Aller au contenu

j.bud

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    30

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par j.bud

  1. j.bud
    ok ça marche voici les log combofix1 ComboFix 07-08-26.3 - "j‚r‚mie" 2007-08-26 14:46:31.1 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.595 [GMT 2:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Autorun.inf C:\WINDOWS\cookies.ini D:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-26 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-26 12:36 6,473 ---hs---- C:\WINDOWS\system32\ppqss.bak1 2007-08-26 12:34 <REP> d-------- C:\Program Files\Trend Micro 2007-08-26 12:25 <REP> d-------- C:\VundoFix Backups 2007-08-26 12:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-08-26 11:41 <REP> d-------- C:\Program Files\hijack this 2007-08-25 20:21 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-08-25 20:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-08-25 20:20 <REP> d-------- C:\WINDOWS\AU_Temp 2007-08-25 17:09 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-25 17:09 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-25 17:09 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-25 17:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-25 17:09 <REP> d-------- C:\Program Files\Spyware Doctor 2007-08-25 17:08 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-25 13:11 <REP> d-------- C:\Program Files\Windows Defender 2007-08-25 12:48 <REP> d-------- C:\WINDOWS\system32\fr-fr 2007-08-25 12:45 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-25 12:30 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-25 12:19 <REP> d-------- C:\WINDOWS\AU_Backup 2007-08-24 23:48 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-08-24 23:48 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-08-24 23:48 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-08-24 23:48 <REP> d-------- C:\WINDOWS\AU_Log 2007-08-24 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2007-08-22 13:18 <REP> d-------- C:\DOCUME~1\JRMIE~1\Contacts 2007-08-22 13:17 <REP> d-------- C:\Program Files\MSN Messenger 2007-08-21 16:19 53,248 --a------ C:\WINDOWS\PalmDevC.dll 2007-08-21 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync 2007-08-21 16:17 <REP> d-------- C:\Program Files\palmOne 2007-08-20 15:20 2,278,912 --a------ C:\WINDOWS\system32\kernel1.exe 2007-08-20 12:16 <REP> d-------- C:\Program Files\CCleaner 2007-08-19 15:35 <REP> d-------- C:\Program Files\iTunes 2007-08-19 15:35 <REP> d-------- C:\Program Files\iPod 2007-08-19 15:34 <REP> d-------- C:\Program Files\QuickTime 2007-08-19 15:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-19 15:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-19 15:33 <REP> d-------- C:\Program Files\Apple Software Update 2007-08-19 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2007-08-19 15:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-19 13:54 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr 2007-08-18 21:25 0 --a------ C:\WINDOWS\system32\zlib.dll 2007-08-18 20:54 131 --a------ C:\WINDOWS\system32\Executor.exe.bat 2007-08-18 20:54 <REP> d-------- C:\Program Files\TGTSoft 2007-08-18 20:53 <REP> d-------- C:\WINDOWS\ShellNew 2007-08-18 20:53 <REP> d-------- C:\Program Files\ICEOWS 2007-08-18 20:27 <REP> d-------- C:\Program Files\eMule 2007-08-18 20:25 <REP> d-------- C:\Program Files\uTorrent 2007-08-18 20:03 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr 2007-08-18 20:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-18 20:00 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-08-18 20:00 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-08-18 20:00 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-08-18 18:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA 2007-08-18 18:21 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2007-08-18 17:55 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-08-18 17:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-18 17:02 <REP> d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-18 16:13 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-08-18 16:13 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-08-18 16:13 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-08-18 16:01 <REP> d-------- C:\Program Files\Google 2007-08-18 15:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-18 15:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-18 15:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer 2007-08-18 15:09 <REP> d-------- C:\WINDOWS\ServicePackFiles 2007-08-18 15:07 <REP> d-------- C:\WINDOWS\EHome 2007-08-18 13:27 7,202 --a------ C:\WINDOWS\mozver.dat 2007-08-18 13:27 335 --a------ C:\WINDOWS\nsreg.dat 2007-08-18 13:27 <REP> d-------- C:\Program Files\mozilla.org 2007-08-18 13:26 <REP> d-------- C:\Program Files\Lavasoft 2007-08-17 23:23 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-08-17 23:23 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-08-17 23:23 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-17 23:23 <REP> d-------- C:\Program Files\Alwil Software 2007-08-17 22:23 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-08-17 22:23 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-08-17 22:23 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-08-17 22:23 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-17 22:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-08-17 22:23 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-17 22:23 <REP> d-------- C:\WINDOWS\system32\bits 2007-08-17 22:16 9,728 --ah----- C:\WINDOWS\system32\rjpjfef.exe 2007-08-17 22:14 119 --a------ C:\WINDOWS\system32\nqmirf.bat 2007-08-17 22:13 43,542 --------- C:\WINDOWS\system32\vtuurpq.dll 2007-08-17 22:11 124 --a------ C:\WINDOWS\system32\kbzildcq.bat 2007-08-17 22:11 114 --a------ C:\WINDOWS\system32\xkin.bat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-21 16:17 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys 2007-08-18 17:16 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-18 17:16 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}] 2007-08-17 22:13 43542 --------- C:\WINDOWS\system32\vtuurpq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F}] C:\WINDOWS\System32\pmkhh.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 15:43] "nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 15:43 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\system32\vtuurpq.dll [2007-08-17 22:13 43542] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuurpq] vtuurpq.dll 2007-08-17 22:13 43542 C:\WINDOWS\system32\vtuurpq.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E80E0C06-D960-DF4A-B6E3-CC51B00095D0}] C:\WINDOWS\system32\Executor.exe Contents of the 'Scheduled Tasks' folder 2007-08-24 15:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-26 12:38:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 14:48:21 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-26 14:49:29 C:\ComboFix-quarantined-files.txt ... 2007-08-26 14:49 --- E O F --- combofix2 ComboFix 07-08-26.3 - "j‚r‚mie" 2007-08-26 14:52:19.2 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.549 [GMT 2:00] Command switches used :: /v vtuurpq ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-26 14:13 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-26 12:36 6,473 ---hs---- C:\WINDOWS\system32\ppqss.bak1 2007-08-26 12:34 <REP> d-------- C:\Program Files\Trend Micro 2007-08-26 12:25 <REP> d-------- C:\VundoFix Backups 2007-08-26 12:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-08-26 11:41 <REP> d-------- C:\Program Files\hijack this 2007-08-25 20:21 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-08-25 20:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-08-25 20:20 <REP> d-------- C:\WINDOWS\AU_Temp 2007-08-25 17:09 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-25 17:09 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-25 17:09 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-25 17:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-25 17:09 <REP> d-------- C:\Program Files\Spyware Doctor 2007-08-25 17:08 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-25 13:11 <REP> d-------- C:\Program Files\Windows Defender 2007-08-25 12:48 <REP> d-------- C:\WINDOWS\system32\fr-fr 2007-08-25 12:45 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-25 12:30 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-25 12:19 <REP> d-------- C:\WINDOWS\AU_Backup 2007-08-24 23:48 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-08-24 23:48 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-08-24 23:48 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-08-24 23:48 <REP> d-------- C:\WINDOWS\AU_Log 2007-08-24 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2007-08-22 13:18 <REP> d-------- C:\DOCUME~1\JRMIE~1\Contacts 2007-08-22 13:17 <REP> d-------- C:\Program Files\MSN Messenger 2007-08-21 16:19 53,248 --a------ C:\WINDOWS\PalmDevC.dll 2007-08-21 16:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HotSync 2007-08-21 16:17 <REP> d-------- C:\Program Files\palmOne 2007-08-20 15:20 2,278,912 --a------ C:\WINDOWS\system32\kernel1.exe 2007-08-20 12:16 <REP> d-------- C:\Program Files\CCleaner 2007-08-19 15:35 <REP> d-------- C:\Program Files\iTunes 2007-08-19 15:35 <REP> d-------- C:\Program Files\iPod 2007-08-19 15:34 <REP> d-------- C:\Program Files\QuickTime 2007-08-19 15:34 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-19 15:33 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-19 15:33 <REP> d-------- C:\Program Files\Apple Software Update 2007-08-19 15:32 <REP> d-------- C:\Program Files\Fichiers communs\Apple 2007-08-19 15:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-19 13:54 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr 2007-08-18 21:25 0 --a------ C:\WINDOWS\system32\zlib.dll 2007-08-18 20:54 131 --a------ C:\WINDOWS\system32\Executor.exe.bat 2007-08-18 20:54 <REP> d-------- C:\Program Files\TGTSoft 2007-08-18 20:53 <REP> d-------- C:\WINDOWS\ShellNew 2007-08-18 20:53 <REP> d-------- C:\Program Files\ICEOWS 2007-08-18 20:27 <REP> d-------- C:\Program Files\eMule 2007-08-18 20:25 <REP> d-------- C:\Program Files\uTorrent 2007-08-18 20:03 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr 2007-08-18 20:02 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-18 20:00 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-08-18 20:00 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-08-18 20:00 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-08-18 18:59 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA 2007-08-18 18:21 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2007-08-18 17:55 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-08-18 17:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-18 17:02 <REP> d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-18 16:13 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-08-18 16:13 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-08-18 16:13 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-08-18 16:13 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-08-18 16:01 <REP> d-------- C:\Program Files\Google 2007-08-18 15:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-18 15:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-18 15:23 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer 2007-08-18 15:09 <REP> d-------- C:\WINDOWS\ServicePackFiles 2007-08-18 15:07 <REP> d-------- C:\WINDOWS\EHome 2007-08-18 13:27 7,202 --a------ C:\WINDOWS\mozver.dat 2007-08-18 13:27 335 --a------ C:\WINDOWS\nsreg.dat 2007-08-18 13:27 <REP> d-------- C:\Program Files\mozilla.org 2007-08-18 13:26 <REP> d-------- C:\Program Files\Lavasoft 2007-08-17 23:23 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-08-17 23:23 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-08-17 23:23 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-17 23:23 <REP> d-------- C:\Program Files\Alwil Software 2007-08-17 22:23 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-08-17 22:23 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-08-17 22:23 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-08-17 22:23 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-17 22:23 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-08-17 22:23 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-17 22:23 <REP> d-------- C:\WINDOWS\system32\bits 2007-08-17 22:16 9,728 --ah----- C:\WINDOWS\system32\rjpjfef.exe 2007-08-17 22:14 119 --a------ C:\WINDOWS\system32\nqmirf.bat 2007-08-17 22:13 43,542 --------- C:\WINDOWS\system32\vtuurpq.dll 2007-08-17 22:11 124 --a------ C:\WINDOWS\system32\kbzildcq.bat 2007-08-17 22:11 114 --a------ C:\WINDOWS\system32\xkin.bat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-21 16:17 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys 2007-08-18 17:16 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-08-18 17:16 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}] 2007-08-17 22:13 43542 --------- C:\WINDOWS\system32\vtuurpq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F}] C:\WINDOWS\System32\pmkhh.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:\WINDOWS\soundman.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-08-11 15:43] "nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 15:43 C:\WINDOWS\system32\nvmctray.dll] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\system32\vtuurpq.dll [2007-08-17 22:13 43542] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuurpq] vtuurpq.dll 2007-08-17 22:13 43542 C:\WINDOWS\system32\vtuurpq.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E80E0C06-D960-DF4A-B6E3-CC51B00095D0}] C:\WINDOWS\system32\Executor.exe Contents of the 'Scheduled Tasks' folder 2007-08-24 15:04:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-26 12:38:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 14:53:22 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-26 14:54:33 C:\ComboFix-quarantined-files.txt ... 2007-08-26 14:54 C:\ComboFix2.txt ... 2007-08-26 14:49 --- E O F --- hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:55:18, on 26/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\vtuurpq.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F} - C:\WINDOWS\System32\pmkhh.dll (file missing) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1171598124125 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: vtuurpq - C:\WINDOWS\SYSTEM32\vtuurpq.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 7597 bytes antivir continu à me signaler les mêmes troyens merci de ton aide Jbud
  2. j.bud
    combo fix ne démarre pas
  3. j.bud
    antivir me repère un autre troyen xpack-gen sur la même dll
  4. j.bud
    salut bruce, voici le rapport de hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:08, on 26/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\AntiVir PersonalEdition Classic\update.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\igfqtvsw.dll O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\System32\vtuurpq.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8BA2FFBA-F745-4AF7-9A1C-69B5E11B4E5F} - C:\WINDOWS\System32\pmkhh.dll (file missing) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\ybffjser.dll",sitypnow O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1171598124125 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: vtuurpq - C:\WINDOWS\SYSTEM32\vtuurpq.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 8078 bytes et le rapport de vundo fix VundoFix V6.5.7 Checking Java version... Scan started at 12:25:28 26/08/2007 Listing files found while scanning.... C:\windows\system32\hhkmp.bak1 C:\WINDOWS\System32\hhkmp.bak2 C:\WINDOWS\System32\hhkmp.ini C:\WINDOWS\System32\hhkmp.ini2 C:\WINDOWS\System32\hhkmp.tmp C:\WINDOWS\System32\pmkhh.dll Beginning removal... Attempting to delete C:\windows\system32\hhkmp.bak1 C:\windows\system32\hhkmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\hhkmp.bak2 C:\WINDOWS\System32\hhkmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\System32\hhkmp.ini C:\WINDOWS\System32\hhkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\System32\hhkmp.ini2 C:\WINDOWS\System32\hhkmp.ini2 Has been deleted! Attempting to delete C:\WINDOWS\System32\hhkmp.tmp C:\WINDOWS\System32\hhkmp.tmp Has been deleted! Attempting to delete C:\WINDOWS\System32\pmkhh.dll C:\WINDOWS\System32\pmkhh.dll Has been deleted! Performing Repairs to the registry. Done! merci de ton aide j'ai remis antivir et il me repère un autre troyen sur la même dll que précédement
  5. j.bud
    salut à tous, je suis infecté par Vundo et Con Hook qu'avast à laisser passer. j'ai suivi la méthode de prédésinfection décrite dans le post épinglé. je vous livre le rapport d'antivir AntiVir PersonalEdition Classic Report file date: samedi 25 août 2007 23:08 Scanning for 1034549 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: jérémie Computer name: HOMÈRE Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 18:54:55 ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 18:54:55 ANTIVIR3.VDF : 6.39.1.44 2048 Bytes 25/08/2007 18:54:55 AVEWIN32.DLL : 7.4.1.63 2724352 Bytes 25/08/2007 18:54:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 25/08/2007 18:54:56 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 25 août 2007 23:08 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'swdsvc.exe' - '1' Module(s) have been scanned Scan process 'svcntaux.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 16 processes with 16 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD2 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD3 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD4 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [NOTE] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [NOTE] In the drive 'I:\' no data medium is inserted! Boot sector 'J:\' [NOTE] In the drive 'J:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\jérémie\Mes documents\Downloads\Style XP\Style XP\StyleXP [cura]\Keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/PESpin). Please verify the origin of the file [iNFO] The file was moved to '47499b65.qua'! C:\WINDOWS\system32\pmkhh.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [WARNING] The file could not be deleted! C:\WINDOWS\system32\vtuurpq.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] The file could not be deleted! C:\WINDOWS\system32\Tools\Restart.exe [DETECTION] Contains signature of the SPR/Destart.A program [iNFO] The file was deleted! Begin scan in 'D:\' <ancien pc> D:\réparation\SmitfraudFix\SmitfraudFix\Reboot.exe [DETECTION] Contains signature of the SPR/Tool.Reboot.C program [iNFO] The file was moved to '473348c4.qua'! D:\réparation\SmitfraudFix\SmitfraudFix\restart.exe [DETECTION] Contains signature of the SPR/Tool.Hardoff.A program [iNFO] The file was moved to '474448ca.qua'! D:\réparation\style xp\Style.XP.v3.14b.WinXP2003.Incl.Keygen.WORKING-ECLiPSE\Style.XP.v3.14b.Keygen.zip [0] Archive type: ZIP --> eclsxp31.exe [DETECTION] Contains signature of the SPR/Keygen.119808 program [iNFO] The file was moved to '474a4966.qua'! D:\réparation\style xp\Style.XP.v3.14b.WinXP2003.Incl.Keygen.WORKING-ECLiPSE\Style.XP.v3.14b.Keygen\eclsxp31.exe [DETECTION] Contains signature of the SPR/Keygen.119808 program [iNFO] The file was moved to '473d495e.qua'! Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 26 août 2007 11:34 Used time: 12:26:11 min The scan has been done completely. 5398 Scanning directories 267578 Files were scanned 8 viruses and/or unwanted programs were found 0 classified as suspicious: 1 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 267570 Files not concerned 4093 Archives were scanned 3 Warnings 0 Notes 0 Hidden objects were found et le rapport de hjt Logfile of HijackThis v1.99.1 Scan saved at 11:43:01, on 26/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\hijack this\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1171598124125 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe merci de m'aider à me débarrasser de ces saloperies J.Bud
×
×
  • Créer...