Infecte par le virus trojan.vundo

Matthieu -  
raleuboleu Messages postés 5028 Statut Membre -
Bonjour,

comme le dis mon message je suis infecte par le virus trojan.vundo

que dois je faire, je n'y connais rien

Merci de m'aider
Configuration: Windows XP
Firefox 2.0.0.4

11 réponses

  1. seifer197802 Messages postés 940 Statut Membre 157
     
    TOUT SIMPLEMENT LE SUPRIMER,
    POUR BIEN FAIRE, DEMARRE EN MODE ADMINISTRATEUR, DESACTIVE LA RESTAURATION SISTEME.
    FAIS UN SCAN COMPLET DE TON PC AVEC TON ANTIVIRUS. APRES SUPPRESSION DU TROJAN
    REDEMARRE EN MODE NORMAL ET TERMINE EN REACTIVANT LA RESTAURATION SISTEME.
    QUELQUES TROJAN ARRIVE A SINSTALLER DANS LE DOSSIER SYSTEM32 DONC APRES L'AVOIR SUPPRIMER, IL REVIENNE APRES CHAQUE DEMARRAGE DE WINDOWS, C'EST POUR CELA QU'IL FAUT DESACTIVER LA RESTAURATION SISTEME AVANT L'ERADICATION DU TROJAN.
    0
  2. felix
     
    prend le anti virus avg il va pouvoir les désinfecter sa marche je laI de ja eu beun un virus dans se genre la
    0
  3. Matthieu
     
    j ai norton et spyware docotr

    es ce que ce sont deux antivirus qui ne fonctionne pas ensemble?

    Merci pour votre réponse si rapide

    es ce que je peux le supprimer avec vundofix.exe
    0
  4. seifer197802 Messages postés 940 Statut Membre 157
     
    Fais les manip que je t'ais expliqué plus haut
    en te servant de norton pour scanner et supprimer le trojan
    il saurat tres bien le faire. biensur assure toi que norton soit a jour.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. raleuboleu Messages postés 5028 Statut Membre 79
     
    saluttt

    tu peux tenter ces 2 'tueurs "loool

    1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.

    2/ Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    d'ailleus fais les 2 et reposte 1 log hijack

    bizoux
    0
  7. Matthieu
     
    Voici le rapport virtumundoBegone :

    [06/10/2007, 19:17:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matthieu HOUDE\Bureau\VirtumundoBeGone.exe" )
    [06/10/2007, 19:17:36] - Detected System Information:
    [06/10/2007, 19:17:36] - Windows Version: 5.1.2600, Service Pack 2
    [06/10/2007, 19:17:36] - Current Username: Matthieu HOUDE (Admin)
    [06/10/2007, 19:17:36] - Windows is in NORMAL mode.
    [06/10/2007, 19:17:36] - Searching for Browser Helper Objects:
    [06/10/2007, 19:17:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:36] - BHO 2: {16CDB865-FD6A-4EFE-9898-433A8E2BCD95} ()
    [06/10/2007, 19:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:36] - Checking for HKLM\...\Winlogon\Notify\ssqrs
    [06/10/2007, 19:17:36] - Found: HKLM\...\Winlogon\Notify\ssqrs - This is probably Virtumundo.
    [06/10/2007, 19:17:36] - Assigning {16CDB865-FD6A-4EFE-9898-433A8E2BCD95} MSEvents Object
    [06/10/2007, 19:17:36] - BHO list has been changed! Starting over...
    [06/10/2007, 19:17:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:36] - BHO 2: {16CDB865-FD6A-4EFE-9898-433A8E2BCD95} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 3: {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92} ()
    [06/10/2007, 19:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:36] - Checking for HKLM\...\Winlogon\Notify\ssqrs
    [06/10/2007, 19:17:36] - Found: HKLM\...\Winlogon\Notify\ssqrs - This is probably Virtumundo.
    [06/10/2007, 19:17:36] - Assigning {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92} MSEvents Object
    [06/10/2007, 19:17:36] - BHO list has been changed! Starting over...
    [06/10/2007, 19:17:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:36] - BHO 2: {16CDB865-FD6A-4EFE-9898-433A8E2BCD95} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 3: {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 4: {54CBB12C-3481-4C5D-942D-4976C0F0A406} ()
    [06/10/2007, 19:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:36] - Checking for HKLM\...\Winlogon\Notify\yaywtro
    [06/10/2007, 19:17:36] - Key not found: HKLM\...\Winlogon\Notify\yaywtro, continuing.
    [06/10/2007, 19:17:36] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/10/2007, 19:17:36] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/10/2007, 19:17:36] - BHO 7: {AD36A192-9186-4715-8344-DB4768D10C34} ()
    [06/10/2007, 19:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:36] - Checking for HKLM\...\Winlogon\Notify\ddaby
    [06/10/2007, 19:17:36] - Found: HKLM\...\Winlogon\Notify\ddaby - This is probably Virtumundo.
    [06/10/2007, 19:17:36] - Assigning {AD36A192-9186-4715-8344-DB4768D10C34} MSEvents Object
    [06/10/2007, 19:17:36] - BHO list has been changed! Starting over...
    [06/10/2007, 19:17:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:36] - BHO 2: {16CDB865-FD6A-4EFE-9898-433A8E2BCD95} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 3: {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 4: {54CBB12C-3481-4C5D-942D-4976C0F0A406} ()
    [06/10/2007, 19:17:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:36] - Checking for HKLM\...\Winlogon\Notify\yaywtro
    [06/10/2007, 19:17:36] - Key not found: HKLM\...\Winlogon\Notify\yaywtro, continuing.
    [06/10/2007, 19:17:36] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/10/2007, 19:17:36] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/10/2007, 19:17:36] - BHO 7: {AD36A192-9186-4715-8344-DB4768D10C34} (MSEvents Object)
    [06/10/2007, 19:17:36] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:36] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
    [06/10/2007, 19:17:36] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/10/2007, 19:17:36] - Finished Searching Browser Helper Objects
    [06/10/2007, 19:17:36] - *** Detected MSEvents Object
    [06/10/2007, 19:17:36] - Trying to remove MSEvents Object...
    [06/10/2007, 19:17:37] - Terminating Process: IEXPLORE.EXE
    [06/10/2007, 19:17:37] - Terminating Process: RUNDLL32.EXE
    [06/10/2007, 19:17:37] - Disabling Automatic Shell Restart
    [06/10/2007, 19:17:37] - Terminating Process: EXPLORER.EXE
    [06/10/2007, 19:17:37] - Suspending the NT Session Manager System Service
    [06/10/2007, 19:17:38] - Terminating Windows NT Logon/Logoff Manager
    [06/10/2007, 19:17:38] - Re-enabling Automatic Shell Restart
    [06/10/2007, 19:17:38] - File to disable: C:\WINDOWS\system32\ssqrs.dll
    [06/10/2007, 19:17:38] - Removing HKLM\...\Browser Helper Objects\{16CDB865-FD6A-4EFE-9898-433A8E2BCD95}
    [06/10/2007, 19:17:38] - Removing HKCR\CLSID\{16CDB865-FD6A-4EFE-9898-433A8E2BCD95}
    [06/10/2007, 19:17:38] - Adding Kill Bit for ActiveX for GUID: {16CDB865-FD6A-4EFE-9898-433A8E2BCD95}
    [06/10/2007, 19:17:38] - Deleting ATLEvents/MSEvents Registry entries
    [06/10/2007, 19:17:38] - Removing HKLM\...\Winlogon\Notify\ssqrs
    [06/10/2007, 19:17:38] - Searching for Browser Helper Objects:
    [06/10/2007, 19:17:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:38] - BHO 2: {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92} (MSEvents Object)
    [06/10/2007, 19:17:38] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:38] - BHO 3: {54CBB12C-3481-4C5D-942D-4976C0F0A406} ()
    [06/10/2007, 19:17:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:38] - Checking for HKLM\...\Winlogon\Notify\yaywtro
    [06/10/2007, 19:17:38] - Key not found: HKLM\...\Winlogon\Notify\yaywtro, continuing.
    [06/10/2007, 19:17:38] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/10/2007, 19:17:38] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/10/2007, 19:17:38] - BHO 6: {AD36A192-9186-4715-8344-DB4768D10C34} (MSEvents Object)
    [06/10/2007, 19:17:38] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:38] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
    [06/10/2007, 19:17:38] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/10/2007, 19:17:38] - Finished Searching Browser Helper Objects
    [06/10/2007, 19:17:38] - *** Detected MSEvents Object
    [06/10/2007, 19:17:38] - Trying to remove MSEvents Object...
    [06/10/2007, 19:17:39] - Terminating Process: IEXPLORE.EXE
    [06/10/2007, 19:17:39] - Terminating Process: RUNDLL32.EXE
    [06/10/2007, 19:17:39] - Disabling Automatic Shell Restart
    [06/10/2007, 19:17:39] - Terminating Process: EXPLORER.EXE
    [06/10/2007, 19:17:39] - Suspending the NT Session Manager System Service
    [06/10/2007, 19:17:39] - Terminating Windows NT Logon/Logoff Manager
    [06/10/2007, 19:17:39] - Re-enabling Automatic Shell Restart
    [06/10/2007, 19:17:39] - File to disable: C:\WINDOWS\system32\ssqrs.dll
    [06/10/2007, 19:17:39] - Removing HKLM\...\Browser Helper Objects\{4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92}
    [06/10/2007, 19:17:39] - Removing HKCR\CLSID\{4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92}
    [06/10/2007, 19:17:39] - Adding Kill Bit for ActiveX for GUID: {4B64127B-2CBA-4DE5-9BB9-4A18BBDB4E92}
    [06/10/2007, 19:17:39] - Deleting ATLEvents/MSEvents Registry entries
    [06/10/2007, 19:17:39] - Removing HKLM\...\Winlogon\Notify\ssqrs
    [06/10/2007, 19:17:39] - Searching for Browser Helper Objects:
    [06/10/2007, 19:17:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:39] - BHO 2: {54CBB12C-3481-4C5D-942D-4976C0F0A406} ()
    [06/10/2007, 19:17:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:39] - Checking for HKLM\...\Winlogon\Notify\yaywtro
    [06/10/2007, 19:17:39] - Key not found: HKLM\...\Winlogon\Notify\yaywtro, continuing.
    [06/10/2007, 19:17:39] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/10/2007, 19:17:39] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/10/2007, 19:17:39] - BHO 5: {AD36A192-9186-4715-8344-DB4768D10C34} (MSEvents Object)
    [06/10/2007, 19:17:39] - ALERT: Found MSEvents Object!
    [06/10/2007, 19:17:39] - BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
    [06/10/2007, 19:17:40] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/10/2007, 19:17:40] - Finished Searching Browser Helper Objects
    [06/10/2007, 19:17:40] - *** Detected MSEvents Object
    [06/10/2007, 19:17:40] - Trying to remove MSEvents Object...
    [06/10/2007, 19:17:41] - Terminating Process: IEXPLORE.EXE
    [06/10/2007, 19:17:41] - Terminating Process: RUNDLL32.EXE
    [06/10/2007, 19:17:41] - Disabling Automatic Shell Restart
    [06/10/2007, 19:17:41] - Terminating Process: EXPLORER.EXE
    [06/10/2007, 19:17:41] - Suspending the NT Session Manager System Service
    [06/10/2007, 19:17:41] - Terminating Windows NT Logon/Logoff Manager
    [06/10/2007, 19:17:41] - Re-enabling Automatic Shell Restart
    [06/10/2007, 19:17:41] - File to disable: C:\WINDOWS\system32\ddaby.dll
    [06/10/2007, 19:17:41] - Removing HKLM\...\Browser Helper Objects\{AD36A192-9186-4715-8344-DB4768D10C34}
    [06/10/2007, 19:17:41] - Removing HKCR\CLSID\{AD36A192-9186-4715-8344-DB4768D10C34}
    [06/10/2007, 19:17:41] - Adding Kill Bit for ActiveX for GUID: {AD36A192-9186-4715-8344-DB4768D10C34}
    [06/10/2007, 19:17:41] - Deleting ATLEvents/MSEvents Registry entries
    [06/10/2007, 19:17:41] - Removing HKLM\...\Winlogon\Notify\ddaby
    [06/10/2007, 19:17:41] - Searching for Browser Helper Objects:
    [06/10/2007, 19:17:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/10/2007, 19:17:41] - BHO 2: {54CBB12C-3481-4C5D-942D-4976C0F0A406} ()
    [06/10/2007, 19:17:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/10/2007, 19:17:41] - Checking for HKLM\...\Winlogon\Notify\yaywtro
    [06/10/2007, 19:17:41] - Key not found: HKLM\...\Winlogon\Notify\yaywtro, continuing.
    [06/10/2007, 19:17:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/10/2007, 19:17:41] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [06/10/2007, 19:17:41] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
    [06/10/2007, 19:17:41] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/10/2007, 19:17:41] - Finished Searching Browser Helper Objects
    [06/10/2007, 19:17:41] - Finishing up...
    [06/10/2007, 19:17:41] - A restart is needed.
    [06/10/2007, 19:17:44] - Attempting to Restart via STOP error (Blue Screen!)

    Voici le log de hijack :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:47:53, on 2007-06-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Pidgin\pidgin.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Documents and Settings\Matthieu HOUDE\Bureau\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\yaywtro.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Connexions Compaq.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\xampplite\apache\bin\apache.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: mysql - Unknown owner - C:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

    Que dois je faire Merci
    0
  8. raleuboleu Messages postés 5028 Statut Membre 79
     
    Bonsoir!!!

    je matte ceci taleur car 3h30 loooool raaaaaaaaaaaaaaaa fallais je matte l'heure!!! je regarde tou ca preko reveil ^^

    bizoux
    0
  9. raleuboleu Messages postés 5028 Statut Membre 79
     
    remoi

    si possible rend toi sur ce lien "interressant et pleins de ressources!!!) :

    virus methode preliminaire de desinfection version fr

    désinstallle hijack et suis les instructions du blog de mister Claude !!! poste 1 log ensuite

    alllez moi te dis good night car me leve dans 3h raaaaaaaaaaaaaaaaaa je deteste le temps des fois looool

    bye et bonne nuit

    bizoux
    0
  10. Matthieu
     
    Rapport bitdefender :

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Tue, Jun 12, 2007 - 00:22:02

    Scan Info

    Scanned Files

    362982

    Infected Files

    1

    Virus Detected

    Trojan.Agent.QT

    1

    Rapport de hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 00:26:09, on 2007-06-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Pidgin\pidgin.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compaq-consumer.my.aol.qc.ca/?icid=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Connexions Compaq.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
    O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
    O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Google\Google Desktop Search\Plugins\gdSkype\skype4com.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\xampplite\apache\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: mysql - Unknown owner - C:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    Et maintenant que dois je faire
    0
  11. raleuboleu Messages postés 5028 Statut Membre 79
     
    alu

    si toujours !!

    commence par ceci pour voir :

    élécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.

    et si cela ne suffit pas on verra + loin

    bizoux
    0