aide avec trojan.vundo.dsq

aide avec trojan.vundo.dsq - Sécurité - Windows & Software

Marsh Posté le 13-01-2008 à 00:05:41    

Bonjour à tous,  
 
J'ai depuis ce matin le message suivant qui apparait :  
During a scan of files at system startup, potentital errors in the system registry were found p-07-0100 irql: 1f SYSVER 0xff00024  
NT_Kernel error 1256  
KMODE_EXCEPTION_NOT HANDLED  
 
De plus, 2 icônes se sont ajoutées sur le bureau et j'ai beau les jeter à la poubelle, elles reviennent à chaque redémarrage de l'ordi:  
- Help and Support Center  
- Windows Update  
 
J'ai aussi l'erreur suivante qui s'inscrit de temps en temps:  
A potential problem has been detected and windows has been shutdown buggy application to prevent damage to your computer.  
****WXYZ.SYS - Address F73120AE base at C000000, datestamp 36b072A3 Kernel debugger using: COM2(port 0x28f, Baud rate 192000)  
 
Après un petit tour sur Internet, il semblerait qu'il s'agisse de Trojan.Vundo.dsq  
 
J'ai éxécuté VundoFix mais il n'a rien trouvé pourtant j'ai toujours les messages d'erreurs et les icônes sur le bureau donc j'en conclu que le trojan est toujours là.  
 
J'ai fait un scan Hijackthis donc voici le résultat:  
 
Logfile of Trend Micro HijackThis v2.0.2  
Scan saved at 21:59:47, on 12/01/2008  
Platform: Windows XP SP2 (WinNT 5.01.2600)  
MSIE: Internet Explorer v7.00 (7.00.6000.16574)  
Boot mode: Normal  
 
Running processes:  
C:\WINDOWS\System32\smss.exe  
C:\WINDOWS\system32\winlogon.exe  
C:\WINDOWS\system32\services.exe  
C:\WINDOWS\system32\lsass.exe  
C:\WINDOWS\system32\svchost.exe  
C:\WINDOWS\System32\svchost.exe  
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe  
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe  
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe  
C:\WINDOWS\system32\LEXBCES.EXE  
C:\WINDOWS\system32\spoolsv.exe  
C:\WINDOWS\system32\LEXPPS.EXE  
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe  
C:\WINDOWS\system32\bgsvcgen.exe  
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe  
C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe  
C:\WINDOWS\eHome\ehRecvr.exe  
C:\WINDOWS\eHome\ehSched.exe  
C:\WINDOWS\System32\GEARSec.exe  
C:\Program Files\Dell Network Assistant\hnm_svc.exe  
C:\WINDOWS\Explorer.EXE  
C:\Program Files\McAfee\MBK\MBackMonitor.exe  
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe  
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe  
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe  
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe  
C:\Program Files\McAfee\MPF\MPFSrv.exe  
C:\Program Files\McAfee\MSK\MskSrver.exe  
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe  
C:\WINDOWS\system32\nvsvc32.exe  
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe  
C:\Program Files\SiteAdvisor\6253\SAService.exe  
C:\WINDOWS\system32\svchost.exe  
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe  
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe  
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe  
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe  
C:\WINDOWS\system32\ctfmon.exe  
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE  
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe  
C:\Program Files\Digital Line Detect\DLG.exe  
C:\Program Files\Microsoft Office\Office\OSA.EXE  
C:\Program Files\FinePixViewer\QuickDCF2.exe  
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE  
C:\Program Files\AVerTV 6.0\AVerQT.exe  
C:\Program Files\Softwin\BitDefender10\vsserv.exe  
C:\WINDOWS\system32\dllhost.exe  
C:\Program Files\Internet Explorer\iexplore.exe  
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fr.msn.com...  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr...  
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com...  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = fr.msn.com...  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...  
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com...  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.fr...  
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client [...] bd=1060922  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.google.fr...  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens  
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll  
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll  
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll  
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll  
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll  
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll  
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wlldshgr.dll  
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll  
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll  
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll  
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup  
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet  
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start  
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k  
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe  
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe  
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe  
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup  
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe  
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8  
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background  
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"  
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"  
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\QNTCFGJZ\VIEWTO~2.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\QNTCFGJZ\ADS_5_~1.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\43ADZP2K\ADS_4_~1.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\4YMUQB24\VIEWTO~2.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE50KXB0YW\ADS_5_~1.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\43ADZP2K\SEARCH~4.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\KYB33RSF\ADS_3_~1.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\WF57WNWW\ADS_6_~1.SH! C:\DOCUME~1\CHARLO~1\LOCALS~1\TEMPOR~1\Content.IE5\WF57WNWW\ADS_7_~1.SH!  
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')  
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')  
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')  
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')  
O4 - Global Startup: Adobe Gamma Loader.lnk = ?  
O4 - Global Startup: BTTray.lnk = ?  
O4 - Global Startup: Dell Network Assistant.lnk = ?  
O4 - Global Startup: Digital Line Detect.lnk = ?  
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE  
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe  
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE  
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe  
O8 - Extra context menu item: Barre RoboForm - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html  
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2Office10EXCEL.EXE...  
O8 - Extra context menu item: Enregistrer le formulaire - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html  
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - btsendto_ie_ctx.htm  
O8 - Extra context menu item: Personnaliser le menu - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html  
O8 - Extra context menu item: Remplir le formulaire - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html  
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll  
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html  
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html  
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html  
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html  
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html  
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:Program... Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html  
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe  
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe  
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - btsendto_ie.htm (file missing)  
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - btsendto_ie.htm (file missing)  
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe  
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe  
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)  
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)  
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - mannequin.redoute.fr...  
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.zebulon.fr...  
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com...  
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - www.photoways.com...  
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com...  
O20 - Winlogon Notify: wlldshgr - C:\WINDOWS\SYSTEM32\wlldshgr.dll  
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe  
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe  
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe  
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe  
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe  
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe  
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe  
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe  
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe  
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe  
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe  
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe  
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE  
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe  
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE  
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe  
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe  
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe  
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe  
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe  
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe  
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe  
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe  
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe  
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe  
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe  
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe  
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe  
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe  
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe  
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe  
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe  
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe  
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe  
 
--  
End of file - 15649 bytes  
 
 
Je n'y comprend rien !  
Pouvez vous m'aider svp ?  
Merci

Reply

Marsh Posté le 13-01-2008 à 00:05:41   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed