[Spyware] PC Infecté par Adware.Virtumonde
Bill974
Messages postés
14
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonsoir tout le monde. Voila j'ai un soucis avec mon pc qui est infecté par le spyware virtumonde. C'est en faisant une analyse AVG que je l'ai vu. Il me demande souvent de redemarrer mon pc. AVG trouve ce spyware dans le repertoire du system 32 de windows sous le nom ddcbbyy.dll. Je vous poste ici mon analyse Hijackthis. Merci beaucoup de votre aide si genereuse. Un salut de l'ile de la reunion pour tous les membres...
Logfile of HijackThis v1.99.1
Scan saved at 19:43:13, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
D:\Program Files\ONSPEED\onspeedcore.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13164E39-8ABC-4999-A380-681865685C91} - D:\WINDOWS\system32\ursqo.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - D:\WINDOWS\system32\ddcbbyy.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - D:\WINDOWS\system32\lyorgira.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\system32\emcsyeux.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbyy - D:\WINDOWS\SYSTEM32\ddcbbyy.dll
O20 - Winlogon Notify: ursqo - D:\WINDOWS\system32\ursqo.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci!
Logfile of HijackThis v1.99.1
Scan saved at 19:43:13, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
D:\Program Files\ONSPEED\onspeedcore.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13164E39-8ABC-4999-A380-681865685C91} - D:\WINDOWS\system32\ursqo.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - D:\WINDOWS\system32\ddcbbyy.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - D:\WINDOWS\system32\lyorgira.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\system32\emcsyeux.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbyy - D:\WINDOWS\SYSTEM32\ddcbbyy.dll
O20 - Winlogon Notify: ursqo - D:\WINDOWS\system32\ursqo.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci!
A voir également:
- [Spyware] PC Infecté par Adware.Virtumonde
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
4 réponses
Bonjour
Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
Télécharge VundoFix
---> http://www.atribune.org/ccount/click.php?id=4
Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
double clic dessus choisis "start for vundo"
attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
un message te demandera si tu veux supprimes les fichiers sur "yes"
Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
Une fois qu'il a redémarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
Bonjour et merci de ton aide. DEsoler du retard, boulot oblige.
Voila mon rapport Vundofix
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:54:19 10/06/2007
Listing files found while scanning....
D:\WINDOWS\system32\ddcbbyy.dll
D:\WINDOWS\system32\ecaxtpnj.dll
D:\WINDOWS\system32\emcsyeux.dll
D:\windows\system32\hiuwroqp.dll
D:\windows\system32\laplgvqm.exe
D:\windows\system32\mvaqamjl.dll
D:\WINDOWS\system32\oqsru.bak1
D:\WINDOWS\system32\oqsru.bak2
D:\WINDOWS\system32\oqsru.ini
D:\WINDOWS\system32\oqsru.ini2
D:\windows\system32\pqorwuih.ini
D:\windows\system32\twbhovcu.exe
D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\xueyscme.ini
D:\WINDOWS\system32\yugcmied.dll
Beginning removal...
Attempting to delete D:\WINDOWS\system32\ecaxtpnj.dll
D:\WINDOWS\system32\ecaxtpnj.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\emcsyeux.dll
D:\WINDOWS\system32\emcsyeux.dll Has been deleted!
Attempting to delete D:\windows\system32\hiuwroqp.dll
D:\windows\system32\hiuwroqp.dll Has been deleted!
Attempting to delete D:\windows\system32\laplgvqm.exe
D:\windows\system32\laplgvqm.exe Has been deleted!
Attempting to delete D:\windows\system32\mvaqamjl.dll
D:\windows\system32\mvaqamjl.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.bak1
D:\WINDOWS\system32\oqsru.bak1 Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.bak2
D:\WINDOWS\system32\oqsru.bak2 Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.ini
D:\WINDOWS\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.ini2
D:\WINDOWS\system32\oqsru.ini2 Has been deleted!
Attempting to delete D:\windows\system32\pqorwuih.ini
D:\windows\system32\pqorwuih.ini Has been deleted!
Attempting to delete D:\windows\system32\twbhovcu.exe
D:\windows\system32\twbhovcu.exe Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Could not be deleted.
Attempting to delete D:\WINDOWS\system32\xueyscme.ini
D:\WINDOWS\system32\xueyscme.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\yugcmied.dll
D:\WINDOWS\system32\yugcmied.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 20:25:29 10/06/2007
Listing files found while scanning....
D:\windows\system32\oqsru.ini
D:\WINDOWS\system32\ursqo.dll
Beginning removal...
Attempting to delete D:\windows\system32\oqsru.ini
D:\windows\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete D:\windows\system32\oqsru.ini
D:\windows\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et ensuite mon rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:47:25, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
D:\Program Files\ONSPEED\onspeedcore.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Giganology\Gigaget\GigagetShell.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - D:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci beaucoup de ton aide
Ps: j'ai trouver un reel changement avec avoir utiliser vundofix; je trouve mon ordi plus rapide
Voila mon rapport Vundofix
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:54:19 10/06/2007
Listing files found while scanning....
D:\WINDOWS\system32\ddcbbyy.dll
D:\WINDOWS\system32\ecaxtpnj.dll
D:\WINDOWS\system32\emcsyeux.dll
D:\windows\system32\hiuwroqp.dll
D:\windows\system32\laplgvqm.exe
D:\windows\system32\mvaqamjl.dll
D:\WINDOWS\system32\oqsru.bak1
D:\WINDOWS\system32\oqsru.bak2
D:\WINDOWS\system32\oqsru.ini
D:\WINDOWS\system32\oqsru.ini2
D:\windows\system32\pqorwuih.ini
D:\windows\system32\twbhovcu.exe
D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\xueyscme.ini
D:\WINDOWS\system32\yugcmied.dll
Beginning removal...
Attempting to delete D:\WINDOWS\system32\ecaxtpnj.dll
D:\WINDOWS\system32\ecaxtpnj.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\emcsyeux.dll
D:\WINDOWS\system32\emcsyeux.dll Has been deleted!
Attempting to delete D:\windows\system32\hiuwroqp.dll
D:\windows\system32\hiuwroqp.dll Has been deleted!
Attempting to delete D:\windows\system32\laplgvqm.exe
D:\windows\system32\laplgvqm.exe Has been deleted!
Attempting to delete D:\windows\system32\mvaqamjl.dll
D:\windows\system32\mvaqamjl.dll Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.bak1
D:\WINDOWS\system32\oqsru.bak1 Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.bak2
D:\WINDOWS\system32\oqsru.bak2 Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.ini
D:\WINDOWS\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\oqsru.ini2
D:\WINDOWS\system32\oqsru.ini2 Has been deleted!
Attempting to delete D:\windows\system32\pqorwuih.ini
D:\windows\system32\pqorwuih.ini Has been deleted!
Attempting to delete D:\windows\system32\twbhovcu.exe
D:\windows\system32\twbhovcu.exe Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Could not be deleted.
Attempting to delete D:\WINDOWS\system32\xueyscme.ini
D:\WINDOWS\system32\xueyscme.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\yugcmied.dll
D:\WINDOWS\system32\yugcmied.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 20:25:29 10/06/2007
Listing files found while scanning....
D:\windows\system32\oqsru.ini
D:\WINDOWS\system32\ursqo.dll
Beginning removal...
Attempting to delete D:\windows\system32\oqsru.ini
D:\windows\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete D:\windows\system32\oqsru.ini
D:\windows\system32\oqsru.ini Has been deleted!
Attempting to delete D:\WINDOWS\system32\ursqo.dll
D:\WINDOWS\system32\ursqo.dll Has been deleted!
Performing Repairs to the registry.
Done!
Et ensuite mon rapport Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:47:25, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
D:\Program Files\ONSPEED\onspeedcore.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Giganology\Gigaget\GigagetShell.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - D:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci beaucoup de ton aide
Ps: j'ai trouver un reel changement avec avoir utiliser vundofix; je trouve mon ordi plus rapide
Bonjour
Tu peux jeter Vundofix c'est ok.
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)
¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"
- AVG Anti-Spyware Guard
- Boonty Games
- Google Updater Service
- InstallDriver Table Manager
¤ ¤ Télécharge Clean
----> http://www.malekal.com/download/clean.zip
Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu ici
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
Tu peux jeter Vundofix c'est ok.
¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"
O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)
¤ Clic sur "démarrer", "exécuter", tape: services.msc
Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"
- AVG Anti-Spyware Guard
- Boonty Games
- Google Updater Service
- InstallDriver Table Manager
¤ ¤ Télécharge Clean
----> http://www.malekal.com/download/clean.zip
Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
Un rapport va s'ouvrir, copie et colle le contenu ici
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
A++
Bonjour voila mon rapport de clean
13/06/2007 a 11:46:56,68
*** Recherche des fichiers dans D:
*** Recherche des fichiers dans D:\WINDOWS\
*** Recherche des fichiers dans D:\WINDOWS\system32
D:\WINDOWS\system32\mcrh.tmp FOUND
*** Recherche des fichiers dans D:\Program Files
"D:\Program Files\DaemonTools_WhenUSave_Installer\" FOUND
*** Fin du rapport !
et mon rapport bitdefender
BitDefender Online Scanner
Scan report generated at: Wed, Jun 13, 2007 - 14:34:13
Scan path: D:\;
Statistics
Time
02:15:12
Files
200063
Folders
6134
Boot Sectors
4
Archives
3901
Packed Files
5900
Results
Identified Viruses
13
Infected Files
21
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
21
Engines Info
Virus Definitions
513410
Engine build
AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Infected with: Generic.Adw.SaveNow.F5FEB660
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Disinfection failed
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Deleted
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)
Update failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Infected with: Worm.RJump.K
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Disinfection failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Deleted
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Infected with: Worm.RJump.K
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Disinfection failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Detected with: Application.Joke.IWPad
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)
Update failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Downloader.Small.BHH
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)
Update failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Infected with: Trojan.Vundo.DLY
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Infected with: Trojan.Vundo.AY
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Infected with: Trojan.Virtumod.ALZ
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Infected with: GenPack:Trojan.Vundo.DLZ
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Infected with: Trojan.Vundo.DLV
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Infected with: Trojan.Clicker.Small.YB
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Infected with: Trojan.LowZones.SA
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Infected with: MemScan:Trojan.BHO.BM
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Deleted
D:\VundoFix Backups\ecaxtpnj.dll.bad
Infected with: Trojan.Virtumod.ALZ
D:\VundoFix Backups\ecaxtpnj.dll.bad
Disinfection failed
D:\VundoFix Backups\ecaxtpnj.dll.bad
Deleted
D:\VundoFix Backups\emcsyeux.dll.bad
Infected with: GenPack:Trojan.Vundo.DLZ
D:\VundoFix Backups\emcsyeux.dll.bad
Disinfection failed
D:\VundoFix Backups\emcsyeux.dll.bad
Deleted
D:\VundoFix Backups\hiuwroqp.dll.bad
Infected with: Trojan.Vundo.DLV
D:\VundoFix Backups\hiuwroqp.dll.bad
Disinfection failed
D:\VundoFix Backups\hiuwroqp.dll.bad
Deleted
D:\VundoFix Backups\laplgvqm.exe.bad
Infected with: Trojan.Clicker.Small.YB
D:\VundoFix Backups\laplgvqm.exe.bad
Disinfection failed
D:\VundoFix Backups\laplgvqm.exe.bad
Deleted
D:\VundoFix Backups\twbhovcu.exe.bad
Infected with: Trojan.LowZones.SA
D:\VundoFix Backups\twbhovcu.exe.bad
Disinfection failed
D:\VundoFix Backups\twbhovcu.exe.bad
Deleted
D:\VundoFix Backups\yugcmied.dll.bad
Infected with: MemScan:Trojan.BHO.BM
D:\VundoFix Backups\yugcmied.dll.bad
Disinfection failed
D:\VundoFix Backups\yugcmied.dll.bad
Deleted
D:\WINDOWS\system32\lyorgira.dll
Infected with: Trojan.BHO.BP
D:\WINDOWS\system32\lyorgira.dll
Disinfection failed
D:\WINDOWS\system32\lyorgira.dll
Deleted
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Infected with: Trojan.Clicker.Small.YB
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Disinfection failed
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Deleted
merci pour tout
13/06/2007 a 11:46:56,68
*** Recherche des fichiers dans D:
*** Recherche des fichiers dans D:\WINDOWS\
*** Recherche des fichiers dans D:\WINDOWS\system32
D:\WINDOWS\system32\mcrh.tmp FOUND
*** Recherche des fichiers dans D:\Program Files
"D:\Program Files\DaemonTools_WhenUSave_Installer\" FOUND
*** Fin du rapport !
et mon rapport bitdefender
BitDefender Online Scanner
Scan report generated at: Wed, Jun 13, 2007 - 14:34:13
Scan path: D:\;
Statistics
Time
02:15:12
Files
200063
Folders
6134
Boot Sectors
4
Archives
3901
Packed Files
5900
Results
Identified Viruses
13
Infected Files
21
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
21
Engines Info
Virus Definitions
513410
Engine build
AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Infected with: Generic.Adw.SaveNow.F5FEB660
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Disinfection failed
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe
Deleted
D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)
Update failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Infected with: Worm.RJump.K
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Disinfection failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe
Deleted
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Infected with: Worm.RJump.K
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Disinfection failed
D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Detected with: Application.Joke.IWPad
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)
Update failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Infected with: Trojan.Downloader.Small.BHH
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)
Update failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Infected with: Trojan.Vundo.DLY
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Infected with: Trojan.Vundo.AY
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Infected with: Trojan.Virtumod.ALZ
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Infected with: GenPack:Trojan.Vundo.DLZ
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Infected with: Trojan.Vundo.DLV
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Infected with: Trojan.Clicker.Small.YB
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Infected with: Trojan.LowZones.SA
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe
Deleted
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Infected with: MemScan:Trojan.BHO.BM
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Disinfection failed
D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll
Deleted
D:\VundoFix Backups\ecaxtpnj.dll.bad
Infected with: Trojan.Virtumod.ALZ
D:\VundoFix Backups\ecaxtpnj.dll.bad
Disinfection failed
D:\VundoFix Backups\ecaxtpnj.dll.bad
Deleted
D:\VundoFix Backups\emcsyeux.dll.bad
Infected with: GenPack:Trojan.Vundo.DLZ
D:\VundoFix Backups\emcsyeux.dll.bad
Disinfection failed
D:\VundoFix Backups\emcsyeux.dll.bad
Deleted
D:\VundoFix Backups\hiuwroqp.dll.bad
Infected with: Trojan.Vundo.DLV
D:\VundoFix Backups\hiuwroqp.dll.bad
Disinfection failed
D:\VundoFix Backups\hiuwroqp.dll.bad
Deleted
D:\VundoFix Backups\laplgvqm.exe.bad
Infected with: Trojan.Clicker.Small.YB
D:\VundoFix Backups\laplgvqm.exe.bad
Disinfection failed
D:\VundoFix Backups\laplgvqm.exe.bad
Deleted
D:\VundoFix Backups\twbhovcu.exe.bad
Infected with: Trojan.LowZones.SA
D:\VundoFix Backups\twbhovcu.exe.bad
Disinfection failed
D:\VundoFix Backups\twbhovcu.exe.bad
Deleted
D:\VundoFix Backups\yugcmied.dll.bad
Infected with: MemScan:Trojan.BHO.BM
D:\VundoFix Backups\yugcmied.dll.bad
Disinfection failed
D:\VundoFix Backups\yugcmied.dll.bad
Deleted
D:\WINDOWS\system32\lyorgira.dll
Infected with: Trojan.BHO.BP
D:\WINDOWS\system32\lyorgira.dll
Disinfection failed
D:\WINDOWS\system32\lyorgira.dll
Deleted
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Infected with: Trojan.Clicker.Small.YB
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Disinfection failed
D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_
Deleted
merci pour tout
Bonjour
Supprime ce dossier : D:\VundoFix Backups
¤ Pour Clean :
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Entre dans le dossier Clean
Double clic sur clean ou clean.cmd et choisis l'option 2
Dès qu'il a terminé redémarre normalement.
¤ Pour terminer :
Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
Puis dis moi comment se comporte ton PC ;-)
Supprime ce dossier : D:\VundoFix Backups
¤ Pour Clean :
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Entre dans le dossier Clean
Double clic sur clean ou clean.cmd et choisis l'option 2
Dès qu'il a terminé redémarre normalement.
¤ Pour terminer :
Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ décoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé
Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.
Puis dis moi comment se comporte ton PC ;-)
