Win 32:Agent-HOP Wrm

Question

Bonjour je me demandais si quelqu'un pourrait maider a trouver une solution a ce probleme de plus en plus nuisible sa fait deja un moment que je lai je croyais men etre debarassé et il est réapparu (Win 32:Agent-HOP Wrm) il occasionne un paquet de probleme sur mon ordinateur alors si vous pourriez maider le plus vite possible se serait plus qu'apprécié

Rudy

p.s. en ce moment jai avast mais je conte changer pour McAfee est ce que vous croyez que je devrais (il m'est offert gratuitement par le Cégep)

philae83 · Answer

bonsoir,

commence par :

* Télécharge  HijackThis  et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image (merci balltrap)
demo hijackenregistrement http://perso.orange.fr/rginformatique/section%20virus/Hijenr.gif
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

et

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

------

* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download

* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

puis

Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Poste le.

Rudy2k5 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 21:05:15, on 2007-09-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\vhmjydfi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.meteomedia.com/ca/meteo/quebec/granby
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32	mp32.tmp.dll
O2 - BHO: (no name) - {5D8FA654-B27C-4E7F-B2F3-B913DAA78E0F} - C:\WINDOWS\system32\ssttq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\awtsqpo.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsqpo - C:\WINDOWS\SYSTEM32\awtsqpo.dll
O20 - Winlogon Notify: ieakdlv - C:\WINDOWS\SYSTEM32\ieakdlv.dll
O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService -   - C:\WINDOWS\system32\vhmjydfi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe



voici le rapport d'Hijackthis

Rudy2k5 · Answer

il est inscrit un petit qqch a propos de Ccleaner et jme pose des question 

"A signaler enfin que CCleaner permet également de supprimer les documents récents et les fichiers temporaires de nombreuses applications : Opera, Lecteur Windows Media, eMule, Kazaa, Google Toolbar, Netscape, Microsoft Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip, etc."

sa veut tu dire que je pourrais perdre des fichier que jaurais intentionellement downloader comme par exemple musique ou film ??



p.s. saurais tu si je devrais mettre Mc afee a place de Avast ???

philae83 · Answer

Bonsoir, et désolée pour le retard

"A signaler enfin que CCleaner permet également de supprimer les documents récents et les fichiers temporaires de nombreuses applications : Opera, Lecteur Windows Media, eMule, Kazaa, Google Toolbar, Netscape, Microsoft Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip, etc."

sa veut tu dire que je pourrais perdre des fichier que jaurais intentionellement downloader comme par exemple musique ou film ?? 

uniquement si tu les as mis dans les fichiers temporaires

p.s. saurais tu si je devrais mettre Mc afee a place de Avast ???



oui bien sûr que tu peux, McAfee est un bon antivirus et payant, si on te l'offre pourquoi pas.


pour ton infection, on continue

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau

http://www.atribune.org/ccount/click.php?id=4

 * Double-clique VundoFix.exe afin de le lancer

* Clique sur le bouton Scan for Vundo

* Lorsque le scan est complété, clique sur le bouton Remove Vundo

* Une invite te demandera si tu veux supprimer les fichiers, clique YES

* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

 
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

philae83 · Answer

bonjour,

ok mais dit moi si je dois commencer par les etape de ton premier message avant dembarquer sur Vundofix ou je dois commencer par Vundofix ???

non tu fais dans l'ordre stp.


et pour se qui est c CCleaner est ce que je dois coché TOUTES les case dans (Windows) et dans (application)

tu le laisses en l'état une fois que tu l'as téléchargé et installé, tu lances simplement le nettoyage uniquement le nettoyage



p.s. historique des saisie automatique nest surement pas obligatoire !?!?!?!?!? 

je n'ai pas compris

philae83 · Answer

bonjour,

* Fait un scan antivirus en ligne ICI
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

philae83 · Answer

re

pourquoi es tu allé poster au dessus, difficile de s'y retrouver, aussi je mets tout ton rapport ici

Rapport VundoFix


VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 10:46:54 2007-09-09

Listing files found while scanning....

C:\WINDOWS\sstutt.dll
C:\windows\system32\awtqrqn.dll
C:\windows\system32\awtrpmk.dll
C:\WINDOWS\system32\awtsqpo.dll
C:\windows\system32\awtsrpq.dll
C:\windows\system32\awttusr.dll
C:\windows\system32\awvspmk.dll
C:\windows\system32\byxurrq.dll
C:\windows\system32\byxwxuv.dll
C:\windows\system32\byxxusp.dll
C:\windows\system32\cbxuutq.dll
C:\windows\system32\cbxvtut.dll
C:\windows\system32\cbxwvvt.dll
C:\windows\system32\cbxwwxv.dll
C:\windows\system32\cbxxyvu.dll
C:\windows\system32\cbxywtu.dll
C:\windows\system32\ddawvwu.dll
C:\windows\system32\ddcaayv.dll
C:\windows\system32\ddcaxwx.dll
C:\windows\system32\ddcyxyv.dll
C:\windows\system32\efcaayy.dll
C:\windows\system32\efcbxxw.dll
C:\windows\system32\efcyaba.dll
C:\windows\system32\efcyyxv.dll
C:\windows\system32\fccawus.dll
C:\windows\system32\fccbxvs.dll
C:\windows\system32\fccccby.dll
C:\windows\system32\fccyaby.dll
C:\windows\system32\fccyyaa.dll
C:\windows\system32\fjlluena.dll
C:\windows\system32\gebaaya.dll
C:\windows\system32\gebabyy.dll
C:\windows\system32\gebaywv.dll
C:\windows\system32\gebxusr.dll
C:\windows\system32\gebxwvs.dll
C:\windows\system32\gebyaxx.dll
C:\windows\system32\hggdebc.dll
C:\windows\system32\hggfdba.dll
C:\windows\system32\hgghebb.dll
C:\windows\system32\hgghedc.dll
C:\windows\system32\hgghgff.dll
C:\windows\system32\hgghhif.dll
C:\windows\system32\hsacgmrj.dll
C:\windows\system32\iifefff.dll
C:\windows\system32\jjssqfte.dll
C:\windows\system32\jkkhfdc.dll
C:\windows\system32\jkkjgfg.dll
C:\windows\system32\jkkkjgg.dll
C:\windows\system32\khfcbay.dll
C:\windows\system32\khfcdee.dll
C:\windows\system32\khfdccc.dll
C:\windows\system32\khfeccb.dll
C:\windows\system32\khfecdd.dll
C:\windows\system32\khffeca.dll
C:\windows\system32\khfgfda.dll
C:\windows\system32\khfgfef.dll
C:\windows\system32\khfgffc.dll
C:\windows\system32\khfggde.dll
C:\windows\system32\khfghif.dll
C:\windows\system32\ljjgdee.dll
C:\windows\system32\ljjhfec.dll
C:\windows\system32\ljjhghf.dll
C:\windows\system32\ljjhghi.dll
C:\windows\system32\ljjkigf.dll
C:\windows\system32\ljjkkjg.dll
C:\windows\system32\mljghhe.dll
C:\windows\system32\mljhijj.dll
C:\windows\system32\mljjiig.dll
C:\windows\system32\mljjjki.dll
C:\windows\system32\mljjkjj.dll
C:\windows\system32
nnmmnn.dll
C:\windows\system32
nnnkjj.dll
C:\windows\system32
nnopnk.dll
C:\windows\system32\opnlihh.dll
C:\windows\system32\opnliji.dll
C:\windows\system32\opnmjif.dll
C:\windows\system32\opnmkki.dll
C:\windows\system32\opnnoll.dll
C:\windows\system32\opnolmk.dll
C:\windows\system32\pmnlkkk.dll
C:\windows\system32\pmnomjh.dll
C:\windows\system32\pmnomnl.dll
C:\windows\system32\qomjjgf.dll
C:\windows\system32\qommlml.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\windows\system32qromjg.dll
C:\windows\system32qrqqnk.dll
C:\windows\system32qrrpmk.dll
C:\windows\system32qrrsss.dll
C:\windows\system32qrsppq.dll
C:\windows\system32qrsqnk.dll
C:\windows\system32\ssqpmki.dll
C:\WINDOWS\system32\ssttq.dll
C:\windows\system32	fdwimvh.dll
C:\WINDOWS\system32	mpD9.tmp.dll
C:\windows\system32	qilhdsf.dll
C:\windows\system32	uvtutr.dll
C:\windows\system32	uvurpn.dll
C:\windows\system32	uvvwxv.dll
C:\windows\system32	uvwxut.dll
C:\windows\system32	uvwxyy.dll
C:\windows\system32\uoldxwps.dll
C:\windows\system32\urqpnlj.dll
C:\windows\system32\urqppno.dll
C:\windows\system32\urqqnlm.dll
C:\windows\system32\urqqpqn.dll
C:\windows\system32\vbudyouk.dll
C:\windows\system32\vturopn.dll
C:\windows\system32\vtuspqo.dll
C:\windows\system32\vtusstt.dll
C:\windows\system32\vtutqpq.dll
C:\windows\system32\vtutrsp.dll
C:\windows\system32\vtuustt.dll
C:\windows\system32\wvurqom.dll
C:\windows\system32\wvutstt.dll
C:\windows\system32\wvuvsrr.dll
C:\windows\system32\xmcsaqms.dll
C:\windows\system32\xxyvsst.dll
C:\windows\system32\xxyyaab.dll
C:\windows\system32\yayaawt.dll
C:\windows\system32\yayaxvu.dll
C:\windows\system32\yaywuur.dll
C:\windows\system32\yayywtu.dll
C:\WINDOWS	tutss.ini

Beginning removal...

Attempting to delete C:\WINDOWS\sstutt.dll
C:\WINDOWS\sstutt.dll Has been deleted!

Attempting to delete C:\windows\system32\awtqrqn.dll
C:\windows\system32\awtqrqn.dll Has been deleted!

Attempting to delete C:\windows\system32\awtrpmk.dll
C:\windows\system32\awtrpmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtsqpo.dll
C:\WINDOWS\system32\awtsqpo.dll Could not be deleted.

Attempting to delete C:\windows\system32\awtsrpq.dll
C:\windows\system32\awtsrpq.dll Has been deleted!

Attempting to delete C:\windows\system32\awttusr.dll
C:\windows\system32\awttusr.dll Has been deleted!

Attempting to delete C:\windows\system32\awvspmk.dll
C:\windows\system32\awvspmk.dll Has been deleted!

Attempting to delete C:\windows\system32\byxurrq.dll
C:\windows\system32\byxurrq.dll Has been deleted!

Attempting to delete C:\windows\system32\byxwxuv.dll
C:\windows\system32\byxwxuv.dll Has been deleted!

Attempting to delete C:\windows\system32\byxxusp.dll
C:\windows\system32\byxxusp.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxuutq.dll
C:\windows\system32\cbxuutq.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxvtut.dll
C:\windows\system32\cbxvtut.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxwvvt.dll
C:\windows\system32\cbxwvvt.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxwwxv.dll
C:\windows\system32\cbxwwxv.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxxyvu.dll
C:\windows\system32\cbxxyvu.dll Has been deleted!

Attempting to delete C:\windows\system32\cbxywtu.dll
C:\windows\system32\cbxywtu.dll Has been deleted!

Attempting to delete C:\windows\system32\ddawvwu.dll
C:\windows\system32\ddawvwu.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcaayv.dll
C:\windows\system32\ddcaayv.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcaxwx.dll
C:\windows\system32\ddcaxwx.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcyxyv.dll
C:\windows\system32\ddcyxyv.dll Has been deleted!

Attempting to delete C:\windows\system32\efcaayy.dll
C:\windows\system32\efcaayy.dll Has been deleted!

Attempting to delete C:\windows\system32\efcbxxw.dll
C:\windows\system32\efcbxxw.dll Has been deleted!

Attempting to delete C:\windows\system32\efcyaba.dll
C:\windows\system32\efcyaba.dll Has been deleted!

Attempting to delete C:\windows\system32\efcyyxv.dll
C:\windows\system32\efcyyxv.dll Has been deleted!

Attempting to delete C:\windows\system32\fccawus.dll
C:\windows\system32\fccawus.dll Has been deleted!

Attempting to delete C:\windows\system32\fccbxvs.dll
C:\windows\system32\fccbxvs.dll Has been deleted!

Attempting to delete C:\windows\system32\fccccby.dll
C:\windows\system32\fccccby.dll Has been deleted!

Attempting to delete C:\windows\system32\fccyaby.dll
C:\windows\system32\fccyaby.dll Has been deleted!

Attempting to delete C:\windows\system32\fccyyaa.dll
C:\wind
VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 11:35:58 2007-09-09

Listing files found while scanning....

C:\WINDOWS\sstutt.dll
C:\windows\system32\awtsqpo.dll
C:\windows\system32\fjlluena.dll
C:\windows\system32\gebaaya.dll
C:\windows\system32\gebabyy.dll
C:\windows\system32\gebaywv.dll
C:\windows\system32\gebxusr.dll
C:\windows\system32\gebxwvs.dll
C:\windows\system32\gebyaxx.dll
C:\windows\system32\hggdebc.dll
C:\windows\system32\hggfdba.dll
C:\windows\system32\hgghebb.dll
C:\windows\system32\hgghedc.dll
C:\windows\system32\hgghgff.dll
C:\windows\system32\hgghhif.dll
C:\windows\system32\hsacgmrj.dll
C:\windows\system32\iifefff.dll
C:\windows\system32\jjssqfte.dll
C:\windows\system32\jkkhfdc.dll
C:\windows\system32\jkkjgfg.dll
C:\windows\system32\jkkkjgg.dll
C:\windows\system32\khfcbay.dll
C:\windows\system32\khfcdee.dll
C:\windows\system32\khfdccc.dll
C:\windows\system32\khfeccb.dll
C:\windows\system32\khfecdd.dll
C:\windows\system32\khffeca.dll
C:\windows\system32\khfgfda.dll
C:\windows\system32\khfgfef.dll
C:\windows\system32\khfgffc.dll
C:\windows\system32\khfggde.dll
C:\windows\system32\khfghif.dll
C:\windows\system32\ljjgdee.dll
C:\windows\system32\ljjhfec.dll
C:\windows\system32\ljjhghf.dll
C:\windows\system32\ljjhghi.dll
C:\windows\system32\ljjkigf.dll
C:\windows\system32\ljjkkjg.dll
C:\windows\system32\mljghhe.dll
C:\windows\system32\mljhijj.dll
C:\windows\system32\mljjiig.dll
C:\windows\system32\mljjjki.dll
C:\windows\system32\mljjkjj.dll
C:\windows\system32
nnmmnn.dll
C:\windows\system32
nnnkjj.dll
C:\windows\system32
nnopnk.dll
C:\windows\system32\opnlihh.dll
C:\windows\system32\opnliji.dll
C:\windows\system32\opnmjif.dll
C:\windows\system32\opnmkki.dll
C:\windows\system32\opnnoll.dll
C:\windows\system32\opnolmk.dll
C:\windows\system32\pmnlkkk.dll
C:\windows\system32\pmnomjh.dll
C:\windows\system32\pmnomnl.dll
C:\windows\system32\qomjjgf.dll
C:\WINDOWS\system32\qomjjji.dll
C:\windows\system32\qommlml.dll
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\windows\system32qromjg.dll
C:\windows\system32qrqqnk.dll
C:\windows\system32qrrpmk.dll
C:\windows\system32qrrsss.dll
C:\windows\system32qrsppq.dll
C:\windows\system32qrsqnk.dll
C:\windows\system32\ssqpmki.dll
C:\WINDOWS\system32\ssttq.dll
C:\windows\system32	fdwimvh.dll
C:\WINDOWS\system32	mpD9.tmp.dll
C:\windows\system32	qilhdsf.dll
C:\windows\system32	uvtutr.dll
C:\windows\system32	uvurpn.dll
C:\windows\system32	uvvwxv.dll
C:\windows\system32	uvwxut.dll
C:\windows\system32	uvwxyy.dll
C:\windows\system32\uoldxwps.dll
C:\windows\system32\urqpnlj.dll
C:\windows\system32\urqppno.dll
C:\windows\system32\urqqnlm.dll
C:\windows\system32\urqqpqn.dll
C:\windows\system32\vbudyouk.dll
C:\windows\system32\vturopn.dll
C:\windows\system32\vtuspqo.dll
C:\windows\system32\vtusstt.dll
C:\windows\system32\vtutqpq.dll
C:\windows\system32\vtutrsp.dll
C:\windows\system32\vtuustt.dll
C:\windows\system32\wvurqom.dll
C:\windows\system32\wvutstt.dll
C:\windows\system32\wvuvsrr.dll
C:\windows\system32\xmcsaqms.dll
C:\windows\system32\xxyvsst.dll
C:\windows\system32\xxyyaab.dll
C:\windows\system32\yayaawt.dll
C:\windows\system32\yayaxvu.dll
C:\windows\system32\yaywuur.dll
C:\windows\system32\yayywtu.dll
C:\WINDOWS	tutss.ini

Beginning removal...

Attempting to delete C:\windows\system32\awtsqpo.dll
C:\windows\system32\awtsqpo.dll Has been deleted!

Attempting to delete C:\windows\system32\fjlluena.dll
C:\windows\system32\fjlluena.dll Has been deleted!

Attempting to delete C:\windows\system32\gebaaya.dll
C:\windows\system32\gebaaya.dll Has been deleted!

Attempting to delete C:\windows\system32\gebabyy.dll
C:\windows\system32\gebabyy.dll Has been deleted!

Attempting to delete C:\windows\system32\gebaywv.dll
C:\windows\system32\gebaywv.dll Has been deleted!

Attempting to delete C:\windows\system32\gebxusr.dll
C:\windows\system32\gebxusr.dll Has been deleted!

Attempting to delete C:\windows\system32\gebxwvs.dll
C:\windows\system32\gebxwvs.dll Has been deleted!

Attempting to delete C:\windows\system32\gebyaxx.dll
C:\windows\system32\gebyaxx.dll Has been deleted!

Attempting to delete C:\windows\system32\hggdebc.dll
C:\windows\system32\hggdebc.dll Has been deleted!

Attempting to delete C:\windows\system32\hggfdba.dll
C:\windows\system32\hggfdba.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghebb.dll
C:\windows\system32\hgghebb.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghedc.dll
C:\windows\system32\hgghedc.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghgff.dll
C:\windows\system32\hgghgff.dll Has been deleted!

Attempting to delete C:\windows\system32\hgghhif.dll
C:\windows\system32\hgghhif.dll Has been deleted!

Attempting to delete C:\windows\system32\hsacgmrj.dll
C:\windows\system32\hsacgmrj.dll Has been deleted!

Attempting to delete C:\windows\system32\iifefff.dll
C:\windows\system32\iifefff.dll Has been deleted!

Attempting to delete C:\windows\system32\jjssqfte.dll
C:\windows\system32\jjssqfte.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkhfdc.dll
C:\windows\system32\jkkhfdc.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkjgfg.dll
C:\windows\system32\jkkjgfg.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkkjgg.dll
C:\windows\system32\jkkkjgg.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcbay.dll
C:\windows\system32\khfcbay.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcdee.dll
C:\windows\system32\khfcdee.dll Has been deleted!

Attempting to delete C:\windows\system32\khfdccc.dll
C:\windows\system32\khfdccc.dll Has been deleted!

Attempting to delete C:\windows\system32\khfeccb.dll
C:\windows\system32\khfeccb.dll Has been deleted!

Attempting to delete C:\windows\system32\khfecdd.dll
C:\windows\system32\khfecdd.dll Has been deleted!

Attempting to delete C:\windows\system32\khffeca.dll
C:\windows\system32\khffeca.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgfda.dll
C:\windows\system32\khfgfda.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgfef.dll
C:\windows\system32\khfgfef.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgffc.dll
C:\windows\system32\khfgffc.dll Has been deleted!

Attempting to delete C:\windows\system32\khfggde.dll
C:\windows\system32\khfggde.dll Has been deleted!

Attempting to delete C:\windows\system32\khfghif.dll
C:\windows\system32\khfghif.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjgdee.dll
C:\windows\system32\ljjgdee.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhfec.dll
C:\windows\system32\ljjhfec.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhghf.dll
C:\windows\system32\ljjhghf.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjhghi.dll
C:\windows\system32\ljjhghi.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkigf.dll
C:\windows\system32\ljjkigf.dll Has been deleted!

Attempting to delete C:\windows\system32\ljjkkjg.dll
C:\windows\system32\ljjkkjg.dll Has been deleted!

Attempting to delete C:\windows\system32\mljghhe.dll
C:\windows\system32\mljghhe.dll Has been deleted!

Attempting to delete C:\windows\system32\mljhijj.dll
C:\windows\system32\mljhijj.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjiig.dll
C:\windows\system32\mljjiig.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjjki.dll
C:\windows\system32\mljjjki.dll Has been deleted!

Attempting to delete C:\windows\system32\mljjkjj.dll
C:\windows\system32\mljjkjj.dll Has been deleted!

Attempting to delete C:\windows\system32
nnmmnn.dll
C:\windows\system32
nnmmnn.dll Has been deleted!

Attempting to delete C:\windows\system32
nnnkjj.dll
C:\windows\system32
nnnkjj.dll Has been deleted!

Attempting to delete C:\windows\system32
nnopnk.dll
C:\windows\system32
nnopnk.dll Has been deleted!

Attempting to delete C:\windows\system32\opnlihh.dll
C:\windows\system32\opnlihh.dll Has been deleted!

Attempting to delete C:\windows\system32\opnliji.dll
C:\windows\system32\opnliji.dll Has been deleted!

Attempting to delete C:\windows\system32\opnmjif.dll
C:\windows\system32\opnmjif.dll Has been deleted!

Attempting to delete C:\windows\system32\opnmkki.dll
C:\windows\system32\opnmkki.dll Has been deleted!

Attempting to delete C:\windows\system32\opnnoll.dll
C:\windows\system32\opnnoll.dll Has been deleted!

Attempting to delete C:\windows\system32\opnolmk.dll
C:\windows\system32\opnolmk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnlkkk.dll
C:\windows\system32\pmnlkkk.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnomjh.dll
C:\windows\system32\pmnomjh.dll Has been deleted!

Attempting to delete C:\windows\system32\pmnomnl.dll
C:\windows\system32\pmnomnl.dll Has been deleted!

Attempting to delete C:\windows\system32\qomjjgf.dll
C:\windows\system32\qomjjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjjji.dll
C:\WINDOWS\system32\qomjjji.dll Could not be deleted.

Attempting to delete C:\windows\system32\qommlml.dll
C:\windows\system32\qommlml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.ini Has been deleted!

Attempting to delete C:\windows\system32qromjg.dll
C:\windows\system32qromjg.dll Has been deleted!

Attempting to delete C:\windows\system32qrqqnk.dll
C:\windows\system32qrqqnk.dll Has been deleted!

Attempting to delete C:\windows\system32qrrpmk.dll
C:\windows\system32qrrpmk.dll Has been deleted!

Attempting to delete C:\windows\system32qrrsss.dll
C:\windows\system32qrrsss.dll Has been deleted!

Attempting to delete C:\windows\system32qrsppq.dll
C:\windows\system32qrsppq.dll Has been deleted!

Attempting to delete C:\windows\system32qrsqnk.dll
C:\windows\system32qrsqnk.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqpmki.dll
C:\windows\system32\ssqpmki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttq.dll Could not be deleted.

Attempting to delete C:\windows\system32	fdwimvh.dll
C:\windows\system32	fdwimvh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32	mpD9.tmp.dll
C:\WINDOWS\system32	mpD9.tmp.dll Has been deleted!

Attempting to delete C:\windows\system32	qilhdsf.dll
C:\windows\system32	qilhdsf.dll Has been deleted!

Attempting to delete C:\windows\system32	uvtutr.dll
C:\windows\system32	uvtutr.dll Has been deleted!

Attempting to delete C:\windows\system32	uvurpn.dll
C:\windows\system32	uvurpn.dll Has been deleted!

Attempting to delete C:\windows\system32	uvvwxv.dll
C:\windows\system32	uvvwxv.dll Has been deleted!

Attempting to delete C:\windows\system32	uvwxut.dll
C:\windows\system32	uvwxut.dll Has been deleted!

Attempting to delete C:\windows\system32	uvwxyy.dll
C:\windows\system32	uvwxyy.dll Has been deleted!

Attempting to delete C:\windows\system32\uoldxwps.dll
C:\windows\system32\uoldxwps.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpnlj.dll
C:\windows\system32\urqpnlj.dll Has been deleted!

Attempting to delete C:\windows\system32\urqppno.dll
C:\windows\system32\urqppno.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqnlm.dll
C:\windows\system32\urqqnlm.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqpqn.dll
C:\windows\system32\urqqpqn.dll Has been deleted!

Attempting to delete C:\windows\system32\vbudyouk.dll
C:\windows\system32\vbudyouk.dll Has been deleted!

Attempting to delete C:\windows\system32\vturopn.dll
C:\windows\system32\vturopn.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuspqo.dll
C:\windows\system32\vtuspqo.dll Has been deleted!

Attempting to delete C:\windows\system32\vtusstt.dll
C:\windows\system32\vtusstt.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutqpq.dll
C:\windows\system32\vtutqpq.dll Has been deleted!

Attempting to delete C:\windows\system32\vtutrsp.dll
C:\windows\system32\vtutrsp.dll Has been deleted!

Attempting to delete C:\windows\system32\vtuustt.dll
C:\windows\system32\vtuustt.dll Has been deleted!

Attempting to delete C:\windows\system32\wvurqom.dll
C:\windows\system32\wvurqom.dll Has been deleted!

Attempting to delete C:\windows\system32\wvutstt.dll
C:\windows\system32\wvutstt.dll Has been deleted!

Attempting to delete C:\windows\system32\wvuvsrr.dll
C:\windows\system32\wvuvsrr.dll Has been deleted!

Attempting to delete C:\windows\system32\xmcsaqms.dll
C:\windows\system32\xmcsaqms.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyvsst.dll
C:\windows\system32\xxyvsst.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyyaab.dll
C:\windows\system32\xxyyaab.dll Has been deleted!

Attempting to delete C:\windows\system32\yayaawt.dll
C:\windows\system32\yayaawt.dll Has been deleted!

Attempting to delete C:\windows\system32\yayaxvu.dll
C:\windows\system32\yayaxvu.dll Has been deleted!

Attempting to delete C:\windows\system32\yaywuur.dll
C:\windows\system32\yaywuur.dll Has been deleted!

Attempting to delete C:\windows\system32\yayywtu.dll
C:\windows\system32\yayywtu.dll Has been deleted!

Attempting to delete C:\WINDOWS	tutss.ini
C:\WINDOWS	tutss.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 11:47:19 2007-09-09

Listing files found while scanning....

C:\windows\system32\qomjjji.dll
C:\windows\system32\ssttq.dll

Beginning removal...

Attempting to delete C:\windows\system32\qomjjji.dll
C:\windows\system32\qomjjji.dll Has been deleted!

Attempting to delete C:\windows\system32\ssttq.dll
C:\windows\system32\ssttq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 11:51:55 2007-09-09

Listing files found while scanning....

C:\windows\system32\opnnllj.dll

Beginning removal...

Attempting to delete C:\windows\system32\opnnllj.dll
C:\windows\system32\opnnllj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\opnnllj.dll
C:\windows\system32\opnnllj.dll Has been deleted!

Performing Repairs to the registry.
Done!






Rapport De Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:58:17, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.meteomedia.com/ca/meteo/quebec/granby
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {768FEE08-9B75-4653-A2CD-8822C83A5453} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ieakdlv - C:\WINDOWS\SYSTEM32\ieakdlv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vhmjydfi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe


jai comme une impression que sa a pas changé grand chose pcq jai encore les alerte de virus c vrm chiant :S

Rudy2k5 · Answer

je tenvois le rapport de bit defender il sest produit qqch dassé important je crois lors du scan de bit defender jai recu PLUSIEURS alertes de Avast je ten donne la liste si sa peut taider Win32:Vundo-gen48[Adw] Win32:Vundo-gen46[Adw] Win32:Vundo-gen47[Adw] Win32:Vundo-gen49[Adw] Win32: Agent-HOP[Wrm] (celui dont il est question depuis le debut :s) Win32:Tiny-IF [Trj] Ils sont tous apparu a plusieurs reprise dont le derniere qui est apparu 5x de suite des que je fesait mettre en quarantaine, il réapparaissait :s ....... et la plupart etais detecté ds system Volume Information/ restore et dans le dossier vundofix Backup et a une autre place que je nai pas prit en note :s donc voici le rapport: BitDefender Online Scanner - Rapport d'analyse

BitDefender Online Scanner

Rapport d'analyse généré à: Sun, Sep 09, 2007 - 13:22:57

Voie d'analyse: A:\;C:\;D:\;

Statistiques
Temps	01:04:26
Fichiers	261302
Directoires	7750
Secteurs de boot	2
Archives	1608
Paquets programmes	9964

Résultats
Virus identifiés	9
Fichiers infectés	282
Fichiers suspects	0
Avertissements	0
Désinfectés	0
Fichiers effacés	282

Info sur les moteurs
Définition virus	800243
Version des moteurs	AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Analyse des plugins	14
Archive des plugins	38
Unpack des plugins	7
E-mail plugins	6
Système plugins	1

Paramètres d'analyse
Première action	Désinfecté
Seconde Action	Supprimé
Heuristique	Oui
Acceptez les avertissements	Oui
Extensions analysées	*;
Excludez les extensions
Analyse d'emails	Oui
Analyse des Archives	Oui
Analyser paquets programmes	Oui
Analyse des fichiers	Oui
Analyse de boot	Oui

Fichier analysé	Statut
C:\Documents and Settings\SG-C\Application Data mp2.tmp.exe	Infecté par: MemScan:Trojan.Dropper.Agent.BON
C:\Documents and Settings\SG-C\Application Data mp2.tmp.exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Application Data mp2.tmp.exe	Supprimé
C:\Documents and Settings\SG-C\Application Data mp3.tmp.exe	Infecté par: MemScan:Trojan.Juan.V
C:\Documents and Settings\SG-C\Application Data mp3.tmp.exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Application Data mp3.tmp.exe	Supprimé
C:\Documents and Settings\SG-C\Application Data mp31.tmp.exe	Infecté par: MemScan:Trojan.Dropper.Agent.BON
C:\Documents and Settings\SG-C\Application Data mp31.tmp.exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Application Data mp31.tmp.exe	Supprimé
C:\Documents and Settings\SG-C\Application Data mp32.tmp.exe	Infecté par: MemScan:Trojan.Juan.V
C:\Documents and Settings\SG-C\Application Data mp32.tmp.exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Application Data mp32.tmp.exe	Supprimé
C:\Documents and Settings\SG-C\Application Data mpD9.tmp.exe	Infecté par: MemScan:Trojan.Juan.V
C:\Documents and Settings\SG-C\Application Data mpD9.tmp.exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Application Data mpD9.tmp.exe	Supprimé
C:\Documents and Settings\SG-C\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF heq3[1].exe	Infecté par: Win32.Worm.Garm.C
C:\Documents and Settings\SG-C\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF heq3[1].exe	Echec de la désinfection
C:\Documents and Settings\SG-C\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF heq3[1].exe	Supprimé
C:\Documents and Settings\SG-C\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\poep[1].exe	Infecté par: Trojan.Vundo.DMU
C:\Documents and Settings\SG-C\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\poep[1].exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005635.dll	Infecté par: Trojan.Vundo.DMP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005635.dll	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005635.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005637.dll	Infecté par: Trojan.Vundo.DMP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005637.dll	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005637.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005638.dll	Infecté par: Trojan.Vundo.DMX
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005638.dll	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP14\A0005638.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013565.exe	Infecté par: Win32.Worm.Garm.C
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013565.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013565.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013677.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013677.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013679.exe	Infecté par: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013679.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013679.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013680.exe	Infecté par: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013680.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013680.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013681.exe	Infecté par: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013681.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013681.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013682.exe	Infecté par: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013682.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013682.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013683.exe	Infecté par: Trojan.Clicker.Agent.NP
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013683.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013683.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013684.exe	Infecté par: Trojan.Fotomoto.E
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013684.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013684.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013696.exe	Infecté par: Win32.Worm.Garm.C
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013696.exe	Echec de la désinfection
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013696.exe	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013700.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013700.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013701.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013701.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013702.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013702.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013703.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013703.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013704.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013704.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013705.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013705.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013706.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013706.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013707.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013707.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013708.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013708.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013709.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013709.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013710.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013710.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013711.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013711.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013712.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013712.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013713.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013713.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013714.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013714.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013715.dll	Infecté par: Trojan.Vundo.DMU
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013715.dll	Supprimé
C:\System Volume Information\_restore{995D90B2-AF53-4B6D-9670-B808B517FFC7}\RP23\A0013716.dll

Rudy2k5 · Answer

au juste pourquoi as tu reposté mon rapport ??

philae83 · Answer

J'ai reposté ton rapport car il n'avait pas été mis au bon endroit, c plus facile pour moi surtout quand je reprends ce que l'on a déjà fait, les avoir dans l'ordre me parait plus simple :)

bon le scan a bien travaillé visiblement

reposte un nouveau rapport hijackthis

Rudy2k5 · Answer

Voici le dernier log de Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 21:57:14, on 2007-09-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.meteomedia.com/ca/meteo/quebec/granby
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {768FEE08-9B75-4653-A2CD-8822C83A5453} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ieakdlv - C:\WINDOWS\SYSTEM32\ieakdlv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vhmjydfi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

philae83 · Answer

bonjour,

* Relance Vundofix
 * Ne clique pas sur "Scan for a vundo"
 * Clique droit au milieu de la fenêtre
 * Clique sur Add more files ?
 * Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\SYSTEM32\ieakdlv.dll 

* Clique sur Add files
 * Ensuite clique sur Close Windows
 * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
 * Si l'outils demande un redémarrage, accepte
 * Poste le rapport Vundofix

puis

* lance hijackthis puis coche ces lignes :

O2 - BHO: (no name) - {768FEE08-9B75-4653-A2CD-8822C83A5453} - C:\WINDOWS\system32\ssttq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab 
O20 - Winlogon Notify: ieakdlv - C:\WINDOWS\SYSTEM32\ieakdlv.dll 
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vhmjydfi.exe (file missing) 


* ferme toutes les applications ouvertes y compris internet explorer et clique sur "fixer objet"

puis

* Assure toi d'avoir accès à tous les fichiers

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver  la case : Masquer les fichier protégés du système d'exploitation

Puis  - Appliquer

* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

C:\WINDOWS\system32\vhmjydfi.exe

* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système

puis

reposte un nouveau rapport hijackthis

Win 32:Agent-HOP Wrm

12 réponses

Votre réponse

Discussions similaires

Newsletters