9 trojan : rapport vundofix & hijackthisRésolu/Fermé

Question

Salut à tous,
Je crois que j'ai décrochée le gros lot : 9 trojan rien que pour ma poire!!! je vous en fais profiter, ci-dessous leur nom.
agent.aaoa
agent.anr.1
agent.aoy.3
bho.bd.4
click.small.mw
crypt.ulpm.gen
dldr.conhook.gen
juansearch.b
psw.gamania.b

ci-dessous le rapport vundofix suivi du rapport hijackthis


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 15:17:38 21/07/2007

Listing files found while scanning....

c:\windows\msapps\expodbc.dll
C:\windows\system32\aiuwbotl.dll
C:\windows\system32\anqkwsvd.dll
C:\WINDOWS\system32\atiyetlh.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\bkxmksxa.dll
C:\WINDOWS\system32\cqdlcyrd.dll
C:\windows\system32\cvfplemv.dll
C:\windows\system32\dudactsp.ini
C:\windows\system32\edfvmboh.dll
C:\windows\system32\emsxnrbp.exe
C:\windows\system32\enmlpfdn.exe
C:\windows\system32\enohecas.exe
C:\windows\system32\fdnljoxy.dll
C:\windows\system32\ggxcqkjg.dll
C:\windows\system32\glnkhkmi.dll
C:\windows\system32\gqibqwks.dll
C:\windows\system32\grihcuug.dll
C:\windows\system32\guuchirg.ini
C:\windows\system32\guuchirg.ini2
C:\windows\system32\guuchirg.tmp
C:\windows\system32\gwtylydq.ini
C:\WINDOWS\system32\hfrvrshl.dll
C:\WINDOWS\system32\hlwtsxlp.dll
C:\windows\system32\hnxalptj.dll
C:\windows\system32\hobmvfde.ini
C:\WINDOWS\system32\ifrtssdc.dll
C:\windows\system32\imkhknlg.ini
C:\windows\system32\j6291230.dll
C:\windows\system32\jglqdpls.ini
C:\WINDOWS\system32\jkyupydg.dll
C:\windows\system32\jtplaxnh.ini
C:\windows\system32\jwrthxox.exe
C:\windows\system32\jybdhcpa.dll
C:\windows\system32\kgwqwopt.exe
C:\windows\system32\lndgycsf.dll
C:\windows\system32\ltobwuia.ini
C:\windows\system32\ltobwuia.tmp
C:\windows\system32\lyqlhelx.dll
C:\WINDOWS\system32\mdrkqmtx.dll
C:\windows\system32\mhvvtaok.dll
C:\windows\system32\mkbvqlqt.dll
C:\windows\system32
lobaicr.dll
C:\windows\system32\ojqqyhno.dll
C:\windows\system32\onhyqqjo.ini
C:\windows\system32\pclbxrht.dll
C:\windows\system32\pjjewlyk.exe
C:\WINDOWS\system32\pmnkiif.dll
C:\windows\system32\pstcadud.dll
C:\windows\system32\pykghrev.dll
C:\windows\system32\qdylytwg.dll
C:\windows\system32jsotetx.dll
C:\windows\system32\skwqbiqg.ini
C:\windows\system32\slpdqlgj.dll
C:\windows\system32\sstwa.bak1
C:\windows\system32\sstwa.bak2
C:\windows\system32\sstwa.ini
C:\windows\system32\sstwa.ini2
C:\windows\system32\sstwa.tmp
C:\windows\system32\sukmjrja.exe
C:\windows\system32\suxmbohy.dll
C:\WINDOWS\system32	dgwdvxx.dll
C:\windows\system32	hrxblcp.ini
C:\windows\system32\usgrghtc.exe
C:\windows\system32\vmelpfvc.ini
C:\windows\system32\xhulhhhs.dll
C:\windows\system32\xlehlqyl.ini
C:\windows\system32\xtetosjr.ini
C:\windows\system32\xxvdwgdt.ini
C:\windows\system32\yhobmxus.ini
C:\windows\system32\ysoeppvd.exe

Beginning removal...

 Attempting to delete c:\windows\msapps\expodbc.dll
c:\windows\msapps\expodbc.dll Has been deleted!

 Attempting to delete C:\windows\system32\aiuwbotl.dll
C:\windows\system32\aiuwbotl.dll Has been deleted!

 Attempting to delete C:\windows\system32\anqkwsvd.dll
C:\windows\system32\anqkwsvd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\atiyetlh.dll
C:\WINDOWS\system32\atiyetlh.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bkxmksxa.dll
C:\WINDOWS\system32\bkxmksxa.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\cqdlcyrd.dll
C:\WINDOWS\system32\cqdlcyrd.dll Has been deleted!

 Attempting to delete C:\windows\system32\cvfplemv.dll
C:\windows\system32\cvfplemv.dll Has been deleted!

 Attempting to delete C:\windows\system32\dudactsp.ini
C:\windows\system32\dudactsp.ini Has been deleted!

 Attempting to delete C:\windows\system32\edfvmboh.dll
C:\windows\system32\edfvmboh.dll Has been deleted!

 Attempting to delete C:\windows\system32\emsxnrbp.exe
C:\windows\system32\emsxnrbp.exe Has been deleted!

 Attempting to delete C:\windows\system32\enmlpfdn.exe
C:\windows\system32\enmlpfdn.exe Has been deleted!

 Attempting to delete C:\windows\system32\enohecas.exe
C:\windows\system32\enohecas.exe Could not be deleted.

 Attempting to delete C:\windows\system32\fdnljoxy.dll
C:\windows\system32\fdnljoxy.dll Has been deleted!

 Attempting to delete C:\windows\system32\ggxcqkjg.dll
C:\windows\system32\ggxcqkjg.dll Has been deleted!

 Attempting to delete C:\windows\system32\glnkhkmi.dll
C:\windows\system32\glnkhkmi.dll Has been deleted!

 Attempting to delete C:\windows\system32\gqibqwks.dll
C:\windows\system32\gqibqwks.dll Has been deleted!

 Attempting to delete C:\windows\system32\grihcuug.dll
C:\windows\system32\grihcuug.dll Has been deleted!

 Attempting to delete C:\windows\system32\guuchirg.ini
C:\windows\system32\guuchirg.ini Has been deleted!

 Attempting to delete C:\windows\system32\guuchirg.ini2
C:\windows\system32\guuchirg.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\guuchirg.tmp
C:\windows\system32\guuchirg.tmp Has been deleted!

 Attempting to delete C:\windows\system32\gwtylydq.ini
C:\windows\system32\gwtylydq.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hlwtsxlp.dll
C:\WINDOWS\system32\hlwtsxlp.dll Has been deleted!

 Attempting to delete C:\windows\system32\hnxalptj.dll
C:\windows\system32\hnxalptj.dll Has been deleted!

 Attempting to delete C:\windows\system32\hobmvfde.ini
C:\windows\system32\hobmvfde.ini Has been deleted!

 Attempting to delete C:\windows\system32\imkhknlg.ini
C:\windows\system32\imkhknlg.ini Has been deleted!

 Attempting to delete C:\windows\system32\j6291230.dll
C:\windows\system32\j6291230.dll Could not be deleted.

 Attempting to delete C:\windows\system32\jglqdpls.ini
C:\windows\system32\jglqdpls.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkyupydg.dll
C:\WINDOWS\system32\jkyupydg.dll Has been deleted!

 Attempting to delete C:\windows\system32\jtplaxnh.ini
C:\windows\system32\jtplaxnh.ini Has been deleted!

 Attempting to delete C:\windows\system32\jwrthxox.exe
C:\windows\system32\jwrthxox.exe Has been deleted!

 Attempting to delete C:\windows\system32\jybdhcpa.dll
C:\windows\system32\jybdhcpa.dll Has been deleted!

 Attempting to delete C:\windows\system32\kgwqwopt.exe
C:\windows\system32\kgwqwopt.exe Has been deleted!

 Attempting to delete C:\windows\system32\lndgycsf.dll
C:\windows\system32\lndgycsf.dll Has been deleted!

 Attempting to delete C:\windows\system32\ltobwuia.ini
C:\windows\system32\ltobwuia.ini Has been deleted!

 Attempting to delete C:\windows\system32\ltobwuia.tmp
C:\windows\system32\ltobwuia.tmp Has been deleted!

 Attempting to delete C:\windows\system32\lyqlhelx.dll
C:\windows\system32\lyqlhelx.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mdrkqmtx.dll
C:\WINDOWS\system32\mdrkqmtx.dll Has been deleted!

 Attempting to delete C:\windows\system32\mhvvtaok.dll
C:\windows\system32\mhvvtaok.dll Has been deleted!

 Attempting to delete C:\windows\system32\mkbvqlqt.dll
C:\windows\system32\mkbvqlqt.dll Has been deleted!

 Attempting to delete C:\windows\system32
lobaicr.dll
C:\windows\system32
lobaicr.dll Has been deleted!

 Attempting to delete C:\windows\system32\ojqqyhno.dll
C:\windows\system32\ojqqyhno.dll Has been deleted!

 Attempting to delete C:\windows\system32\onhyqqjo.ini
C:\windows\system32\onhyqqjo.ini Has been deleted!

 Attempting to delete C:\windows\system32\pclbxrht.dll
C:\windows\system32\pclbxrht.dll Has been deleted!

 Attempting to delete C:\windows\system32\pjjewlyk.exe
C:\windows\system32\pjjewlyk.exe Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnkiif.dll
C:\WINDOWS\system32\pmnkiif.dll Could not be deleted.

 Attempting to delete C:\windows\system32\pstcadud.dll
C:\windows\system32\pstcadud.dll Has been deleted!

 Attempting to delete C:\windows\system32\pykghrev.dll
C:\windows\system32\pykghrev.dll Has been deleted!

 Attempting to delete C:\windows\system32\qdylytwg.dll
C:\windows\system32\qdylytwg.dll Has been deleted!

 Attempting to delete C:\windows\system32jsotetx.dll
C:\windows\system32jsotetx.dll Has been deleted!

 Attempting to delete C:\windows\system32\skwqbiqg.ini
C:\windows\system32\skwqbiqg.ini Has been deleted!

 Attempting to delete C:\windows\system32\slpdqlgj.dll
C:\windows\system32\slpdqlgj.dll Could not be deleted.

 Attempting to delete C:\windows\system32\sstwa.bak1
C:\windows\system32\sstwa.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\sstwa.bak2
C:\windows\system32\sstwa.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\sstwa.ini
C:\windows\system32\sstwa.ini Has been deleted!

 Attempting to delete C:\windows\system32\sstwa.ini2
C:\windows\system32\sstwa.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\sstwa.tmp
C:\windows\system32\sstwa.tmp Has been deleted!

 Attempting to delete C:\windows\system32\sukmjrja.exe
C:\windows\system32\sukmjrja.exe Has been deleted!

 Attempting to delete C:\windows\system32\suxmbohy.dll
C:\windows\system32\suxmbohy.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	dgwdvxx.dll
C:\WINDOWS\system32	dgwdvxx.dll Could not be deleted.

 Attempting to delete C:\windows\system32	hrxblcp.ini
C:\windows\system32	hrxblcp.ini Has been deleted!

 Attempting to delete C:\windows\system32\usgrghtc.exe
C:\windows\system32\usgrghtc.exe Has been deleted!

 Attempting to delete C:\windows\system32\vmelpfvc.ini
C:\windows\system32\vmelpfvc.ini Has been deleted!

 Attempting to delete C:\windows\system32\xhulhhhs.dll
C:\windows\system32\xhulhhhs.dll Has been deleted!

 Attempting to delete C:\windows\system32\xlehlqyl.ini
C:\windows\system32\xlehlqyl.ini Has been deleted!

 Attempting to delete C:\windows\system32\xtetosjr.ini
C:\windows\system32\xtetosjr.ini Has been deleted!

 Attempting to delete C:\windows\system32\xxvdwgdt.ini
C:\windows\system32\xxvdwgdt.ini Has been deleted!

 Attempting to delete C:\windows\system32\yhobmxus.ini
C:\windows\system32\yhobmxus.ini Has been deleted!

 Attempting to delete C:\windows\system32\ysoeppvd.exe
C:\windows\system32\ysoeppvd.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\windows\system32\enohecas.exe
C:\windows\system32\enohecas.exe Could not be deleted.

 Attempting to delete C:\windows\system32\j6291230.dll
C:\windows\system32\j6291230.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnkiif.dll
C:\WINDOWS\system32\pmnkiif.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32	dgwdvxx.dll
C:\WINDOWS\system32	dgwdvxx.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 23:36:19 01/12/2007

Listing files found while scanning....

c:\windows\msapps\expodbc.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\hlwtsxlp.dll
C:\WINDOWS\system32\ifrtssdc.dll
C:\WINDOWS\system32\pmnkiif.dll
C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.ini

Beginning removal...

 Attempting to delete c:\windows\msapps\expodbc.dll
c:\windows\msapps\expodbc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.bak2
C:\WINDOWS\system32\sstwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:21, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla	fswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MM_DIR~1.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\msapps\expodbc.dll
O2 - BHO: (no name) - {67D02EEC-924B-4F89-95DA-B145FC26FFFF} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {6DB38642-A70F-4C98-B82F-80D80E29E1E0} - C:\WINDOWS\system32\pmnkiif.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC63C7A-5143-4DCC-B56D-7552558B0174} - C:\WINDOWS\system32\cetqcskm.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files
ero\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows	emp\adj_hp.reg (User 'Default user')
O4 - S-1-5-18 Startup: ddrive.js (User 'SYSTEM')
O4 - S-1-5-18 Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ddrive.js (User 'Default user')
O4 - .DEFAULT Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O4 - .DEFAULT User Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &backdraft - C:\Program Files\hattriX\backdraft.htm
O8 - Extra context menu item: &friendlier - C:\Program Files\hattriX\friendlier.htm
O8 - Extra context menu item: &head to head - C:\Program Files\hattriX\headtohead.htm
O8 - Extra context menu item: &live! - C:\Program Files\hattriX\live!.htm
O8 - Extra context menu item: &roundRate - C:\Program Files\hattriXoundRate.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0\IEShellExt.dll /300
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{627AB7A4-1D2D-4955-A633-0CBAF09A5919}: NameServer = 212.27.53.252,212.27.54.252
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O20 - Winlogon Notify: expodbc - c:\windows\msapps\expodbc.dll
O20 - Winlogon Notify: pmnkiif - pmnkiif.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

just.1 · Answer

PAs mal jolie score 9 trojan

green day · Answer

Salut

oui, pas mal ... 

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Démarrer en mode sans echec
    * Double cliquer combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan
    * Le rapport sera crée dans: C:\Combofix.txt; poste le stp

++

angel86000 · Answer

j'ai peur d'être enfermée dans une boucle infernale si je me mets en mode sans échec avec toutes les infections que j'ai
je préfère pas prendre le risque. les rapports que j'ai postés ne donnent pas d'indications ?
@+

just.1 · Answer

non désolé ils ne donnent pas d'explications

green day · Answer

Salut

 pas de soucis pour le mode sans echec, vundofix en a déjà supprimé pas mal, mais pas tous !

++

angel86000 · Answer

question peut-être naivive, mais elle servira peut-être aux néophites !
j'ai placée en quarantaine les fichiers contaminés par les 9 trojan sans essayer de les supprimer avec mon antivirus Antivir; comme c'est des fichiers qui se trouvent sous system32, j'ai pas voulu les supprimer. si je décide de les supprimer est-ce que l'antivirus me demandera une confirmation s'il s'agit d'un fichier nécessaire au système ?
et s'ils sont supprimés, les trojan disparaissent avec ???

désolée...

green day · Answer

ton infection, c'est du vundo, dons les fichiers.dll situés dans le fichier system32 appartiennent à la bébétte !

 ==>  à supprimer !

 pour réponde à ta question, je ne sais pas si antivir donne un message d'alerte si se sont des fichiers important, normalement oui, mais à confirmer !

++

jorginho67 · Answer

salut angel
coucou greenday !
pour ma leçon du jour,
ton infection, c'est du vundo, dons les fichiers.dll situés dans le fichier system32 appartiennent à la bébétte !

==> à supprimer ! 
 tous sans exeption ? par  mp si tu préferes ! thanks !

green day · Answer

Salut

Ce trojan nommé Vundo ou Virtumonde, ou encore trojan agent cs se caractérise par la présence d’un ou plusieurs fichiers.dll au nom aléatoire, se situant dans les fichiers system32 et visibles dans un rapport hijackthis au niveau des lignes 02 et/ou 020.

==> http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde*

 mais bon parfois elles ne sont pas toutes visibles comme on peut le constater, comme ici c'est quelques arbres qui cachent la forêt

@+

;-)

jorginho67 · Answer

;-)
merci !

green day · Answer

de nada ;-P

angel86000 · Answer

bonjour à tous,
je crois que j'en ai finie avec mes pb de PC (jusqu'à la prochaine fois hahaha...)
mon PC ramait, mes connexions internet sautaient et des messages publicitaires apparaissaient : je pensais mon PC perdu mais avec l'aide de tous j'ai aujourd'hui un PC qui carbure, une connexion internet fiable et je comprend le sens du mot haut débit, et plus de pub intempestive.
pour en arriver là, j'ai supprimée mon ancien antivirus bitdefender internet security v10 que j'avais crackée (du coup je n'avais pas les MAJ), que j'ai remplacé par le téléchargement d'Antivir puis Ad-Aware 2007 pour l'anti-spyware et Zona Alarm pour le firewall.
j'ai désinstallé avant bitdefender en téléchargeant un logiciel de désinstallation disponible sur leur site (https://www.bitdefender.fr/ j'ai téléchargé RegCleaner (http://www.commentcamarche.net/telecharger/logiciels regcleaner ) pour faire le ménage sur mon PC et éliminer proprement les logiciels que j'utilisais plus, j'ai supprimée les dernières traces de mon précédent antivirus Norton en téléchargeant Norton_Removal_Tool (http://service1.symantec.com/ ) et enfin j'ai supprimé le trojan Vundo avec Vundofix et en supprimant les fichier .dll qui se trouvaient dans les lignes O2 et O20 sur le rapport hijackthis (http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde).
mon pb n'est malgré tout pas complètement terminé, j'ai en stock encore une petite louchée de fichiers en quarantaine mais l'hémorragie est stoppée.

Un grand merci à tous les contributeurs de ce site !

@+

green day · Answer

si tu veux mettre un hijack, sinon bonne continuation !

@+

9 trojan : rapport vundofix & hijackthis

13 réponses

Discussions similaires

Newsletters