Se connecter / S'enregistrer
Votre question

Infection Vundo

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Décembre 2007 23:50:09

Bonjour,

Le fichier vturq.dll est infecté et je n'arrive pas à l'effacer (mode sans échec).

Quelqu'un peut il m'aider svp?

Autres pages sur : infection vundo

31 Décembre 2007 00:43:50

Ci-dessous lelogfile hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:45:45, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt .exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Poker\PokerFROnline\casino.exe
C:\Program Files\WinAce\WinAce.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\steve\LOCALS~1\Temp\~AceTemp\HiJackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vturq.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 4195 bytes
31 Décembre 2007 01:00:09

bonsoir et [:bienvenue]

tu as trois antivirus, choisis entre BitDefender, antivir et avast! et désinstalle les autres :
désinstaller -antivirus


Désactive ton antivirus et tout autre type de protection.
Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.
Contenus similaires
31 Décembre 2007 01:38:47

ComboFix 07-12-31.4 - steve 2007-12-31 1:17:09.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]
Running from: C:\Documents and Settings\steve\Bureau\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\ref1
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 01:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 23:39 . 2007-12-30 23:39 1,080 --a------ C:\mxvqlywv .bat
2007-12-30 23:37 . 2007-12-30 23:39 349,184 --a------ C:\mxvqlywv.bat
2007-12-30 22:20 . 2007-12-30 22:20 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 16:05 . 2007-12-30 16:05 <REP> d-------- C:\Program Files\VideoLAN
2007-12-30 14:42 . 2007-12-30 14:42 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-30 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-30 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-30 13:41 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-30 13:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-30 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-30 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-30 13:41 . 2007-12-30 13:43 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-30 12:30 . 2007-12-30 12:30 <REP> d-------- C:\VundoFix Backups
2007-12-30 00:31 . 2007-12-30 00:31 <REP> d-------- C:\Documents and Settings\steve\Application Data\Bitdefender
2007-12-30 00:12 . 2007-12-31 01:30 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-30 00:09 . 2007-12-30 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-29 23:55 . 2007-12-29 23:55 335,360 --a------ C:\WINDOWS\system32\RCX52.tmp
2007-12-21 17:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-21 17:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-21 17:26 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Program Files\Windows Live
2007-12-21 16:32 . 2007-12-21 16:32 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-21 15:47 . 2007-12-21 15:47 <REP> d-------- C:\Program Files\AxBx
2007-12-21 14:25 . 2007-12-30 23:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-21 14:21 . 2007-12-21 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-21 14:04 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-21 14:04 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-21 14:04 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-21 14:04 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-21 14:04 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-21 14:04 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-21 14:04 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-21 14:04 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-21 14:04 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-21 14:02 . 2007-12-21 14:02 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-20 22:59 . 2007-12-29 23:55 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-20 22:59 . 2007-12-29 23:55 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-20 20:47 . 2007-12-20 20:47 <REP> d-------- C:\WINDOWS\system32\twdr
2007-12-20 20:47 . 2007-12-20 20:47 <REP> d-------- C:\WINDOWS\system32\rey2
2007-12-13 00:06 . 2007-12-13 00:06 <REP> d-------- C:\Program Files\X'nBeep 1.1
2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\steve\Application Data\Participatory Culture Foundation
2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2007-12-10 21:01 . 2007-12-10 21:01 <REP> d-------- C:\Program Files\Participatory Culture Foundation
2007-11-06 20:33 . 2007-11-06 20:33 <REP> d--hs---- C:\FOUND.011
2007-11-04 23:15 . 2007-11-04 23:15 <REP> d-------- C:\Program Files\Odebit Multim‚dia

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 22:37 160 ----a-w C:\Program Files\aegqciyu.txt
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-05 21:19 19,168 ----a-w C:\Documents and Settings\steve\Application Data\GDIPFONTCACHEV1.DAT
2007-11-04 22:15 --------- d-----w C:\Program Files\Odebit Multimédia
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 23:27 --------- d-----w C:\Program Files\Skype
2007-10-30 23:27 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:49 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
  1. ----a-w 155,648 2007-12-29 22:55:36 C:\WINDOWS\system32\igfxtray .exe
  2. ----a-w 114,688 2007-12-29 22:55:38 C:\WINDOWS\system32\hkcmd .exe
  3. ----a-w 15,360 2007-12-30 22:39:54 C:\WINDOWS\system32\ctfmon .exe
  4. ----a-w 180,269 2007-12-29 22:55:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
  5. ----a-w 155,648 2007-12-29 22:56:06 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
  6. ----a-w 5,674,352 2007-12-30 21:01:26 C:\Program Files\MSN Messenger\msnmsgr .exe
  7. ----a-w 151,552 2007-12-29 22:55:40 C:\Program Files\Apoint2K\Apoint .exe
  8. ----a-w 262,144 2007-12-29 22:55:44 C:\Program Files\Launch Manager\CPLBCL53 .EXE
  9. ----a-w 22,880,040 2007-12-29 22:58:04 C:\Program Files\Skype\Phone\Skype .exe
  10. ----a-w 57,393 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
  11. ----a-w 40,960 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
  12. ----a-w 49,152 2007-12-29 22:56:12 C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
  13. ----a-w 851,968 2007-12-29 22:56:16 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
  14. ----a-w 290,816 2007-12-30 00:06:04 C:\Program Files\Softwin\BitDefender10\bdmcon .exe
  15. ----a-w 69,632 2007-12-30 00:06:06 C:\Program Files\Softwin\BitDefender10\bdagent .exe
  16. ----a-w 2,618,240 2007-12-29 22:56:32 C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper .exe
  17. ----a-w 286,720 2007-12-29 22:55:48 C:\Program Files\iTunes\iTunesHelper .exe
  18. ----a-w 98,304 2007-12-30 00:05:56 C:\Program Files\QuickTime\qttask .exe
  19. ----a-w 57,344 2007-12-29 22:56:00 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
  20. ----a-w 32,881 2007-12-29 22:55:52 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
  21. ----a-w 861,184 2007-12-21 15:25:00 C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag .exe
  22. ----a-w 1,067,520 2007-12-29 22:56:42 C:\Program Files\X'nBeep 1.1\XnBeep .exe
  23. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F71FB3BB-BA8F-4807-BC4C-80017B7DB9CF}]
C:\WINDOWS\system32\xxwtr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 18:36 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2002-10-07 10:00]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 03:29]
S0 juyeevsw;juyeevsw;C:\WINDOWS\system32\drivers\hwgnjwhh.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-31 00:33:46 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 01:33:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 1:35:01 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 00:34:52
.
2007-12-26 13:24:57 --- E O F ---

Voila pour le Combofix

Je relance le Hijackthis

Merci
31 Décembre 2007 01:41:12

Et voilà pour le Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39:21, on 31/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\steve\LOCALS~1\Temp\~AceTemp\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (file missing)
O2 - BHO: (no name) - {F71FB3BB-BA8F-4807-BC4C-80017B7DB9CF} - C:\WINDOWS\system32\xxwtr.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 3584 bytes


Merci pour vos réponses
31 Décembre 2007 02:19:14

bien,
on continue

1

Copie (Ctrl+C) le texte ci-dessous :
Driver::
juyeevsw

File::
C:\mxvqlywv.bat
C:\WINDOWS\system32\RCX52.tmp
C:\WINDOWS\system32\xxwtr.dll
C:\WINDOWS\system32\drivers\hwgnjwhh.sys

Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\twdr
C:\WINDOWS\system32\rey2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F71FB3BB-BA8F-4807-BC4C-80017B7DB9CF}]



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



    2

    Télécharge RenV.exe sur ton Bureau:

    http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

  • Double-clic sur RenV.exe pour le lancer, et patiente.
  • Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le.
    31 Décembre 2007 02:51:21

    Voila pour le ComboFix:

    ComboFix 07-12-31.4 - steve 2007-12-31 2:33:45.2 - FAT32x86
    Running from: C:\Documents and Settings\steve\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\steve\Bureau\CFScript.txt

    FILE
    C:\mxvqlywv.bat
    C:\WINDOWS\system32\drivers\hwgnjwhh.sys
    C:\WINDOWS\system32\RCX52.tmp
    C:\WINDOWS\system32\xxwtr.dll
    .
    The following files were disabled during the run:
    C:\WINDOWS\system32\sockspy.dll


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\VundoFix Backups
    C:\VundoFix Backups\addmorefiles.txt
    C:\VundoFix Backups\qrutv.ini.bad
    C:\VundoFix Backups\qrutv.ini2.bad
    C:\VundoFix Backups\rtwxx.ini.bad
    C:\VundoFix Backups\rtwxx.ini2.bad
    C:\VundoFix Backups\vturq.dll.bad
    C:\VundoFix Backups\vturq.exe.bad
    C:\VundoFix Backups\xxwtr.dll.bad
    C:\VundoFix Backups\xxywtts.dll.bad
    C:\WINDOWS\system32\RCX52.tmp
    C:\WINDOWS\system32\rey2
    C:\WINDOWS\system32\twdr

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_JUYEEVSW
    -------\juyeevsw


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-31 01:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-30 23:39 . 2007-12-30 23:39 1,080 --a------ C:\mxvqlywv .bat
    2007-12-30 22:20 . 2007-12-30 22:20 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-30 16:05 . 2007-12-30 16:05 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-30 14:42 . 2007-12-30 14:42 <REP> d-------- C:\Program Files\MSN Messenger
    2007-12-30 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-30 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-30 13:41 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2007-12-30 13:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-30 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-30 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-30 13:41 . 2007-12-30 13:43 1,092 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-30 00:31 . 2007-12-30 00:31 <REP> d-------- C:\Documents and Settings\steve\Application Data\Bitdefender
    2007-12-30 00:12 . 2007-12-31 02:44 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-12-30 00:09 . 2007-12-30 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2007-12-21 17:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-21 17:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-21 17:26 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Program Files\Windows Live
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-21 15:47 . 2007-12-21 15:47 <REP> d-------- C:\Program Files\AxBx
    2007-12-21 14:25 . 2007-12-30 23:39 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-21 14:21 . 2007-12-21 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-21 14:04 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-21 14:04 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-21 14:04 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-21 14:04 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-21 14:04 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-21 14:04 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-21 14:04 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-21 14:04 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-21 14:04 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-21 14:02 . 2007-12-21 14:02 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-12-20 22:59 . 2007-12-29 23:55 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
    2007-12-20 22:59 . 2007-12-29 23:55 114,688 --a------ C:\WINDOWS\system32\hkcmd .exe
    2007-12-13 00:06 . 2007-12-13 00:06 <REP> d-------- C:\Program Files\X'nBeep 1.1
    2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\steve\Application Data\Participatory Culture Foundation
    2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
    2007-12-10 21:01 . 2007-12-10 21:01 <REP> d-------- C:\Program Files\Participatory Culture Foundation
    2007-11-06 20:33 . 2007-11-06 20:33 <REP> d--hs---- C:\FOUND.011
    2007-11-04 23:15 . 2007-11-04 23:15 <REP> d-------- C:\Program Files\Odebit Multim‚dia

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-30 22:37 160 ----a-w C:\Program Files\aegqciyu.txt
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-05 21:19 19,168 ----a-w C:\Documents and Settings\steve\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-04 22:15 --------- d-----w C:\Program Files\Odebit Multimédia
    2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 23:27 --------- d-----w C:\Program Files\Skype
    2007-10-30 23:27 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-10-10 23:49 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:49 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    .
    1. ----a-w 155,648 2007-12-29 22:55:36 C:\WINDOWS\system32\igfxtray .exe
    2. ----a-w 114,688 2007-12-29 22:55:38 C:\WINDOWS\system32\hkcmd .exe
    3. ----a-w 15,360 2007-12-30 22:39:54 C:\WINDOWS\system32\ctfmon .exe
    4. ----a-w 180,269 2007-12-29 22:55:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    5. ----a-w 155,648 2007-12-29 22:56:06 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
    6. ----a-w 5,674,352 2007-12-30 21:01:26 C:\Program Files\MSN Messenger\msnmsgr .exe
    7. ----a-w 151,552 2007-12-29 22:55:40 C:\Program Files\Apoint2K\Apoint .exe
    8. ----a-w 262,144 2007-12-29 22:55:44 C:\Program Files\Launch Manager\CPLBCL53 .EXE
    9. ----a-w 22,880,040 2007-12-29 22:58:04 C:\Program Files\Skype\Phone\Skype .exe
    10. ----a-w 57,393 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
    11. ----a-w 40,960 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
    12. ----a-w 49,152 2007-12-29 22:56:12 C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
    13. ----a-w 851,968 2007-12-29 22:56:16 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
    14. ----a-w 290,816 2007-12-30 00:06:04 C:\Program Files\Softwin\BitDefender10\bdmcon .exe
    15. ----a-w 69,632 2007-12-30 00:06:06 C:\Program Files\Softwin\BitDefender10\bdagent .exe
    16. ----a-w 2,618,240 2007-12-29 22:56:32 C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper .exe
    17. ----a-w 286,720 2007-12-29 22:55:48 C:\Program Files\iTunes\iTunesHelper .exe
    18. ----a-w 98,304 2007-12-30 00:05:56 C:\Program Files\QuickTime\qttask .exe
    19. ----a-w 57,344 2007-12-29 22:56:00 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
    20. ----a-w 32,881 2007-12-29 22:55:52 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
    21. ----a-w 861,184 2007-12-21 15:25:00 C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag .exe
    22. ----a-w 1,067,520 2007-12-29 22:56:42 C:\Program Files\X'nBeep 1.1\XnBeep .exe
    23. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe



    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 18:36 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2002-10-07 10:00]
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 03:29]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-31 01:47:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 02:45:40
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\WINDOWS\system32\sockspy.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\system32\sockspy.dll
    .
    Completion time: 2007-12-31 2:49:32 - machine was rebooted
    C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 01:49:26
    C:\qoobox\ComboFix2.txt 2007-12-31 00:35:04
    .
    2007-12-26 13:24:57 --- E O F ---
    31 Décembre 2007 02:54:24

    1. Ran on 31/12/2007 - 2:52:01,33
    2.  
    3. ----a-w 155,648 2007-12-29 22:55:36 C:\WINDOWS\system32\igfxtray .exe
    4. ----a-w 114,688 2007-12-29 22:55:38 C:\WINDOWS\system32\hkcmd .exe
    5. ----a-w 15,360 2007-12-30 22:39:54 C:\WINDOWS\system32\ctfmon .exe
    6. ----a-w 180,269 2007-12-29 22:55:56 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    7. ----a-w 155,648 2007-12-29 22:56:06 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
    8. ----a-w 5,674,352 2007-12-30 21:01:26 C:\Program Files\MSN Messenger\msnmsgr .exe
    9. ----a-w 151,552 2007-12-29 22:55:40 C:\Program Files\Apoint2K\Apoint .exe
    10. ----a-w 262,144 2007-12-29 22:55:44 C:\Program Files\Launch Manager\CPLBCL53 .EXE
    11. ----a-w 22,880,040 2007-12-29 22:58:04 C:\Program Files\Skype\Phone\Skype .exe
    12. ----a-w 57,393 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
    13. ----a-w 40,960 2007-12-29 22:56:10 C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
    14. ----a-w 49,152 2007-12-29 22:56:12 C:\Program Files\Brother\Brmfl04a\BrStDvPt .exe
    15. ----a-w 851,968 2007-12-29 22:56:16 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
    16. ----a-w 290,816 2007-12-30 00:06:04 C:\Program Files\Softwin\BitDefender10\bdmcon .exe
    17. ----a-w 69,632 2007-12-30 00:06:06 C:\Program Files\Softwin\BitDefender10\bdagent .exe
    18. ----a-w 2,618,240 2007-12-29 22:56:32 C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper .exe
    19. ----a-w 286,720 2007-12-29 22:55:48 C:\Program Files\iTunes\iTunesHelper .exe
    20. ----a-w 98,304 2007-12-30 00:05:56 C:\Program Files\QuickTime\qttask .exe
    21. ----a-w 57,344 2007-12-29 22:56:00 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
    22. ----a-w 32,881 2007-12-29 22:55:52 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
    23. ----a-w 861,184 2007-12-21 15:25:00 C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag .exe
    24. ----a-w 1,067,520 2007-12-29 22:56:42 C:\Program Files\X'nBeep 1.1\XnBeep .exe
    25. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe
    26.  
    27. Entries: 23 (23)
    28. Directories: 0 Files: 23
    29. Bytes: 37,805,799 Blocks: 73,843



    Voila pour le log de Renv.exe

    Merci pour cette aide

    Je suis prêt pour la suite
    31 Décembre 2007 11:00:58

    bonjour

  • Fait un glisser/déposer de ce fichier Log.txt crée précédement sur RenV.exe comme sur la capture ci dessous:



  • Un rapport (Log.txt) va s'ouvrir, ferme le

  • Double-clique sur combofix.exe.
  • Tape sur la touche 1 pour lancer le Scan.
  • Lorsque le scan sera complet, un rapport apparaîtra (localisé ici : C:\ComboFix.txt)
  • Copie/colle ce rapport dans ta prochaine réponse avec le rapport Log.txt.
    31 Décembre 2007 12:25:41

    Bonjour et merci pour hier,

    Voici le rapport combofix:

    ComboFix 07-12-31.4 - steve 2007-12-31 12:10:53.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.266 [GMT 1:00]Running from: C:\Documents and Settings\steve\Bureau\ComboFix.exe
    .
    The following files were disabled during the run:
    C:\WINDOWS\system32\sockspy.dll


    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-31 01:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-30 23:39 . 2007-12-30 23:39 1,080 --a------ C:\mxvqlywv .bat
    2007-12-30 22:20 . 2007-12-30 22:20 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-30 16:05 . 2007-12-30 16:05 <REP> d-------- C:\Program Files\VideoLAN
    2007-12-30 14:42 . 2007-12-30 14:42 <REP> d-------- C:\Program Files\MSN Messenger
    2007-12-30 13:41 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-30 13:41 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-12-30 13:41 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2007-12-30 13:41 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-30 13:41 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-12-30 13:41 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-30 13:41 . 2007-12-30 13:43 1,092 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-30 00:31 . 2007-12-30 00:31 <REP> d-------- C:\Documents and Settings\steve\Application Data\Bitdefender
    2007-12-30 00:12 . 2007-12-31 12:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-12-30 00:09 . 2007-12-30 00:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2007-12-21 17:26 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-21 17:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-21 17:26 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Program Files\Windows Live
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-21 16:32 . 2007-12-21 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-21 15:47 . 2007-12-21 15:47 <REP> d-------- C:\Program Files\AxBx
    2007-12-21 14:21 . 2007-12-21 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-21 14:04 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-21 14:04 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-21 14:04 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-21 14:04 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-21 14:04 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-21 14:04 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-21 14:04 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-21 14:04 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-21 14:04 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-21 14:02 . 2007-12-21 14:02 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-12-13 00:06 . 2007-12-13 00:06 <REP> d-------- C:\Program Files\X'nBeep 1.1
    2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\steve\Application Data\Participatory Culture Foundation
    2007-12-10 21:02 . 2007-12-10 21:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
    2007-12-10 21:01 . 2007-12-10 21:01 <REP> d-------- C:\Program Files\Participatory Culture Foundation
    2007-11-06 20:33 . 2007-11-06 20:33 <REP> d--hs---- C:\FOUND.011
    2007-11-04 23:15 . 2007-11-04 23:15 <REP> d-------- C:\Program Files\Odebit Multimédia

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-30 22:39 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
    2007-12-30 22:39 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
    2007-12-30 22:37 160 ----a-w C:\Program Files\aegqciyu.txt
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-05 21:19 19,168 ----a-w C:\Documents and Settings\steve\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 23:27 --------- d-----w C:\Program Files\Skype
    2007-10-30 23:27 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-11 06:13 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-10-11 06:13 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-10-11 06:13 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-10-11 06:13 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-10-11 06:13 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-10-10 23:49 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:49 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    .
    1. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe



    ((((((((((((((((((((((((((((( snapshot@2007-12-31_ 1.34.18.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-12-30 22:01 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 23:39 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll [2002-09-30 18:36 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2002-10-07 10:00]
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys [2002-11-20 03:29]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-31 11:07:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 12:17:36
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-31 12:22:08
    C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 11:22:04
    C:\qoobox\ComboFix3.txt 2007-12-31 00:35:04
    C:\qoobox\ComboFix2.txt 2007-12-31 01:49:34
    .
    2007-12-26 13:24:57 --- E O F ---




    Et ci-dessous le log.txt de Renv.exe:

    1. Ran on 2007-12-31 - 12:08:38.43
    2.  
    3. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe
    4.  
    5. Entries: 1 (1)
    6. Directories: 0 Files: 1
    7. Bytes: 1,833,984 Blocks: 3,582



    Merci beaucoup
    31 Décembre 2007 13:08:43

    re

    refais un scan avec RenV.exe, double clique dessus et poste le rapport :) 
    31 Décembre 2007 13:10:56

    1. Ran on 31/12/2007 - 13:09:40,66
    2.  
    3. ----a-w 1,833,984 2007-12-29 22:56:46 C:\Program Files\Odebit Multimédia\V3\Odebit .exe
    4.  
    5. Entries: 1 (1)
    6. Directories: 0 Files: 1
    7. Bytes: 1,833,984 Blocks: 3,582

    31 Décembre 2007 14:50:24

    Vous pensez que c'est bon maintenant ?

    Merci
    1 Janvier 2008 23:44:14

    bonjour

    lis ta messagerie privée
    (en haut à droite de l'écran)

  • Fait un glisser/déposer de ce fichier Log.txt crée précédement sur RenV.exe comme sur la capture ci dessous:



  • Un rapport (Log.txt) va s'ouvrir, ferme le

  • Double-clique sur combofix.exe.
  • Tape sur la touche 1 pour lancer le Scan.
  • Lorsque le scan sera complet, un rapport apparaîtra (localisé ici : C:\ComboFix.txt)
  • Copie/colle ce rapport dans ta prochaine réponse avec le rapport Log.txt.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS