WINDOWS\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.3.5

Checking Java version...

Scan started at 18:00:42 08/02/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\windows\system32\aiqsjwtf.dll
C:\windows\system32\fhhkj.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\lshbritb.exe
C:\windows\system32\oxvvhpqq.ini
C:\windows\system32\pmnmjkk.dll
C:\windows\system32\qqphvvxo.dll

Beginning removal...

Attempting to delete C:\windows\system32\aiqsjwtf.dll
C:\windows\system32\aiqsjwtf.dll Has been deleted!

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\lshbritb.exe
C:\windows\system32\lshbritb.exe Has been deleted!

Attempting to delete C:\windows\system32\oxvvhpqq.ini
C:\windows\system32\oxvvhpqq.ini Has been deleted!

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Attempting to delete C:\windows\system32\qqphvvxo.dll
C:\windows\system32\qqphvvxo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

bonjour,

j'ai "vundofixé" plusieurs fois, mais c toujours la même chose.
Il ne vient pas à bout de ces dossiers
C:\windows\system32\fhhkj.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\pmnmjkk.dll

Il ne les détruit jamais (par contre en ce qui concerne ma patience, il a réussi...)

donc je te mets juste la fin du rapports car c la même chose sur plusieurs pages :

à+

VundoFix V6.3.5

Checking Java version...

Scan started at 14:16:14 09/02/2007

Listing files found while scanning....

C:\windows\system32\aiqsjwtf.dll
C:\windows\system32\fhhkj.ini
C:\windows\system32\jkhhf.dll
C:\windows\system32\pmnmjkk.dll

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fhhkj.ini
C:\windows\system32\fhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\jkhhf.dll
C:\windows\system32\jkhhf.dll Could not be deleted.

Attempting to delete C:\windows\system32\pmnmjkk.dll
C:\windows\system32\pmnmjkk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Bonjour,

voici tous les rapports
à+



[02/10/2007, 13:25:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\GUEVEL\Bureau\VirtumundoBeGone.exe" )
[02/10/2007, 13:25:24] - Detected System Information:
[02/10/2007, 13:25:24] - Windows Version: 5.1.2600, Service Pack 2
[02/10/2007, 13:25:24] - Current Username: GUEVEL (Admin)
[02/10/2007, 13:25:24] - Windows is in NORMAL mode.
[02/10/2007, 13:25:24] - Searching for Browser Helper Objects:
[02/10/2007, 13:25:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 13:25:24] - BHO 2: {233E2BC1-76EA-40DA-B200-571545F46404} ()
[02/10/2007, 13:25:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:24] - Checking for HKLM\...\Winlogon\Notify\jkhhf
[02/10/2007, 13:25:24] - Found: HKLM\...\Winlogon\Notify\jkhhf - This is probably Virtumundo.
[02/10/2007, 13:25:24] - Assigning {233E2BC1-76EA-40DA-B200-571545F46404} MSEvents Object
[02/10/2007, 13:25:24] - BHO list has been changed! Starting over...
[02/10/2007, 13:25:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 13:25:24] - BHO 2: {233E2BC1-76EA-40DA-B200-571545F46404} (MSEvents Object)
[02/10/2007, 13:25:24] - ALERT: Found MSEvents Object!
[02/10/2007, 13:25:24] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 13:25:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 13:25:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 13:25:24] - BHO 4: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 13:25:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:24] - Checking for HKLM\...\Winlogon\Notify\aiqsjwtf
[02/10/2007, 13:25:24] - Key not found: HKLM\...\Winlogon\Notify\aiqsjwtf, continuing.
[02/10/2007, 13:25:25] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 13:25:25] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 13:25:25] - BHO 7: {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} ()
[02/10/2007, 13:25:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:25] - Checking for HKLM\...\Winlogon\Notify\pmnmjkk
[02/10/2007, 13:25:25] - Found: HKLM\...\Winlogon\Notify\pmnmjkk - This is probably Virtumundo.
[02/10/2007, 13:25:25] - Assigning {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} MSEvents Object
[02/10/2007, 13:25:25] - BHO list has been changed! Starting over...
[02/10/2007, 13:25:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 13:25:25] - BHO 2: {233E2BC1-76EA-40DA-B200-571545F46404} (MSEvents Object)
[02/10/2007, 13:25:25] - ALERT: Found MSEvents Object!
[02/10/2007, 13:25:25] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 13:25:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:25] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 13:25:25] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 13:25:25] - BHO 4: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 13:25:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:25] - Checking for HKLM\...\Winlogon\Notify\aiqsjwtf
[02/10/2007, 13:25:25] - Key not found: HKLM\...\Winlogon\Notify\aiqsjwtf, continuing.
[02/10/2007, 13:25:25] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 13:25:25] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 13:25:25] - BHO 7: {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} (MSEvents Object)
[02/10/2007, 13:25:25] - ALERT: Found MSEvents Object!
[02/10/2007, 13:25:25] - BHO 8: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/10/2007, 13:25:25] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 13:25:25] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/10/2007, 13:25:25] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[02/10/2007, 13:25:25] - Finished Searching Browser Helper Objects
[02/10/2007, 13:25:25] - *** Detected MSEvents Object
[02/10/2007, 13:25:25] - Trying to remove MSEvents Object...
[02/10/2007, 13:25:26] - Terminating Process: IEXPLORE.EXE
[02/10/2007, 13:25:27] - Terminating Process: RUNDLL32.EXE
[02/10/2007, 13:25:27] - Disabling Automatic Shell Restart
[02/10/2007, 13:25:27] - Terminating Process: EXPLORER.EXE
[02/10/2007, 13:25:27] - Suspending the NT Session Manager System Service
[02/10/2007, 13:25:27] - Terminating Windows NT Logon/Logoff Manager
[02/10/2007, 13:25:28] - Re-enabling Automatic Shell Restart
[02/10/2007, 13:25:28] - File to disable: C:\windows\system32\jkhhf.dll
[02/10/2007, 13:25:28] - Renaming C:\windows\system32\jkhhf.dll -> C:\windows\system32\jkhhf.dll.vir
[02/10/2007, 13:25:28] - File successfully renamed!
[02/10/2007, 13:25:28] - Removing HKLM\...\Browser Helper Objects\{233E2BC1-76EA-40DA-B200-571545F46404}
[02/10/2007, 13:25:28] - Removing HKCR\CLSID\{233E2BC1-76EA-40DA-B200-571545F46404}
[02/10/2007, 13:25:28] - Adding Kill Bit for ActiveX for GUID: {233E2BC1-76EA-40DA-B200-571545F46404}
[02/10/2007, 13:25:28] - Deleting ATLEvents/MSEvents Registry entries
[02/10/2007, 13:25:28] - Removing HKLM\...\Winlogon\Notify\jkhhf
[02/10/2007, 13:25:28] - Searching for Browser Helper Objects:
[02/10/2007, 13:25:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 13:25:28] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 13:25:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:28] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 13:25:28] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 13:25:29] - BHO 3: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 13:25:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:29] - Checking for HKLM\...\Winlogon\Notify\aiqsjwtf
[02/10/2007, 13:25:29] - Key not found: HKLM\...\Winlogon\Notify\aiqsjwtf, continuing.
[02/10/2007, 13:25:29] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 13:25:29] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 13:25:29] - BHO 6: {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} (MSEvents Object)
[02/10/2007, 13:25:29] - ALERT: Found MSEvents Object!
[02/10/2007, 13:25:29] - BHO 7: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/10/2007, 13:25:29] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 13:25:29] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/10/2007, 13:25:29] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[02/10/2007, 13:25:29] - Finished Searching Browser Helper Objects
[02/10/2007, 13:25:29] - *** Detected MSEvents Object
[02/10/2007, 13:25:29] - Trying to remove MSEvents Object...
[02/10/2007, 13:25:30] - Terminating Process: IEXPLORE.EXE
[02/10/2007, 13:25:30] - Terminating Process: RUNDLL32.EXE
[02/10/2007, 13:25:30] - Disabling Automatic Shell Restart
[02/10/2007, 13:25:31] - Terminating Process: EXPLORER.EXE
[02/10/2007, 13:25:31] - Suspending the NT Session Manager System Service
[02/10/2007, 13:25:31] - Terminating Windows NT Logon/Logoff Manager
[02/10/2007, 13:25:31] - Re-enabling Automatic Shell Restart
[02/10/2007, 13:25:31] - File to disable: C:\windows\system32\pmnmjkk.dll
[02/10/2007, 13:25:31] - Renaming C:\windows\system32\pmnmjkk.dll -> C:\windows\system32\pmnmjkk.dll.vir
[02/10/2007, 13:25:31] - File successfully renamed!
[02/10/2007, 13:25:31] - Removing HKLM\...\Browser Helper Objects\{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}
[02/10/2007, 13:25:31] - Removing HKCR\CLSID\{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}
[02/10/2007, 13:25:31] - Adding Kill Bit for ActiveX for GUID: {90382AD7-4298-47E0-BC0F-14ACCFF44D2C}
[02/10/2007, 13:25:31] - Deleting ATLEvents/MSEvents Registry entries
[02/10/2007, 13:25:31] - Removing HKLM\...\Winlogon\Notify\pmnmjkk
[02/10/2007, 13:25:32] - Searching for Browser Helper Objects:
[02/10/2007, 13:25:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/10/2007, 13:25:32] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[02/10/2007, 13:25:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[02/10/2007, 13:25:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[02/10/2007, 13:25:32] - BHO 3: {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} ()
[02/10/2007, 13:25:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2007, 13:25:32] - Checking for HKLM\...\Winlogon\Notify\aiqsjwtf
[02/10/2007, 13:25:32] - Key not found: HKLM\...\Winlogon\Notify\aiqsjwtf, continuing.
[02/10/2007, 13:25:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2007, 13:25:32] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/10/2007, 13:25:32] - BHO 6: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[02/10/2007, 13:25:32] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2007, 13:25:32] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[02/10/2007, 13:25:32] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[02/10/2007, 13:25:32] - Finished Searching Browser Helper Objects
[02/10/2007, 13:25:32] - Finishing up...
[02/10/2007, 13:25:32] - A restart is needed.
[02/10/2007, 13:25:35] - Attempting to Restart via STOP error (Blue Screen!)




Logfile of HijackThis v1.99.1
Scan saved at 13:29:19, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\windows\system32\aiqsjwtf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\windows\system32\sacxdvuq.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe






BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 13:52:46, on 10/02/2007

Failed: DllUnregister C:\windows\system32\whefqcch.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\bgxpcxow.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\tcwleyec.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\xaygtbc.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\uguzrcf.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\pmnmjkk.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\jkhhf.dll|1 (file not found)
Failed: DllUnregister C:\windows\system32\gaunhre.dll|1 (file not found)
Failed: FileDelete C:\DOCUME~1\GUEVEL\LOCALS~1\Temp\~DF1434.tmp (operation failed)
Script completed.






Logfile of HijackThis v1.99.1
Scan saved at 13:58:03, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\windows\system32\aiqsjwtf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\windows\system32\sacxdvuq.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

salut,

avec la recherche mon ordi a trouvé:
C:\VundoFixBackups\jkhhf.dll.bad
C:\VundoFixBackups\jkhhf.dll.bad
C:\WINDOWS\system32\jkhhf.dll.vir
C:\WINDOWS\system32\pmnmjkk.dll.vir

et voici les rapports combo et hijack :
à+

"GUEVEL" - 07-02-10 15:04:32 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\GUEVEL\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\GUEVEL\Application Data\SearchToolbarCorp


((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))


2007-02-10 13:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-02-10 13:31 <REP> d-------- C:\BFU
2007-02-10 11:20 118,804 --a------ C:\WINDOWS\system32\sacxdvuq.dll
2007-02-08 00:51 <REP> d-------- C:\VundoFix Backups
2007-02-07 21:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-06 13:20 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-05 22:06 <REP> d-------- C:\Downloads
2007-02-05 22:06 <REP> d-------- C:\Bases
2007-02-05 05:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-05 05:52 <REP> d-------- C:\Program Files\Grisoft
2007-02-05 01:01 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-02-05 01:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-02-05 01:00 <REP> d-------- C:\WINDOWS\Internet Logs
2007-02-04 16:27 <REP> d-------- C:\Program Files\Kerio
2007-02-03 16:32 3,094 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-03 15:26 <REP> d-------- C:\WINDOWS\Sun
2007-02-03 15:26 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Sun
2007-02-03 13:40 <REP> d-------- C:\Program Files\Yahoo!
2007-02-02 17:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Talkback
2007-02-02 14:13 <REP> d-------- C:\Program Files\a-squared Free
2007-02-02 12:38 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-02-02 12:38 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2007-02-02 12:38 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-02-02 02:22 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-01 19:51 277,234 --a------ C:\WINDOWS\system32\jkhhf.dll.vir
2007-02-01 19:45 22,591 --a------ C:\WINDOWS\system32\pmnmjkk.dll.vir
2007-02-01 13:48 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-01 13:14 <REP> d-------- C:\DOCUME~1\GUEVEL\Contacts
2007-02-01 13:12 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-02-01 13:11 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-01 02:11 <REP> d-------- C:\DOCUME~1\GUEVEL\Mes documents
2007-01-31 13:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-30 17:34 <REP> d-------- C:\Program Files\Java
2007-01-30 17:33 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-01-30 15:05 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\SecondLife
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\PlayFirst
2007-01-30 12:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PlayFirst
2007-01-30 02:48 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-01-24 13:56 <REP> d-------- C:\Program Files\Real
2007-01-24 13:56 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-01-24 13:56 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Real
2007-01-24 13:28 <REP> d-------- C:\Program Files\MSN Apps
2007-01-22 22:26 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-01-19 15:43 <REP> d-------- C:\Program Files\MSXML 4.0
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 10:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-19 10:32 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-01-19 10:12 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Lavasoft
2007-01-19 01:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-18 17:26 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-18 17:20 3,757 --a------ C:\WINDOWS\mozver.dat
2007-01-18 17:20 <REP> d-------- C:\Program Files\Mozilla Firefox
2007-01-18 16:53 <REP> d-------- C:\Program Files\Lavasoft
2007-01-18 14:29 <REP> d-------- C:\DOCUME~1\GUEVEL\Application Data\Google
2007-01-18 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-18 14:14 <REP> d-------- C:\Program Files\Google
2007-01-18 14:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-01-18 12:57 <REP> d---s---- C:\DOCUME~1\GUEVEL\UserData
2007-01-18 12:17 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-01-18 12:17 <REP> d-------- C:\Program Files\Free
2007-01-11 14:15 53,248 -ra------ C:\WINDOWS\system32\NeroCo.dll
2007-01-11 14:15 1,658,880 --------- C:\WINDOWS\UNNeroBurnRights.exe
2007-01-11 14:08 99,568 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2007-01-11 14:08 9,561 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2007-01-11 14:08 27,664 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2007-01-11 14:08 1,769,472 --------- C:\WINDOWS\NuNinst.exe
2007-01-11 14:08 <REP> d-------- C:\WINDOWS\InCD


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 09:41 -------- d-------- C:\Program Files\avpersonal
2007-02-06 01:08 -------- d---s---- C:\DOCUME~1\GUEVEL\Application Data\microsoft
2007-02-02 00:25 -------- d-------- C:\Program Files\ahead
2007-02-01 13:18 3665 --a------ C:\WINDOWS\urls.dat
2007-02-01 13:18 17896 --a------ C:\WINDOWS\htmlcode.dat
2007-01-31 12:10 -------- d--h----- C:\Program Files\installshield installation information
2007-01-31 12:10 -------- d-------- C:\Program Files\epson
2007-01-31 10:27 -------- d-------- C:\Program Files\quicktime
2007-01-28 11:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobeum
2007-01-20 01:56 48616 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-01-20 01:56 367658 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-01-19 15:46 -------- d-------- C:\Program Files\messenger
2007-01-19 01:30 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\mozilla
2007-01-18 15:20 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\macromedia
2007-01-18 12:26 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\adobe
2007-01-11 15:12 -------- d-------- C:\DOCUME~1\GUEVEL\Application Data\ahead
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\windows\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"regkeyname"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\windows\\system32\\NeroCheck.exe"
"AVGCtrl"="C:\\Program Files\\AVPersonal\\AVGNT.EXE /min"
"iKeyWorks"="C:\\PROGRA~1\\A4Tech\\Keyboard\\Ikeymain.exe"
"EPSON Stylus Photo RX420 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P31 \"EPSON Stylus Photo RX420 Series\" /O6 \"USB001\" /M \"Stylus Photo RX420\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"AVSCHED32"="C:\\Program Files\\AVPersonal\\AVSCHED32.EXE /min"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"DllRunning"="rundll32.exe \"C:\\windows\\system32\\sacxdvuq.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6359eeb0-4e50-11db-82f0-001109630ca1}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 4x3_LIEVIN_BIS.PDF


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-10 15:06:41






Logfile of HijackThis v1.99.1
Scan saved at 15:07:01, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\windows\system32\aiqsjwtf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\windows\system32\sacxdvuq.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Salut,

voici les 2 rapports que tu voulais
à+


Complete scanning result of "sacxdvuq.dll_", received in VirusTotal at 02.10.2007, 17:54:09 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.09.2007 ADSPY/Virtumonde.FT
Authentium 4.93.8 02.09.2007 no virus found
Avast 4.7.936.0 02.10.2007 Win32:Adware-gen.
AVG 386 02.09.2007 Adware Generic.SKU
BitDefender 7.2 02.10.2007 Trojan.Virtumod.EB
CAT-QuickHeal 9.00 02.09.2007 AdWare.Virtumonde.ft (Not a Virus)
ClamAV devel-20060426 02.10.2007 no virus found
DrWeb 4.33 02.10.2007 Trojan.Virtumod
eSafe 7.0.14.0 02.09.2007 no virus found
eTrust-Vet 30.4.3384 02.10.2007 Win32/Vundo.BY
Ewido 4.0 02.10.2007 no virus found
Fortinet 2.85.0.0 02.10.2007 suspicious
F-Prot 4.2.1.29 02.09.2007 no virus found
F-Secure 6.70.13030.0 02.10.2007 no virus found
Ikarus T3.1.0.31 02.10.2007 not-a-virus:AdWare.Win32.Virtumonde.ft
Kaspersky 4.0.2.24 02.10.2007 not-a-virus:AdWare.Win32.Virtumonde.ft
McAfee 4960 02.09.2007 Vundo.dll
Microsoft 1.2204 02.10.2007 no virus found
NOD32v2 2050 02.10.2007 Win32/Adware.Virtumonde.FT
Norman 5.80.02 02.09.2007 W32/Virtumonde.TM
Panda 9.0.0.4 02.10.2007 Spyware/Virtumonde
Prevx1 V2 02.10.2007 no virus found
Sophos 4.13.0 02.08.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 VIPRE.Suspicious
Symantec 10 02.10.2007 Trojan.Vundo
TheHacker 6.1.6.055 02.09.2007 Adware/Virtumonde.ft
UNA 1.83 02.09.2007 Adware.Virtumonde.E6F3
VBA32 3.11.2 02.09.2007 Adware.Virtumonde
VirusBuster 4.3.19:9 02.10.2007 Adware.Virtumonde.BL

Aditional Information
File size: 118804 bytes
MD5: 0767a8d5ac036425d43e74f29847cc7e
SHA1: fc951a74a7e8a5239ada35b628dce98531f3937f
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.







AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:43:08 10/02/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{2C7AF1E4-B2BC-4175-A4AF-DF9EB1EDFECC}\RP331\A0118294.dll -> Adware.Virtumonde : Nettoyé.
C:\WINDOWS\system32\pmnmjkk.dll.vir -> Adware.Virtumonde : Nettoyé.
:mozilla.14:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.17:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.18:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.38:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.205:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.206:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.43:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.44:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.45:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.46:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.180:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.181:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.31:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.207:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.117:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.118:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.119:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.77:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.74:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.115:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.116:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.54:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.55:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.56:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.57:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.198:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.146:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.147:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.148:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyé.
:mozilla.19:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.20:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.21:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.22:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.23:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.24:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.32:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.33:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.168:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.72:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.73:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.122:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.123:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.124:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.178:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\GUEVEL\Cookies\guevel@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.172:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.173:C:\Documents and Settings\GUEVEL\Application Data\Mozilla\Firefox\Profiles\l4lfh3h0.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

bonjour,

voici les rapports vundofix et hijack
à+

C:\windows\system32\aiqsjwtf.dll
C:\windows\system32\quvdxcas.ini
C:\windows\system32\sacxdvuq.dll

Beginning removal...

Attempting to delete C:\windows\system32\quvdxcas.ini
C:\windows\system32\quvdxcas.ini Has been deleted!

Attempting to delete C:\windows\system32\sacxdvuq.dll
C:\windows\system32\sacxdvuq.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\sacxdvuq.dll
C:\windows\system32\sacxdvuq.dll Has been deleted!

Performing Repairs to the registry.
Done!







Logfile of HijackThis v1.99.1
Scan saved at 15:35:08, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\windows\system32\aiqsjwtf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

salut

voici le log
à+

Logfile of HijackThis v1.99.1
Scan saved at 17:32:21, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\AVPersonal\AVSCHED32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVerTV Hybrid + FM PCI\AVerTV.exe
C:\Documents and Settings\GUEVEL\Bureau\vundoscan.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.microsoft.com/en-us/windows?type=Hardware&category=MP3%20%26%20Media%20Players&subcategory=Other%20Media%20Players
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Kodak software updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV Hybrid + FM PCI\AVerQT.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Salut,

l'ordi se porte bien.
et bien il ne me reste plus qu'à te remercier pour ta gentillesse, ta patience ...et ton génie.

à+

Bonjour,

merci pour le compliment mais je vais continuer à croire que tu as eu un rôle primordial ds la résolution de cette histoire.
et merci encore

voici le rapport AVG
sinon adware et spybot n'ont rien trouvé

à+




AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:07:59 13/02/2007

+ Résultat de l'analyse:



C:\VundoFix Backups\qqphvvxo.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\sacxdvuq.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

Salut
voilà qui est fait
merci beaucoup pour ton aide et à bientot