Infecté par virtumonde

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

tu peux aussi utiliser pour effacer tes traces de surf et voir si il n'y a pas d'autre espions
CCLEANER
http://www.01net.com/...


spybot :

http://www.01net.com/telecharger/windows/Securite/anti-spywa­re/fiches/26157.html



AD AWARE
http://www.01net.com/...

et scan en ligne sur bitdefender :

http://www.bitdefender.com/scan8/ie.html

ou Panda en ligne :

http://www.pandasoftware.fr/Activescan/Activescan.html

Voilà j'ai pris le temps de faire toute les manips, il semblerait que le blème soit résolu, mais j'attend ta confirmation avec les rapports:

RAPPORTS VUNDO:

Scanned File

Status

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-­225.dll

Infected with: MemScan:Trojan.Vundo.DLO

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-­225.dll

Disinfection failed

C:\Documents and Settings\FANNY\Mes documents\Logiciels\sécurité\backups\backup-20070519-011430-­225.dll

Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\R­P583\A0062046.exe

Suspected of: BehavesLike:Win32.AV-Killer

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\R­P583\A0062046.exe

Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\R­P583\A0062046.exe

Deleted

C:\WINDOWS\system32\ljjggdc.dll

Infected with: MemScan:Trojan.Vundo.DLO

C:\WINDOWS\system32\ljjggdc.dll

Disinfection failed

C:\WINDOWS\system32\ljjggdc.dll

Delete failed

Et enfin le rapport HIJACK suite aux 2 dernier scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:48:33, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\FANNY\Mes documents\Logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} - (no file)
O2 - BHO: (no name) - {35419BB1-9FB8-40EE-859D-240073605ECA} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {51248DEA-04B5-4AD8-AC08-547371D86740} - C:\WINDOWS\system32\ljjggdc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IESizer - {3CEE9EC1-84F7-11D9-BC7A-000021D3CE1D} - C:\PROGRA~1\IESizer\IESizer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: ljjggdc - C:\WINDOWS\SYSTEM32\ljjggdc.dll
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - Unknown owner - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
End of file - 8002 bytes

Avec ton dernier lien, VIRTUMONBEGONE voilà le rapport:


[05/19/2007, 20:59:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\FANNY\Mes documents\Logiciels\VirtumundoBeGone.exe" )
[05/19/2007, 20:59:34] - Detected System Information:
[05/19/2007, 20:59:34] - Windows Version: 5.1.2600, Service Pack 2
[05/19/2007, 20:59:34] - Current Username: Alex (Admin)
[05/19/2007, 20:59:34] - Windows is in SAFE mode with Networking.
[05/19/2007, 20:59:34] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:34] - BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:34] - No filename found. Continuing.
[05/19/2007, 20:59:34] - BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - Checking for HKLM\...\Winlogon\Notify\ljjggdc
[05/19/2007, 20:59:35] - Found: HKLM\...\Winlogon\Notify\ljjggdc - This is probably Virtumundo.
[05/19/2007, 20:59:35] - Assigning {51248DEA-04B5-4AD8-AC08-547371D86740} MSEvents Object
[05/19/2007, 20:59:35] - BHO list has been changed! Starting over...
[05/19/2007, 20:59:35] - BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - No filename found. Continuing.
[05/19/2007, 20:59:35] - BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:35] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:35] - BHO 4: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - No filename found. Continuing.
[05/19/2007, 20:59:35] - BHO 5: {6BE29409-9418-46C6-A75F-8D43E0476FF7} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - Checking for HKLM\...\Winlogon\Notify\ssqpp
[05/19/2007, 20:59:35] - Found: HKLM\...\Winlogon\Notify\ssqpp - This is probably Virtumundo.
[05/19/2007, 20:59:35] - Assigning {6BE29409-9418-46C6-A75F-8D43E0476FF7} MSEvents Object
[05/19/2007, 20:59:35] - BHO list has been changed! Starting over...
[05/19/2007, 20:59:35] - BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - No filename found. Continuing.
[05/19/2007, 20:59:35] - BHO 2: {51248DEA-04B5-4AD8-AC08-547371D86740} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:35] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:35] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:35] - BHO 4: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:35] - No filename found. Continuing.
[05/19/2007, 20:59:35] - BHO 5: {6BE29409-9418-46C6-A75F-8D43E0476FF7} (MSEvents Object)
[05/19/2007, 20:59:35] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:36] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:36] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:36] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:36] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:36] - *** Detected MSEvents Object
[05/19/2007, 20:59:36] - Trying to remove MSEvents Object...
[05/19/2007, 20:59:37] - Terminating Process: IEXPLORE.EXE
[05/19/2007, 20:59:37] - Terminating Process: RUNDLL32.EXE
[05/19/2007, 20:59:37] - Disabling Automatic Shell Restart
[05/19/2007, 20:59:37] - Terminating Process: EXPLORER.EXE
[05/19/2007, 20:59:37] - Suspending the NT Session Manager System Service
[05/19/2007, 20:59:37] - Terminating Windows NT Logon/Logoff Manager
[05/19/2007, 20:59:38] - Re-enabling Automatic Shell Restart
[05/19/2007, 20:59:38] - File to disable: C:\WINDOWS\system32\ljjggdc.dll
[05/19/2007, 20:59:38] - Renaming C:\WINDOWS\system32\ljjggdc.dll -> C:\WINDOWS\system32\ljjggdc.dll.vir
[05/19/2007, 20:59:38] - File successfully renamed!
[05/19/2007, 20:59:38] - Removing HKLM\...\Browser Helper Objects\{51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] - Removing HKCR\CLSID\{51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] - Adding Kill Bit for ActiveX for GUID: {51248DEA-04B5-4AD8-AC08-547371D86740}
[05/19/2007, 20:59:38] - Deleting ATLEvents/MSEvents Registry entries
[05/19/2007, 20:59:38] - Removing HKLM\...\Winlogon\Notify\ljjggdc
[05/19/2007, 20:59:38] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:38] - BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] - No filename found. Continuing.
[05/19/2007, 20:59:38] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:38] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:38] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:38] - No filename found. Continuing.
[05/19/2007, 20:59:38] - BHO 4: {6BE29409-9418-46C6-A75F-8D43E0476FF7} (MSEvents Object)
[05/19/2007, 20:59:38] - ALERT: Found MSEvents Object!
[05/19/2007, 20:59:38] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:38] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:38] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:38] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:38] - *** Detected MSEvents Object
[05/19/2007, 20:59:38] - Trying to remove MSEvents Object...
[05/19/2007, 20:59:39] - Terminating Process: IEXPLORE.EXE
[05/19/2007, 20:59:39] - Terminating Process: RUNDLL32.EXE
[05/19/2007, 20:59:39] - Disabling Automatic Shell Restart
[05/19/2007, 20:59:39] - Terminating Process: EXPLORER.EXE
[05/19/2007, 20:59:39] - Suspending the NT Session Manager System Service
[05/19/2007, 20:59:40] - Terminating Windows NT Logon/Logoff Manager
[05/19/2007, 20:59:40] - Re-enabling Automatic Shell Restart
[05/19/2007, 20:59:40] - File to disable: C:\WINDOWS\system32\ssqpp.dll
[05/19/2007, 20:59:40] - Renaming C:\WINDOWS\system32\ssqpp.dll -> C:\WINDOWS\system32\ssqpp.dll.vir
[05/19/2007, 20:59:40] - File successfully renamed!
[05/19/2007, 20:59:40] - Removing HKLM\...\Browser Helper Objects\{6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] - Removing HKCR\CLSID\{6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] - Adding Kill Bit for ActiveX for GUID: {6BE29409-9418-46C6-A75F-8D43E0476FF7}
[05/19/2007, 20:59:40] - Deleting ATLEvents/MSEvents Registry entries
[05/19/2007, 20:59:40] - Removing HKLM\...\Winlogon\Notify\ssqpp
[05/19/2007, 20:59:40] - Searching for Browser Helper Objects:
[05/19/2007, 20:59:40] - BHO 1: {1831F0A6-F64A-48EF-91AD-9A0B7ACD1D1a} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] - No filename found. Continuing.
[05/19/2007, 20:59:40] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/19/2007, 20:59:40] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/19/2007, 20:59:40] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/19/2007, 20:59:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/19/2007, 20:59:40] - No filename found. Continuing.
[05/19/2007, 20:59:40] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/19/2007, 20:59:40] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/19/2007, 20:59:40] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/19/2007, 20:59:40] - Finished Searching Browser Helper Objects
[05/19/2007, 20:59:40] - Finishing up...
[05/19/2007, 20:59:40] - A restart is needed.
[05/19/2007, 20:59:40] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/19/2007, 20:59:48] - Attempting to Restart via STOP error (Blue Screen!)

Puis ensuite l'analyse SYMANTEC m'a dit "pas de VIRTUMONDE dans votre PC!"

Donc c'est VIRTUMONBEGONE qui a du l'éradiquer.

J'attend ton avis...

ca m'a l'air bon

rescanne avec bit defender pour voir

Bonjour , on me dit aussi que je suis infectée par ce virus. je suis entrain dessayer vos conseil , merci

slt,




colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_______________



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
___________________

puis :




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

___________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

______________________

recolle un rapport hijackhtis

Merci, mon hijack est renommer. Mais mon virus s'est infiltrer dans norton. Vundofix ne trouve rien. Virtumundobegone (kkchose comme sa) ne trouve rien non plus. mon antivirus (antivir) le détecte pourtant tres souvent . Voila le fichier hijackthis , mais au démarrage il me dise qui ne peut pas lire les fichiers hosts, sa déranges ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:06, on 2008-01-05
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Users\LOVAHH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Lovahh_xx\Documents\jpp cleaner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
End of file - 9169 bytes


PS : mon programme sapelle jpp cleaner . C'est un de mes amiis qui me la envoyer nommer comme sa :)