Trojan.vundo, HELP!!! je voudrai le supprimer

:pfff: Arrive pas a Supprimer trojan.vundo, HELP!!!

J'ai parcouru les forums, mais je comprends pas tout...
Ma config: Win XP pro SP2
NAV 2005
AdAware SE Pro
Search & Destroy

J'ai telechargé et utilisé Vundo fix ainsi que fixvundo, mais les messages incessants de
Nortron sont toujours là.
Merci de m'aider (Utilisateur pas trop expérimenté)

Message édité par zakarai le 02-03-2007 à 13:56:34

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

ha ce virus est a la mode on dirait :'(

Répondre à killar

Merci de ton sournois non-helping killar!
Non, mais désolé, mais il me mets hors de moi ce vundo à la con!

Message édité par zakarai le 02-03-2007 à 12:43:56

Répondre à zakarai

bein un conseil commence par poster un log hijackthis sur le fofo !

Répondre à killar

Voici mon logfile Hijack

Logfile of HijackThis v1.99.1
Scan saved at 12:54:33, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DOBE~1\msiexec.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\F?nts\??rvices.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {71BC0C53-9489-45BB-4AF5-0B0B3687C7D0} - C:\WINDOWS\system32\bxtiifh.dll
O2 - BHO: (no name) - {854C87F7-EE24-40F5-B16E-583A85F2107C} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3397F63-E8DA-E804-F5DA-B2DEB9C65CC4} - C:\WINDOWS\system32\qfioe.dll
O2 - BHO: (no name) - {E96C7866-B889-B754-F1DA-B2DEB9C65CC4} - C:\WINDOWS\system32\bof.dll
O2 - BHO: (no name) - {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} - C:\WINDOWS\system32\ddcabyx.dll (file missing)
O2 - BHO: (no name) - {EC387365-EFDD-ED06-F3DA-B2DEB9C60B95} - C:\WINDOWS\system32\vbryaqij.dll
O2 - BHO: (no name) - {ED6C796D-E881-BE06-F7DA-B2DEB9C65CC4} - C:\WINDOWS\system32\zvgfcsf.dll
O2 - BHO: (no name) - {EF3F7C31-E889-EC52-A2DA-B2DEB9C65CC7} - C:\WINDOWS\system32\rfrrzzn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Mfkrhma] C:\Documents and Settings\Zaka\Mes documents\??pPatch\?ti2evxx.exe
O4 - HKCU\..\Run: [Acar] "C:\PROGRA~1\SSTEM3~1\javaw.exe" -vt ndrv
O4 - HKCU\..\Run: [Uejq] C:\WINDOWS\a?sembly\w?nspool.exe
O4 - HKCU\..\Run: [Jufpsvfp] C:\Program Files\F?nts\??rvices.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcabyx - ddcabyx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Répondre à zakarai

O20 - Winlogon Notify: ddcabyx - ddcabyx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll

a mon avi le pb vien de là mais je prefere pas te dire de connerie (jsuis qu'un novice) alor attend l'avis d'un pro ^^

Répondre à killar

O20 - Valeur de Registre AppInit_DLLs en démarrage automatique

Ce à quoi çà ressemble :
O20 - AppInit_DLLs: msconfd.dll

Que faire :
Cette valeur de la base de Registre située dans HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows charge une DLL en mémoire lorsque l'utilisateur se loggue, après quoi elle y reste jusqu'au logoff. Très peu de programmes réguliers l'utilise (Norton CleanSweep emploie APITRAP.DLL), le plus souvent elle est utilisée par des chevaux de Troie ou des pirates de navigateurs agressifs.
Dans le cas de DLL 'cachée' se chargeant à partir de cette valeur de Registre (visible seulement quand on utilise la fonction d'édition de donnée binaire de Regedit), le nom de la dll peut être précédé d'un caractère 'pipe' | pour la rendre visible dans le log.

trouvé sur http://www.zebulon.fr/articles/HijackThis.php

Répondre à killar

Que faire??? Quelqu'un peut-il m'aider, merci beaucoup d'avance :jap:

Message édité par zakarai le 02-03-2007 à 13:57:56

Répondre à zakarai

Que faire??? Quelqu'un peut-il m'aider, merci beaucoup d'avance

Répondre à zakarai

Bonjour,

C'est effectivement une infection Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Alors voici le rapport VBG.TXT

[03/02/2007, 13:06:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Zaka\Bureau\VirtumundoBeGone.exe" )
[03/02/2007, 13:06:15] - Detected System Information:
[03/02/2007, 13:06:15] - Windows Version: 5.1.2600, Service Pack 2
[03/02/2007, 13:06:15] - Current Username: Zaka (Admin)
[03/02/2007, 13:06:15] - Windows is in NORMAL mode.
[03/02/2007, 13:06:15] - Searching for Browser Helper Objects:
[03/02/2007, 13:06:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/02/2007, 13:06:15] - BHO 2: {71BC0C53-9489-45BB-4AF5-0B0B3687C7D0} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\bxtiifh
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\bxtiifh, continuing.
[03/02/2007, 13:06:15] - BHO 3: {854C87F7-EE24-40F5-B16E-583A85F2107C} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[03/02/2007, 13:06:15] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[03/02/2007, 13:06:15] - BHO 5: {E3397F63-E8DA-E804-F5DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\qfioe
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\qfioe, continuing.
[03/02/2007, 13:06:15] - BHO 6: {E96C7866-B889-B754-F1DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\bof
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\bof, continuing.
[03/02/2007, 13:06:15] - BHO 7: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\ddcabyx
[03/02/2007, 13:06:15] - Found: HKLM\...\Winlogon\Notify\ddcabyx - This is probably Virtumundo.
[03/02/2007, 13:06:15] - Assigning {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} MSEvents Object
[03/02/2007, 13:06:15] - BHO list has been changed! Starting over...
[03/02/2007, 13:06:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/02/2007, 13:06:15] - BHO 2: {71BC0C53-9489-45BB-4AF5-0B0B3687C7D0} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\bxtiifh
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\bxtiifh, continuing.
[03/02/2007, 13:06:15] - BHO 3: {854C87F7-EE24-40F5-B16E-583A85F2107C} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[03/02/2007, 13:06:15] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[03/02/2007, 13:06:15] - BHO 5: {E3397F63-E8DA-E804-F5DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\qfioe
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\qfioe, continuing.
[03/02/2007, 13:06:15] - BHO 6: {E96C7866-B889-B754-F1DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\bof
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\bof, continuing.
[03/02/2007, 13:06:15] - BHO 7: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E} (MSEvents Object)
[03/02/2007, 13:06:15] - ALERT: Found MSEvents Object!
[03/02/2007, 13:06:15] - BHO 8: {EC387365-EFDD-ED06-F3DA-B2DEB9C60B95} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\vbryaqij
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\vbryaqij, continuing.
[03/02/2007, 13:06:15] - BHO 9: {ED6C796D-E881-BE06-F7DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\zvgfcsf
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\zvgfcsf, continuing.
[03/02/2007, 13:06:15] - BHO 10: {EF3F7C31-E889-EC52-A2DA-B2DEB9C65CC7} ()
[03/02/2007, 13:06:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:15] - Checking for HKLM\...\Winlogon\Notify\rfrrzzn
[03/02/2007, 13:06:15] - Key not found: HKLM\...\Winlogon\Notify\rfrrzzn, continuing.
[03/02/2007, 13:06:15] - Finished Searching Browser Helper Objects
[03/02/2007, 13:06:15] - *** Detected MSEvents Object
[03/02/2007, 13:06:15] - Trying to remove MSEvents Object...
[03/02/2007, 13:06:16] - Terminating Process: IEXPLORE.EXE
[03/02/2007, 13:06:16] - Terminating Process: RUNDLL32.EXE
[03/02/2007, 13:06:16] - Disabling Automatic Shell Restart
[03/02/2007, 13:06:16] - Terminating Process: EXPLORER.EXE
[03/02/2007, 13:06:16] - Suspending the NT Session Manager System Service
[03/02/2007, 13:06:16] - Terminating Windows NT Logon/Logoff Manager
[03/02/2007, 13:06:17] - Re-enabling Automatic Shell Restart
[03/02/2007, 13:06:17] - File to disable: C:\WINDOWS\system32\ddcabyx.dll
[03/02/2007, 13:06:17] - Removing HKLM\...\Browser Helper Objects\{EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[03/02/2007, 13:06:17] - Removing HKCR\CLSID\{EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[03/02/2007, 13:06:17] - Adding Kill Bit for ActiveX for GUID: {EB56076C-EEB4-4FB9-BE89-04A5B6980A8E}
[03/02/2007, 13:06:17] - Deleting ATLEvents/MSEvents Registry entries
[03/02/2007, 13:06:17] - Removing HKLM\...\Winlogon\Notify\ddcabyx
[03/02/2007, 13:06:17] - Searching for Browser Helper Objects:
[03/02/2007, 13:06:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/02/2007, 13:06:17] - BHO 2: {71BC0C53-9489-45BB-4AF5-0B0B3687C7D0} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\bxtiifh
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\bxtiifh, continuing.
[03/02/2007, 13:06:17] - BHO 3: {854C87F7-EE24-40F5-B16E-583A85F2107C} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\ssqpn
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\ssqpn, continuing.
[03/02/2007, 13:06:17] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[03/02/2007, 13:06:17] - BHO 5: {E3397F63-E8DA-E804-F5DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\qfioe
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\qfioe, continuing.
[03/02/2007, 13:06:17] - BHO 6: {E96C7866-B889-B754-F1DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\bof
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\bof, continuing.
[03/02/2007, 13:06:17] - BHO 7: {EC387365-EFDD-ED06-F3DA-B2DEB9C60B95} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\vbryaqij
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\vbryaqij, continuing.
[03/02/2007, 13:06:17] - BHO 8: {ED6C796D-E881-BE06-F7DA-B2DEB9C65CC4} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\zvgfcsf
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\zvgfcsf, continuing.
[03/02/2007, 13:06:17] - BHO 9: {EF3F7C31-E889-EC52-A2DA-B2DEB9C65CC7} ()
[03/02/2007, 13:06:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 13:06:17] - Checking for HKLM\...\Winlogon\Notify\rfrrzzn
[03/02/2007, 13:06:17] - Key not found: HKLM\...\Winlogon\Notify\rfrrzzn, continuing.
[03/02/2007, 13:06:17] - Finished Searching Browser Helper Objects
[03/02/2007, 13:06:17] - Finishing up...
[03/02/2007, 13:06:17] - A restart is needed.
[03/02/2007, 13:06:21] - Attempting to Restart via STOP error (Blue Screen!)

Et voici le nouveau logfile Hijack

Logfile of HijackThis v1.99.1
Scan saved at 13:12:01, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DOBE~1\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F?nts\??rvices.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {71BC0C53-9489-45BB-4AF5-0B0B3687C7D0} - C:\WINDOWS\system32\bxtiifh.dll
O2 - BHO: (no name) - {854C87F7-EE24-40F5-B16E-583A85F2107C} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E3397F63-E8DA-E804-F5DA-B2DEB9C65CC4} - C:\WINDOWS\system32\qfioe.dll
O2 - BHO: (no name) - {E96C7866-B889-B754-F1DA-B2DEB9C65CC4} - C:\WINDOWS\system32\bof.dll
O2 - BHO: (no name) - {EC387365-EFDD-ED06-F3DA-B2DEB9C60B95} - C:\WINDOWS\system32\vbryaqij.dll
O2 - BHO: (no name) - {ED6C796D-E881-BE06-F7DA-B2DEB9C65CC4} - C:\WINDOWS\system32\zvgfcsf.dll
O2 - BHO: (no name) - {EF3F7C31-E889-EC52-A2DA-B2DEB9C65CC7} - C:\WINDOWS\system32\rfrrzzn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Mfkrhma] C:\Documents and Settings\Zaka\Mes documents\??pPatch\?ti2evxx.exe
O4 - HKCU\..\Run: [Acar] "C:\WINDOWS\system32\DOBE~1\msiexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Uejq] C:\WINDOWS\a?sembly\w?nspool.exe
O4 - HKCU\..\Run: [Jufpsvfp] C:\Program Files\F?nts\??rvices.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Merci...

Répondre à zakarai

Relis mon message...

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Trojan.vundo, HELP!!! je voudrai le supprimer

Forum Sécurité - Virus : Trojan.vundo, HELP!!! je voudrai le supprimer

Attention