Infetion spyware : (vundo ? )

Logiciel & apps Logiciel Général
1

bonjour,

Depuis hier soir j’ai un message Spyware alert qui m’oblige à acheter un logiciel et qui me pollue de pubs. J’ai également perdu mon poste de travail et quelques icones sur mon bureau. j’ai sanné mon pc avec navilog mais d’après le rapport je pense qu’il ne peut rien pour moi car à la fin il y a écrit :

4)Recherche fichiers connus :

C:\WINDOWS\system32\sBbHPXyb.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

Est ce que quelqu’un peut m’aider SVP ?

merci

2

Bonjour,

télécharge MBAM
www.malwarebytes.org…

Avec Mbam, fait un scan en mode sans échec de préférence, puis télécharge Hijackthis et poste le log ici
Bonne chance

3

voici le rapport de MBAM (je l’ai pas fait en mode sans echec car je sais pas faire)
le rapport de hijackthis va suivre

Malwarebytes’ Anti-Malware 1.24
Version de la base de données: 1012
Windows 5.1.2600 Service Pack 2

17:22:40 22/08/2008
mbam-log-8-22-2008 (17-22-28).txt

Type de recherche: Examen rapide
Eléments examinés: 42844
Temps écoulé: 6 minute(s), 55 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 45

Processus mémoire infecté(s):
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\byXPHbBs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dhefxsuk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\juagoq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ztufzv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ekoyer.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\vtqnxfko.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\ssqQgDuv.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7daa9ee6-1c19-41c2-8e59-caf393ea7763} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{7daa9ee6-1c19-41c2-8e59-caf393ea7763} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{c7dfc89c-b611-4e13-b063-fbf4f4716ce4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{c7dfc89c-b611-4e13-b063-fbf4f4716ce4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{fe9afd54-0b1b-4e50-b2af-0011da9f6e45} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqgduv (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\003e8c64 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vtqnxfko (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks{ffb64cfe-b832-48fc-980d-5b9bb2198f39} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphbbs -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxphbbs -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00126) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\byXPHbBs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sBbHPXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sBbHPXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ekoyer.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dhefxsuk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kusxfehd.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\juagoq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ztufzv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\vtqnxfko.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\ssqQgDuv.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\gmxywtiy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pdyoqgyc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\siggdi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hvxacqme.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eyesbbfc.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\nnnoOfef.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Gérard\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Bureau\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Favoris\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Favoris\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Gérard\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.

le rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28: VIRUS ALERT!, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VAV\vav.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gérard\Local Settings\Temporary Internet Files\Content.IE5\IR7YGZ53\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = windowsupdate.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: QXK Olive - {6D4EAFDF-8CFD-4A04-9C9E-0C3A4678C444} - C:\WINDOWS\twmxbsqrfeo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DAA9EE6-1C19-41C2-8E59-CAF393EA7763} - C:\WINDOWS\system32\byXPHbBs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {4ec6174f-4fbf-360b-31e4-116bc98cfd7c} - {c7dfc89c-b611-4e13-b063-fbf4f4716ce4} - C:\WINDOWS\system32\ekoyer.dll
O2 - BHO: (no name) - {FFB64CFE-B832-48FC-980D-5B9BB2198F39} - C:\WINDOWS\system32\ssqQgDuv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: rafbsvnx - {14357EFA-0BB2-4FD0-A354-CB744AA7FB1F} - C:\WINDOWS\rafbsvnx.dll
O4 - HKLM…\Run: [ShStatEXE] “C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE” /STANDALONE
O4 - HKLM…\Run: [McAfeeUpdaterUI] “C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe” /StartedFromRunKey
O4 - HKLM…\Run: [Network Associates Error Reporting Service] “C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe”
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Home Cinema\PowerCinema\PCMService.exe”
O4 - HKLM…\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM…\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [Controleur de calendrier pour Ulead Photo Express] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM…\Run: [\SUE23E.exe] C:\Windows\SUE23E.exe
O4 - HKLM…\Run: [\SUE23F.exe] C:\Windows\SUE23F.exe
O4 - HKLM…\Run: [\SUE240.exe] C:\Windows\SUE240.exe
O4 - HKLM…\Run: [\SUE241.exe] C:\Windows\SUE241.exe
O4 - HKLM…\Run: [\SUE242.exe] C:\Windows\SUE242.exe
O4 - HKLM…\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM…\Run: [003e8c64] rundll32.exe “C:\WINDOWS\system32\dhefxsuk.dll”,b
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [\SUE23E.exe] C:\Windows\SUE23E.exe
O4 - HKCU…\Run: [\SUE23F.exe] C:\Windows\SUE23F.exe
O4 - HKCU…\Run: [\SUE240.exe] C:\Windows\SUE240.exe
O4 - HKCU…\Run: [\SUE241.exe] C:\Windows\SUE241.exe
O4 - HKCU…\Run: [\SUE242.exe] C:\Windows\SUE242.exe
O4 - HKCU…\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - AppInit_DLLs: juagoq.dll ztufzv.dll ekoyer.dll
O20 - Winlogon Notify: ssqQgDuv - C:\WINDOWS\SYSTEM32\ssqQgDuv.dll
O21 - SSODL: tsxngabr - {E581F583-5103-451A-B2FA-E4C2BF154109} - C:\WINDOWS\tsxngabr.dll
O21 - SSODL: vtqnxfko - {FE9AFD54-0B1B-4E50-B2AF-0011DA9F6E45} - C:\WINDOWS\vtqnxfko.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


End of file - 11099 bytes

4

Bonjour Que de mechants sur ce Log
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\VAV\vav.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com
Inconnu
O2 - BHO: QXK Olive - {6D4EAFDF-8CFD-4A04-9C9E-0C3A4678C444} - C:\WINDOWS\twmxbsqrfeo.dll
Inconnu
O2 - BHO: (no name) - {7DAA9EE6-1C19-41C2-8E59-CAF393EA7763} - C:\WINDOWS\system32\byXPHbBs.dll
O2 - BHO: {4ec6174f-4fbf-360b-31e4-116bc98cfd7c} - {c7dfc89c-b611-4e13-b063-fbf4f4716ce4} - C:\WINDOWS\system32\ekoyer.dll
Inconnu
O2 - BHO: (no name) - {FFB64CFE-B832-48FC-980D-5B9BB2198F39} - C:\WINDOWS\system32\ssqQgDuv.dll
Inconnu
O3 - Toolbar: rafbsvnx - {14357EFA-0BB2-4FD0-A354-CB744AA7FB1F} - C:\WINDOWS\rafbsvnx.dll
O4 - HKLM…\Run: [\SUE23F.exe] C:\Windows\SUE23F.exe

Et surtout la
O4 - HKLM…\Run: [Antivirus] C:\Program Files\VAV\vav.exe Le Tres Vilain !!!

O4 - HKLM\..\Run: [003e8c64] rundll32.exe "C:\WINDOWS\system32\dhefxsuk.dll",b
O4 - HKCU\..\Run: [\SUE23F.exe] C:\Windows\SUE23F.exe

O4 - HKCU…\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Inconnu
O20 - AppInit_DLLs: juagoq.dll ztufzv.dll ekoyer.dll
Inconnu
O20 - Winlogon Notify: ssqQgDuv - C:\WINDOWS\SYSTEM32\ssqQgDuv.dll
Inconnu
O21 - SSODL: tsxngabr - {E581F583-5103-451A-B2FA-E4C2BF154109} - C:\WINDOWS\tsxngabr.dll
Inconnu
O21 - SSODL: vtqnxfko - {FE9AFD54-0B1B-4E50-B2AF-0011DA9F6E45} - C:\WINDOWS\vtqnxfko.dll

et PAS DE Firewall AVEC ca

:hello:

5

En Attendant Lis ce TOPIC de guigui14100
www.clubic.com…

:hello:

6

Encore une Chose
il faut toujours renommer Hijacthis par Hijackthis.exe ou Monjack.exe
Pourquoi ?
Certaines variantes du Virus Vundo détecte Hijackthis, , ben on joue à cache-virus…

:hello:

7

lol, j’ai eu Vav ya pas longtemps, c’est lui qui doit te balancer les fausses alertes.
Bon sinon ya plus de symptome nan?

erf, j'ai oublié, mieux vaux remettre à jour MBAM manuellement avant le 1er scan
8

Salut

Utilise vundofix

Désactive ton antivirus
Utilise combofix
Laisse le travailler et colle le rapport…

Sa c’est de la bonne infection :wink: