Sujet Précédent Sujet Suivant

Trojan.vundo.ini

Fermé
lana0902 Messages postés 1 Date d'inscription dimanche 30 mars 2008 Statut Membre Dernière intervention 30 mars 2008 - 30 mars 2008 à 21:30
 Utilisateur anonyme - 31 mars 2008 à 04:02
bonjour j'ai un virus ki s'ouvre avec bitdefender mais il narive pas a le supprimer il me l'affiche tte les 10sec.il affiche windows/systeme32/PpAccccf.ini
virus Trojan.vundo.dvs

j'ai essaiyer vundofix ki na rien donner puis j'ai essayer SDfix et viola le rapport kil me donne


[b]SDFix: Version 1.164 [/b]

Run by alex on 30/03/2008 at 19:31

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\alex\Bureau\SDFix

[b]Checking Services [/b]:


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

[b]Checking files[/b]:

[b]Genuine[/b]:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

[b]Dummy[/b]:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

[b]Final Check[/b]:

[b]Genuine[/b]:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted



Folder C:\Program Files\Fichiers communs\Carlson - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 19:38:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,70,4a,dd,6b,d4,12,18,b4,58,ba,0d,1c,d8,fe,31,73,c8,..
"ljej40"=hex:b0,36,c3,23,e7,e6,1b,68,5f,ed,26,07,5c,1c,da,a5,14,aa,f2,ae,46,..
"ljej41"=hex:00,3d,c3,23,be,ed,1b,68,6a,e7,27,07,1c,16,da,a5,4e,a0,f2,ae,86,..
"ljej42"=hex:c2,2f,c3,23,68,ff,1b,68,ad,f5,27,07,49,05,da,a5,03,b3,f2,ae,fb,..
"ljej43"=hex:8c,10,c3,23,fa,14,1f,68,28,1e,23,07,2a,ef,de,a5,9e,59,f6,ae,44,..
"ljej44"=hex:c2,cd,c7,23,54,1d,1f,68,82,17,23,07,80,e6,de,a5,ca,50,f6,ae,04,..
"ljej45"=hex:d3,c8,c7,23,43,18,1f,68,93,12,23,07,bd,e3,de,a5,f5,55,f6,ae,39,..
"ljej46"=hex:b4,35,c6,23,22,e5,1e,68,f0,ef,22,07,f2,1e,df,a5,ab,a8,f7,ae,1b,..
"ljej47"=hex:e9,33,c6,23,76,e3,1e,68,a4,e9,22,07,a6,18,df,a5,e8,ae,f7,ae,26,..
"ljej48"=hex:23,30,c6,23,b3,e0,1e,68,63,ea,22,07,63,1b,df,a5,5d,ad,f7,ae,91,..
"ljej49"=hex:9e,3e,c6,23,08,ee,1e,68,d6,e4,22,07,d4,15,df,a5,9e,a3,f7,ae,50,..
"ljej410"=hex:57,3c,c6,23,df,ec,1e,68,0f,e6,22,07,0b,17,df,a5,43,a1,f7,ae,83,..
"ljej411"=hex:11,3a,c6,23,85,ea,1e,68,55,e0,22,07,51,11,df,a5,07,a7,f7,ae,cf,..
"ljej412"=hex:dd,39,c6,23,49,e9,1e,68,99,e3,22,07,95,12,df,a5,dd,a4,f7,ae,11,..
"ljej413"=hex:4a,27,c6,23,dc,f7,1e,68,0a,fd,22,07,08,0c,df,a5,42,ba,f7,ae,8c,..
"ljej414"=hex:3b,25,c6,23,ab,f5,1e,68,7b,ff,22,07,7b,0e,df,a5,33,b8,f7,ae,f3,..
"ljej415"=hex:cc,24,c6,23,5a,f4,1e,68,88,fe,22,07,8a,0f,df,a5,cc,b9,f7,ae,02,..
"ljej416"=hex:55,22,c6,23,c1,f2,1e,68,11,f8,22,07,0d,09,df,a5,45,bf,f7,ae,89,..
"ljej417"=hex:eb,21,c6,23,7b,f1,1e,68,ab,fb,22,07,ab,0a,df,a5,e3,bc,f7,ae,23,..
"ljej418"=hex:9d,2f,c6,23,09,ff,1e,68,d9,f5,22,07,d5,04,df,a5,9d,b2,f7,ae,51,..
"ljej419"=hex:38,2d,c6,23,ae,fd,1e,68,7c,f7,22,07,7e,06,df,a5,30,b0,f7,ae,fe,..
"ljej420"=hex:c0,2c,c6,23,56,fc,1e,68,84,f6,22,07,86,07,df,a5,c8,b1,f7,ae,06,..
"ljej421"=hex:5b,2a,c6,23,cb,fa,1e,68,1b,f0,22,07,1b,01,df,a5,53,b7,f7,ae,93,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Codemasters\\Insane\\Game.exe"="C:\\Codemasters\\Insane\\Game.exe:*:Enabled:INSANE"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Documents and Settings\\alex\\Bureau\\tel\\StubInstaller.exe"="C:\\Documents and Settings\\alex\\Bureau\\tel\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\TrackMania Original\\TmOriginal.exe"="C:\\Program Files\\TrackMania Original\\TmOriginal.exe:*:Enabled:TmOriginal"
"C:\\Program Files\\TrackMania Sunrise Extreme Demo\\TmSunriseExtremeDemo.exe"="C:\\Program Files\\TrackMania Sunrise Extreme Demo\\TmSunriseExtremeDemo.exe:*:Enabled:TmSunriseExtremeDemo"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Capitalism II\\cap2.exe"="C:\\Capitalism II\\cap2.exe:*:Enabled:cap2"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\alex\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 29 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 17 Oct 2006 304,736 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Tue 17 Oct 2006 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Fri 29 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]


keske je dois fer pour supprimer cette saloperie svp ca fait 2jour ke j'essai tou et ca marche pas....aidez moi merci.

1 réponse

Réponse 1 / 1
Utilisateur anonyme
31 mars 2008 à 04:02
Bonjour,
Je veux bien t'aider à la condition que tu ne parles pas en langage SMS.

:)

Alors,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe :
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Après,
Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance Hijackthis, sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie stp, par collier/coller, ton log Hijackthis sur le forum,

C'est pas fini, il reste quelques étapes pour tout supprimer totalement....

;)

A+
-1