VsAdd-in + d'autres virus G essayé Vundo
Dernière réponse : dans Sécurité
[#ff1c00]
Bonjour,
Je répète donc ce que je disais dans le message de djlol!
J'ai utilisé la manip conseillé avec vundo.exe
mais au redemarrage de mon ordi, il m'a dit qu'un fichier ..exe manquait pour redemarrer vundo!
Sinon je vais coller ci-joint la rapport qu'à fait vundo sur mon PC:
VundoFix V6.3.15
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 10:18:14 09/03/2007
Listing files found while scanning....
VundoFix V6.3.15
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 10:50:23 09/03/2007
Listing files found while scanning....
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\inyfqtmb.dll
C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\urqqp.dll
Beginning removal...
Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\pqqru.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\urqqp.dll
C:\WINDOWS\System32\urqqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Merci de me dire quoi faire apres s'il vous plait
sinon j'entame la suite de la procédure qu'avait donné Anghelp
Bonjour,
Je répète donc ce que je disais dans le message de djlol!
J'ai utilisé la manip conseillé avec vundo.exe
mais au redemarrage de mon ordi, il m'a dit qu'un fichier ..exe manquait pour redemarrer vundo!
Sinon je vais coller ci-joint la rapport qu'à fait vundo sur mon PC:
VundoFix V6.3.15
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 10:18:14 09/03/2007
Listing files found while scanning....
VundoFix V6.3.15
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 10:50:23 09/03/2007
Listing files found while scanning....
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\inyfqtmb.dll
C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\urqqp.dll
Beginning removal...
Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!
Attempting to delete C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Pur Family\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!
Attempting to delete C:\WINDOWS\System32\pqqru.bak1
C:\WINDOWS\System32\pqqru.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\pqqru.ini
C:\WINDOWS\System32\pqqru.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\urqqp.dll
C:\WINDOWS\System32\urqqp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Merci de me dire quoi faire apres s'il vous plait
sinon j'entame la suite de la procédure qu'avait donné Anghelp
Autres pages sur : vsadd virus essaye vundo
Lassé par la pub ? Créez un compte
[#ff0000]G effectué le scan en mode sans echec de SDfix
voici le rapport:
SDFix: Version 1.70
Run by Pur Family - 09/03/2007 / 15:35:14,58
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Pur Family\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\TFTP1016 - Deleted
C:\WINDOWS\system32\TFTP1128 - Deleted
C:\WINDOWS\system32\TFTP1140 - Deleted
C:\WINDOWS\system32\TFTP1204 - Deleted
C:\WINDOWS\system32\TFTP1284 - Deleted
C:\WINDOWS\system32\TFTP1316 - Deleted
C:\WINDOWS\system32\TFTP1464 - Deleted
C:\WINDOWS\system32\TFTP1532 - Deleted
C:\WINDOWS\system32\TFTP1628 - Deleted
C:\WINDOWS\system32\TFTP1644 - Deleted
C:\WINDOWS\system32\TFTP1736 - Deleted
C:\WINDOWS\system32\TFTP1780 - Deleted
C:\WINDOWS\system32\TFTP1804 - Deleted
C:\WINDOWS\system32\TFTP1824 - Deleted
C:\WINDOWS\system32\TFTP184 - Deleted
C:\WINDOWS\system32\TFTP1860 - Deleted
C:\WINDOWS\system32\TFTP1900 - Deleted
C:\WINDOWS\system32\TFTP2116 - Deleted
C:\WINDOWS\system32\TFTP2128 - Deleted
C:\WINDOWS\system32\TFTP2176 - Deleted
C:\WINDOWS\system32\TFTP2188 - Deleted
C:\WINDOWS\system32\TFTP2252 - Deleted
C:\WINDOWS\system32\TFTP2284 - Deleted
C:\WINDOWS\system32\TFTP2400 - Deleted
C:\WINDOWS\system32\TFTP2412 - Deleted
C:\WINDOWS\system32\TFTP2456 - Deleted
C:\WINDOWS\system32\TFTP2504 - Deleted
C:\WINDOWS\system32\TFTP2832 - Deleted
C:\WINDOWS\system32\TFTP2836 - Deleted
C:\WINDOWS\system32\TFTP384 - Deleted
C:\WINDOWS\system32\TFTP412 - Deleted
C:\WINDOWS\system32\TFTP512 - Deleted
C:\WINDOWS\system32\TFTP548 - Deleted
C:\WINDOWS\system32\TFTP564 - Deleted
C:\WINDOWS\system32\TFTP568 - Deleted
C:\WINDOWS\system32\TFTP596 - Deleted
C:\WINDOWS\system32\TFTP600 - Deleted
C:\WINDOWS\system32\TFTP648 - Deleted
C:\WINDOWS\system32\TFTP784 - Deleted
C:\WINDOWS\system32\TFTP792 - Deleted
C:\WINDOWS\system32\TFTP832 - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"="C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe:*:Enabled:Communication service"
@=""
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\PURFAM~1\Bureau\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\Documents and Settings\Pur Family\Local Settings\Application Data\Microsoft\Messenger\garmot1@hotmail.com\Sharing Folders\hystero_angel_mechante_fee@hotmail.com\Thumbs.db
C:\Documents and Settings\Pur Family\Local Settings\Application Data\Microsoft\Messenger\garmot1@hotmail.com\Sharing Folders\sebpihen@hotmail.com\Thumbs.db
C:\WINDOWS\system32\urqqp.dll
C:\WINDOWS\system32\vturrqo.dll
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\textes Melo\~WRL0001.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL0193.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL1676.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL2957.tmp
C:\Documents and Settings\Pur Family\Bureau\Melo\TEXTES\TEXTOS\~WRL3182.tmp
C:\WINDOWS\LastGood.Tmp\INF\oem35.inf
C:\WINDOWS\LastGood.Tmp\INF\oem35.PNF
Add/Remove Programs List:
Commande ECHO d‚sactiv‚e.
Adobe Acrobat 5.0
Navigateur Orange
Gestionnaire Internet
Pinnacle Hollywood FX 4.6
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
Canon Utilities RemoteCapture 2.7
Canon Utilities File Viewer Utility 1.3
NEC Mobile Drivers
Canon Internet Library for ZoomBrowser EX
OpenMG Secure Module 4.0.00
Canon RemoteCapture Task for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
NEC Mobile Suite
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Java 2 Runtime Environment Standard Edition v1.3.0_02
Correctif Windows XP - KB822603
Microsoft DirectX 9.0b - KB830363
Correctif Windows XP - KB842787
Macromedia Shockwave Player
Mozilla Firefox (2.0.0.2)
NEC WMC USB_AD1 Software
NEC WMC USB_BJ1 Software
NEC WMC USB_BK1 Software
NEC WMC USB_T1 Software
OpenMG Limited Patch 4.0-04-08-02-01
Canon PhotoRecord
Programme de gestion Camera de Logitech©
Adobe Flash Player 9 ActiveX
Skype 3.0
SLD CODEC PACK 1.5.3
VideoLAN VLC media player 0.8.2
Lecteur Windows Mediaÿ10
Archiveur WinRAR
Zero Popup (remove only)
CP_Package_Variety1
Destinations
AiO_Scan
RemoteCapture 2.7.5
HP Software Update
CP_Package_Variety3
Unload
File Viewer Utility 1.3.2
TrayApp
NEC Mobile Drivers
J2SE Runtime Environment 5.0 Update 3
Skype Plugin Manager
iTunes
MD Simple Burner 2.0.04
SAGEM F@st 800-840
Studio Content CD
QuickTime
Studio 8
NewCopy
WebReg
MarketResearch
HP PSC & OfficeJet 5.3.B
1500
eSupportQFolder
HP Photosmart Essential
CIG
DocProc
OpenMG Secure Module 4.0.00
CustomerResearchQFolder
SonicStage
VSAdd-in for Internet Explorer
AiOSoftware
Sentinel System Driver 5.41.0 (32-bit)
ProductContext
1500_Help
RemoteCapture Task
Microsoft Office XP Professional avec FrontPage
Readme
BitDefender Internet Security v10
ScannerCopy
Camera Window
Nero - Burning Rom
Apple Software Update
DeviceManagementQFolder
Adobe Reader 7.0 - Fran‡ais
ArcSoft Camera Suite
Lapin Malin Initiation … l'anglais CP
CP_Package_Variety2
BufferChm
Canon Utilities ZoomBrowser EX
Scan
1500Trb
NEC Mobile Suite
Fax
RAW Image Task
HPProductAssistant
SolutionCenter
Pinnacle Instant DVD Recorder
PhotoStitch
Status
Windows Live Messenger
Finished
Je fais quoi maintenant s'il vous plait?
[#ff0e00] ![:pt1cable:]( ":pt1cable:")
Voici le rapport de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:09:25, on 09/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe
C:\Documents and Settings\Pur Family\Bureau\test.exe
c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06954F75-FA48-4688-9876-1C0D731AC7E4} - C:\WINDOWS\System32\urqqp.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\System32\vturrqo.dll
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Servicio Local] svhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\yhtaldra.dll",setvm
O4 - HKLM\..\RunServices: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common files\updater\wupdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://saint-valentin.maville.orange.fr/Villes/paris/ph...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturrqo - C:\WINDOWS\SYSTEM32\vturrqo.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Voici le rapport de Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 16:09:25, on 09/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\upgrepl.exe
C:\Documents and Settings\Pur Family\Bureau\test.exe
c:\program files\fichiers communs\softwin\bitdefender scan server\bdss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06954F75-FA48-4688-9876-1C0D731AC7E4} - C:\WINDOWS\System32\urqqp.dll
O2 - BHO: (no name) - {1EB27C5E-3DF4-41E2-B51A-D80F812D561D} - C:\WINDOWS\System32\vturrqo.dll
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\HTMLEdit.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [Servicio Local] svhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32\yhtaldra.dll",setvm
O4 - HKLM\..\RunServices: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Servicio Local] svhost.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common files\updater\wupdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/a...
O16 - DPF: {2D37B9E8-C14C-482C-B1CF-939C5440E179} (VTToolkit Control) - http://saint-valentin.maville.orange.fr/Villes/paris/ph...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: vturrqo - C:\WINDOWS\SYSTEM32\vturrqo.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
il te reste encore blacklight, clean, smitfraudfix et navilog
non mais sérieux, tu finiras par télécharger tous les programmes?
ne télécharge jamais un programme spécial sans la demande d'un Helper
Il reste du Vundo et autres
1ère étape:
Télécharge VundoFix.exe ici: (dans le bureau)
http://www.atribune.org/ccount/click.php?id=4
Double-clique sur le fichier: "VundoFix.exe" (sans guiellemets) afin de le lancer
->Clique sur le bouton "Scan for Vundo"
* Lorsque le scan sera complété, clique sur le bouton: "Remove Vundo"
* Clique sur "Yes" lorsque un message s'affiche pour te demander de confirmer la supression des fichiers
* Le Bureau disparaîtra le temps de supprimer les fichiers infectés, ne t'inquiète pas
* Un nouveau message est affiché pour prévenir d'un redémarrage, clique sur Ok
Après redémarrage, Ouvre le fichier suivant: C:\Vundofix.txt
->Copie le contenu de ce rapport et colle-le ici, ainsi qu'un nouveau Hijackthis
Note: Si Vundofix ne peut pas supprimer un fichier infecté, il se lancera au redémarrage, tu auras à refaire les instructions citées.
2ème étape:
Télécharge Clean.zip (de Malekal) ici:
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
non mais sérieux, tu finiras par télécharger tous les programmes?
ne télécharge jamais un programme spécial sans la demande d'un Helper
Il reste du Vundo et autres
1ère étape:
Télécharge VundoFix.exe ici: (dans le bureau)
http://www.atribune.org/ccount/click.php?id=4
Double-clique sur le fichier: "VundoFix.exe" (sans guiellemets) afin de le lancer
->Clique sur le bouton "Scan for Vundo"
* Lorsque le scan sera complété, clique sur le bouton: "Remove Vundo"
* Clique sur "Yes" lorsque un message s'affiche pour te demander de confirmer la supression des fichiers
* Le Bureau disparaîtra le temps de supprimer les fichiers infectés, ne t'inquiète pas
* Un nouveau message est affiché pour prévenir d'un redémarrage, clique sur Ok
Après redémarrage, Ouvre le fichier suivant: C:\Vundofix.txt
->Copie le contenu de ce rapport et colle-le ici, ainsi qu'un nouveau Hijackthis
Note: Si Vundofix ne peut pas supprimer un fichier infecté, il se lancera au redémarrage, tu auras à refaire les instructions citées.
2ème étape:
Télécharge Clean.zip (de Malekal) ici:
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus tr vundo impossible a supprimer
- ForumVirus vundo virtumonde
- ForumVirus trojan vundo
- ForumVirus et trojan vundo desinstallation
- ForumVirus tr vundo
- ForumVundo virus
- ForumVirus vundo le retour
- ForumVirus infecte par trojan vundo
- ForumVirus vundo entre autre rapport rsit
- ForumDe l'aide virus vundo
- Voir plus
