[Spyware] PC Infecté par Adware.Virtumonde

Bill974 Messages postés 14 Statut Membre -  
 Utilisateur anonyme -
Bonsoir tout le monde. Voila j'ai un soucis avec mon pc qui est infecté par le spyware virtumonde. C'est en faisant une analyse AVG que je l'ai vu. Il me demande souvent de redemarrer mon pc. AVG trouve ce spyware dans le repertoire du system 32 de windows sous le nom ddcbbyy.dll. Je vous poste ici mon analyse Hijackthis. Merci beaucoup de votre aide si genereuse. Un salut de l'ile de la reunion pour tous les membres...
Configuration: Windows XP
Firefox 2.0.0.4


Logfile of HijackThis v1.99.1
Scan saved at 19:43:13, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
D:\Program Files\ONSPEED\onspeedcore.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13164E39-8ABC-4999-A380-681865685C91} - D:\WINDOWS\system32\ursqo.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - D:\WINDOWS\system32\ddcbbyy.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - D:\WINDOWS\system32\lyorgira.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "D:\WINDOWS\system32\emcsyeux.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbyy - D:\WINDOWS\SYSTEM32\ddcbbyy.dll
O20 - Winlogon Notify: ursqo - D:\WINDOWS\system32\ursqo.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci!

4 réponses

  1. Utilisateur anonyme
     
    Bonjour

    Télécharge VundoFix
    ---> http://www.atribune.org/ccount/click.php?id=4

    Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..

    double clic dessus choisis "start for vundo"
    attends quelques minutes, quand le scan est terminé clic sur "remove vundo"
    un message te demandera si tu veux supprimes les fichiers sur "yes"
    Quand il a terminé, clic sur "yes" ton ordinateur devrait redemarrer si non, fais le par toi même
    Une fois qu'il a redémarré colle le rapport C:\vundofix.txt et un nouveau rapport hijackthis stp
    0
  2. Bill974 Messages postés 14 Statut Membre
     
    Bonjour et merci de ton aide. DEsoler du retard, boulot oblige.

    Voila mon rapport Vundofix

    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 19:54:19 10/06/2007

    Listing files found while scanning....

    D:\WINDOWS\system32\ddcbbyy.dll
    D:\WINDOWS\system32\ecaxtpnj.dll
    D:\WINDOWS\system32\emcsyeux.dll
    D:\windows\system32\hiuwroqp.dll
    D:\windows\system32\laplgvqm.exe
    D:\windows\system32\mvaqamjl.dll
    D:\WINDOWS\system32\oqsru.bak1
    D:\WINDOWS\system32\oqsru.bak2
    D:\WINDOWS\system32\oqsru.ini
    D:\WINDOWS\system32\oqsru.ini2
    D:\windows\system32\pqorwuih.ini
    D:\windows\system32\twbhovcu.exe
    D:\WINDOWS\system32\ursqo.dll
    D:\WINDOWS\system32\xueyscme.ini
    D:\WINDOWS\system32\yugcmied.dll

    Beginning removal...

    Attempting to delete D:\WINDOWS\system32\ecaxtpnj.dll
    D:\WINDOWS\system32\ecaxtpnj.dll Has been deleted!

    Attempting to delete D:\WINDOWS\system32\emcsyeux.dll
    D:\WINDOWS\system32\emcsyeux.dll Has been deleted!

    Attempting to delete D:\windows\system32\hiuwroqp.dll
    D:\windows\system32\hiuwroqp.dll Has been deleted!

    Attempting to delete D:\windows\system32\laplgvqm.exe
    D:\windows\system32\laplgvqm.exe Has been deleted!

    Attempting to delete D:\windows\system32\mvaqamjl.dll
    D:\windows\system32\mvaqamjl.dll Has been deleted!

    Attempting to delete D:\WINDOWS\system32\oqsru.bak1
    D:\WINDOWS\system32\oqsru.bak1 Has been deleted!

    Attempting to delete D:\WINDOWS\system32\oqsru.bak2
    D:\WINDOWS\system32\oqsru.bak2 Has been deleted!

    Attempting to delete D:\WINDOWS\system32\oqsru.ini
    D:\WINDOWS\system32\oqsru.ini Has been deleted!

    Attempting to delete D:\WINDOWS\system32\oqsru.ini2
    D:\WINDOWS\system32\oqsru.ini2 Has been deleted!

    Attempting to delete D:\windows\system32\pqorwuih.ini
    D:\windows\system32\pqorwuih.ini Has been deleted!

    Attempting to delete D:\windows\system32\twbhovcu.exe
    D:\windows\system32\twbhovcu.exe Has been deleted!

    Attempting to delete D:\WINDOWS\system32\ursqo.dll
    D:\WINDOWS\system32\ursqo.dll Could not be deleted.

    Attempting to delete D:\WINDOWS\system32\xueyscme.ini
    D:\WINDOWS\system32\xueyscme.ini Has been deleted!

    Attempting to delete D:\WINDOWS\system32\yugcmied.dll
    D:\WINDOWS\system32\yugcmied.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 20:25:29 10/06/2007

    Listing files found while scanning....

    D:\windows\system32\oqsru.ini
    D:\WINDOWS\system32\ursqo.dll

    Beginning removal...

    Attempting to delete D:\windows\system32\oqsru.ini
    D:\windows\system32\oqsru.ini Has been deleted!

    Attempting to delete D:\WINDOWS\system32\ursqo.dll
    D:\WINDOWS\system32\ursqo.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete D:\windows\system32\oqsru.ini
    D:\windows\system32\oqsru.ini Has been deleted!

    Attempting to delete D:\WINDOWS\system32\ursqo.dll
    D:\WINDOWS\system32\ursqo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Et ensuite mon rapport Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 20:47:25, on 10/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    D:\Program Files\ONSPEED\onspeedcore.exe
    D:\Program Files\Picasa2\PicasaMediaDetector.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\Program Files\Giganology\Gigaget\GigagetShell.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - D:\WINDOWS\system32\gigagetbho_v10.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Program Files\ONSPEED\PBHelper.dll
    O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Program Files\ONSPEED\components\NOWImaging.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
    O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - D:\Program Files\ONSPEED\TOOLBAND.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SlipStream] "D:\Program Files\ONSPEED\onspeedcore.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Gigaget] "D:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: ONSPEED.lnk = D:\Program Files\ONSPEED\onspeedgui.exe
    O4 - Global Startup: ZDWLan Utility.lnk = D:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O14 - IERESET.INF: START_PAGE_URL=www.google.fr
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EB4A5D77-A13E-4517-B28A-DE447F462FD4}: NameServer = 217.175.160.11 217.175.160.12
    O17 - HKLM\System\CS1\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
    O17 - HKLM\System\CS2\Services\Tcpip\..\{8231B338-7019-45B2-8BEE-27F228CA340F}: NameServer = 217.175.160.11,217.175.160.12
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Merci beaucoup de ton aide

    Ps: j'ai trouver un reel changement avec avoir utiliser vundofix; je trouve mon ordi plus rapide
    0
    1. Utilisateur anonyme
       
      Bonjour

      Tu peux jeter Vundofix c'est ok.


      ¤ Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

      O2 - BHO: (no name) - {4FFC38CA-FEA4-486D-8898-0DE8735986FE} - D:\WINDOWS\system32\ursqo.dll (file missing)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {C6208197-F4CB-49E6-A545-1077901F40E2} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
      O2 - BHO: (no name) - {CEF4E681-94FB-430E-8881-C852A64F953a} - D:\WINDOWS\system32\pqsxwico.dll (file missing)
      O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - D:\WINDOWS\system32\mvaqamjl.dll (file missing)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [j3291833] rundll32 D:\WINDOWS\system32\j3291833.dll sook
      O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      O20 - Winlogon Notify: ddcbbyy - ddcbbyy.dll (file missing)



      ¤ Clic sur "démarrer", "exécuter", tape: services.msc
      Cherche dans la liste les lignes ci-dessous, tu fais un clic droit dessus choisis "propriétés" et régle les sur "désactivé"

      - AVG Anti-Spyware Guard
      - Boonty Games
      - Google Updater Service
      - InstallDriver Table Manager



      ¤ ¤ Télécharge Clean
      ----> http://www.malekal.com/download/clean.zip

      Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
      Un rapport va s'ouvrir, copie et colle le contenu ici



      ¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
      Une fois qu'il a terminé colle le rapport ici stp

      https://www.bitdefender.com/toolbox/


      A++
      0
  3. Bill974 Messages postés 14 Statut Membre
     
    Bonjour voila mon rapport de clean

    13/06/2007 a 11:46:56,68

    *** Recherche des fichiers dans D:

    *** Recherche des fichiers dans D:\WINDOWS\

    *** Recherche des fichiers dans D:\WINDOWS\system32
    D:\WINDOWS\system32\mcrh.tmp FOUND

    *** Recherche des fichiers dans D:\Program Files
    "D:\Program Files\DaemonTools_WhenUSave_Installer\" FOUND
    *** Fin du rapport !

    et mon rapport bitdefender

    BitDefender Online Scanner

    Scan report generated at: Wed, Jun 13, 2007 - 14:34:13

    Scan path: D:\;

    Statistics

    Time

    02:15:12

    Files

    200063

    Folders

    6134

    Boot Sectors

    4

    Archives

    3901

    Packed Files

    5900

    Results

    Identified Viruses

    13

    Infected Files

    21

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    21

    Engines Info

    Virus Definitions

    513410

    Engine build

    AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    6

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

    Infected with: Generic.Adw.SaveNow.F5FEB660

    D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

    Disinfection failed

    D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)=>DaemonTools_WhenUSave_Installer.exe

    Deleted

    D:\Program Files\DAEMON Tools\SetupDTSB.exe=>(CAB Sfx r)

    Update failed

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe

    Infected with: Worm.RJump.K

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe

    Disinfection failed

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040804.exe

    Deleted

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe

    Infected with: Worm.RJump.K

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe

    Disinfection failed

    D:\System Volume Information\_restore{373297B8-7A28-4B94-9463-5DEB165E2259}\RP30\A0040806.exe

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe

    Detected with: Application.Joke.IWPad

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)=>interlligentwordpad.exe

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP33\A0087370.exe=>(RAR Sfx o)

    Update failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe

    Infected with: Trojan.Downloader.Small.BHH

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)=>keygen.exe

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP39\A0092485.exe=>(RAR Sfx o)

    Update failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll

    Infected with: Trojan.Vundo.DLY

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP41\A0100516.dll

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll

    Infected with: Trojan.Vundo.AY

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP45\A0108489.dll

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll

    Infected with: Trojan.Virtumod.ALZ

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133650.dll

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll

    Infected with: GenPack:Trojan.Vundo.DLZ

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133651.dll

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll

    Infected with: Trojan.Vundo.DLV

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133652.dll

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe

    Infected with: Trojan.Clicker.Small.YB

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133653.exe

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe

    Infected with: Trojan.LowZones.SA

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133656.exe

    Deleted

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll

    Infected with: MemScan:Trojan.BHO.BM

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll

    Disinfection failed

    D:\System Volume Information\_restore{3B0B06A3-BE4B-48FE-91C5-222D27B22C49}\RP50\A0133658.dll

    Deleted

    D:\VundoFix Backups\ecaxtpnj.dll.bad

    Infected with: Trojan.Virtumod.ALZ

    D:\VundoFix Backups\ecaxtpnj.dll.bad

    Disinfection failed

    D:\VundoFix Backups\ecaxtpnj.dll.bad

    Deleted

    D:\VundoFix Backups\emcsyeux.dll.bad

    Infected with: GenPack:Trojan.Vundo.DLZ

    D:\VundoFix Backups\emcsyeux.dll.bad

    Disinfection failed

    D:\VundoFix Backups\emcsyeux.dll.bad

    Deleted

    D:\VundoFix Backups\hiuwroqp.dll.bad

    Infected with: Trojan.Vundo.DLV

    D:\VundoFix Backups\hiuwroqp.dll.bad

    Disinfection failed

    D:\VundoFix Backups\hiuwroqp.dll.bad

    Deleted

    D:\VundoFix Backups\laplgvqm.exe.bad

    Infected with: Trojan.Clicker.Small.YB

    D:\VundoFix Backups\laplgvqm.exe.bad

    Disinfection failed

    D:\VundoFix Backups\laplgvqm.exe.bad

    Deleted

    D:\VundoFix Backups\twbhovcu.exe.bad

    Infected with: Trojan.LowZones.SA

    D:\VundoFix Backups\twbhovcu.exe.bad

    Disinfection failed

    D:\VundoFix Backups\twbhovcu.exe.bad

    Deleted

    D:\VundoFix Backups\yugcmied.dll.bad

    Infected with: MemScan:Trojan.BHO.BM

    D:\VundoFix Backups\yugcmied.dll.bad

    Disinfection failed

    D:\VundoFix Backups\yugcmied.dll.bad

    Deleted

    D:\WINDOWS\system32\lyorgira.dll

    Infected with: Trojan.BHO.BP

    D:\WINDOWS\system32\lyorgira.dll

    Disinfection failed

    D:\WINDOWS\system32\lyorgira.dll

    Deleted

    D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_

    Infected with: Trojan.Clicker.Small.YB

    D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_

    Disinfection failed

    D:\WINDOWS\system32\__delete_on_reboot__j_3_2_9_1_8_3_3_._d_l_l_

    Deleted

    merci pour tout
    0
  4. Utilisateur anonyme
     
    Bonjour

    Supprime ce dossier : D:\VundoFix Backups

    ¤ Pour Clean :

    - Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
    Entre dans le dossier Clean
    Double clic sur clean ou clean.cmd et choisis l'option 2
    Dès qu'il a terminé redémarre normalement.

    ¤ Pour terminer :

    Alors ceci : C:\System Volume Information\_restore (voir rapport Bitdefender )
    indique que ta restauration du système etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.

    Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"

    ¤ coches la case "desactiver la restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
    ¤ décoches la case et clic sur "appliquer" puis "ok".

    Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre :

    Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, clic sur "créer" puis "ok".
    Voilà, maintenant le point de restauration est créé
    Si un jour tu le décides, tu pourras revenir en arrière à la date que tu as créé ce point de restauration.
    En exécutant la restauration du système tu pourras remettre ton ordinateur à la date ou l'on à créé ce point de restauration mais tu perdras les modifications que tu auras fait entre deux.

    Puis dis moi comment se comporte ton PC ;-)
    0