Vundo Ge impossible à enlever.. aidez moi svp

Résolu
docjol Messages postés 20 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
j'ai un gros probléme avec le trojan vundo ge que antivir repère dans le fichier systeme32\wvwwv.dll mais qu'il est impossible de mettre en quarantaine ou d'effacer.
Curieusement vundofix le trouve dans mljgdaw.dll...
Je suis dans l'obligation de désactiver mon antivirus antivir pour ne pas avoir des messages intempestifs m'indiquant que je suis infecté.
Suivant les conseils donnés dans votre forum, j'ai effectué vundofix, virtumundo et combofix.
Je vous joins les rapports. en espérant que vous pourrez me dépanner pour éradiquer ce logiciel génant terriblement mon activité professionelle.
Merci à vous par avance.

Vundofix
VundoFix V6.7.7

Checking Java version...

Scan started at 02:56:36 27/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\mljgdaw.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljgdaw.dll
C:\WINDOWS\system32\mljgdaw.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Virtumundo

[12/27/2007, 3:41:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\VirtumundoBeGone[1].exe" )
[12/27/2007, 3:41:18] - Detected System Information:
[12/27/2007, 3:41:18] - Windows Version: 5.1.2600, Service Pack 2
[12/27/2007, 3:41:18] - Current Username: Joly (Admin)
[12/27/2007, 3:41:18] - Windows is in NORMAL mode.
[12/27/2007, 3:41:18] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:18] - Found: HKLM\...\Winlogon\Notify\mljgdaw - This is probably Virtumundo.
[12/27/2007, 3:41:18] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/27/2007, 3:41:18] - BHO list has been changed! Starting over...
[12/27/2007, 3:41:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:18] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:18] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:18] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:18] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:18] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/27/2007, 3:41:18] - ALERT: Found MSEvents Object!
[12/27/2007, 3:41:18] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:18] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:18] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:18] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:18] - *** Detected MSEvents Object
[12/27/2007, 3:41:18] - Trying to remove MSEvents Object...
[12/27/2007, 3:41:19] - Terminating Process: IEXPLORE.EXE
[12/27/2007, 3:41:19] - Terminating Process: RUNDLL32.EXE
[12/27/2007, 3:41:20] - Disabling Automatic Shell Restart
[12/27/2007, 3:41:20] - Terminating Process: EXPLORER.EXE
[12/27/2007, 3:41:20] - Suspending the NT Session Manager System Service
[12/27/2007, 3:41:20] - Terminating Windows NT Logon/Logoff Manager
[12/27/2007, 3:41:21] - Re-enabling Automatic Shell Restart
[12/27/2007, 3:41:21] - File to disable: C:\WINDOWS\system32\mljgdaw.dll
[12/27/2007, 3:41:21] - Renaming C:\WINDOWS\system32\mljgdaw.dll -> C:\WINDOWS\system32\mljgdaw.dll.vir
[12/27/2007, 3:41:21] - File successfully renamed!
[12/27/2007, 3:41:21] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/27/2007, 3:41:21] - Deleting ATLEvents/MSEvents Registry entries
[12/27/2007, 3:41:21] - Removing HKLM\...\Winlogon\Notify\mljgdaw
[12/27/2007, 3:41:22] - Searching for Browser Helper Objects:
[12/27/2007, 3:41:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[12/27/2007, 3:41:22] - BHO 2: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
[12/27/2007, 3:41:22] - BHO 3: {5C51A58C-15C3-4151-9C2D-98DB5C4A2B6D} ()
[12/27/2007, 3:41:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/27/2007, 3:41:22] - Checking for HKLM\...\Winlogon\Notify\wvwwv
[12/27/2007, 3:41:22] - Key not found: HKLM\...\Winlogon\Notify\wvwwv, continuing.
[12/27/2007, 3:41:22] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/27/2007, 3:41:22] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/27/2007, 3:41:22] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/27/2007, 3:41:22] - Finished Searching Browser Helper Objects
[12/27/2007, 3:41:22] - Finishing up...
[12/27/2007, 3:41:22] - A restart is needed.
[12/27/2007, 3:41:29] - Attempting to Restart via STOP error (Blue Screen!)

et combofix
ComboFix 07-12-21.4 - Joly 2007-12-27 4:13:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.474 [GMT 1:00]
Running from: C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Bureau\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Website.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.dat
C:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.exe
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_nav.dat
c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_navps.dat
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.

2007-12-27 02:56 . 2007-12-27 02:56 <REP> d-------- C:\VundoFix Backups
2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
2007-12-23 11:39 . 2007-12-26 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-20 20:39 . 2007-12-27 04:21 9,486 --ahs---- C:\WINDOWS\system32\vwwvw.ini
2007-12-20 20:39 . 2007-12-27 04:19 9,384 --ahs---- C:\WINDOWS\system32\vwwvw.ini2
2007-12-20 20:04 . 2007-12-23 01:26 314,624 --------- C:\WINDOWS\system32\wvwwv.dll
2007-12-20 19:58 . 2007-12-20 19:58 24,304 --a------ C:\WINDOWS\system32\mljgdaw.dll.vir
2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
2007-12-27 01:21 --------- d-----w C:\Program Files\eMule
2007-12-27 01:21 --------- d-----w C:\Program Files\Azureus
2007-12-26 19:05 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
2007-12-25 02:10 --------- d-----w C:\Program Files\Everest Poker
2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 07:22 --------- d-----w C:\Program Files\Google
2007-12-17 19:30 --------- d-----w C:\Program Files\Java
2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
2007-11-04 10:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ADA475-622F-45F7-A4DA-22D688460D19}]
2007-12-23 01:26 314624 --------- C:\WINDOWS\system32\wvwwv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\wvwwv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
C:\WINDOWS\Temp\RecoverFromReboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
D:\install\Workflow.exe

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 04:20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\wvwwv.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\wvwwv.dll
.
Completion time: 2007-12-27 4:22:28 - machine was rebooted
Configuration: Windows XP
Internet Explorer 6.0

30 réponses

  • 1
  • 2
  1. docjol Messages postés 20 Statut Membre
     
    Désolé mais je suis nouveau sur votre forum, hier j'ai posté une demande à Marie et la réponse ce matin a été de créer ma propre discussion pour qu'elle y voit plus clair.
    C'est ce que j'ai fait et maintenant tu me dis dene pas faire de doublon.
    J'ai comme l'impression que tout le monde n'a pas le même point de vue, ou alors j'ai tout pigé de travers.
    Excusez mes maladresses mais comme je l'ai dit plus haut, je suis novice sur ces forums... heureusement...
    0
  2. docjol Messages postés 20 Statut Membre
     
    Gros plantage de mon ordi que j'ai pu récupérer en mode sans echec.
    Par contre Vundo tjs présent..
    Que dois je faire pour que vous puissiez m'aider à éliminer de virus?
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge sur le bureau
    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    => Double-clic dessus
    => installe
    => Clic Do a system scan and save the log
    => coller le rapport
    si problème voir l'aide
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. docjol Messages postés 20 Statut Membre
     
    Voici le rapport:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:00:07, on 30/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  6. docjol Messages postés 20 Statut Membre
     
    Et maintenant que dois je faire?
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    il renommer hijack
    car il ne fait pas apparaitre ton infections vundo
    renomme le par exemple par
    docjol.exe
    ensuite refais un rapport et vérifie
    que cette ligne porte le docjol.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    il faut voir ceci
    C:\Program Files\Trend Micro\HijackThis\docjol.exe
    @+
    0
  8. docjol Messages postés 20 Statut Membre
     
    J'ai renommé mais ce que j'obtiens ne correspond pas à ta demande:
    Ceci dit je vois une ligne correspondant à mon fichier infecté syst32\wvwwv.dll
    Cela suffit il?
    Encore merci de ton attention.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:54:44, on 31/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\docjol.exe\docjol.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {B1D58FFB-51D8-49D4-B76D-4F3DAB4CE9CC} - C:\WINDOWS\system32\wvwwv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  9. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    maintenant Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  10. docjol Messages postés 20 Statut Membre
     
    Voila le rapport de combofix:
    ComboFix 07-12-21.4 - Joly 2007-12-27 4:13:11.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.474 [GMT 1:00]
    Running from: C:\Documents and Settings\Joly\Local Settings\Temporary Internet Files\Content.IE5\WVSXCD4J\ComboFix[1].exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Bureau\webmediaplayer.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Conditions générales.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Confidentialité.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes.\WebMediaPlayer\Website.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
    c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.dat
    C:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew.exe
    c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_nav.dat
    c:\Documents and Settings\Joly\Local Settings\Application Data\nfmbvwew_navps.dat
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\Conditions générales.url
    C:\Program Files\webmediaplayer\Confidentialité.url
    C:\Program Files\webmediaplayer\resources\languages_v2.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.exe
    C:\Program Files\webmediaplayer\Website.url
    C:\WINDOWS\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-27 02:56 . 2007-12-27 02:56 <REP> d-------- C:\VundoFix Backups
    2007-12-27 02:37 . 2007-12-27 02:37 <REP> d-------- C:\Program Files\Spyware-Secure
    2007-12-26 15:57 . 2007-12-26 15:57 <REP> d-------- C:\Documents and Settings\Joly\Application Data\Apple Computer
    2007-12-25 00:53 . 2007-12-25 00:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\WINDOWS\report
    2007-12-24 23:57 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\LPT$VPN.905
    2007-12-24 23:44 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Backup
    2007-12-24 23:44 . 2007-12-24 23:44 40,242,225 --a------ C:\WINDOWS\VPTNFILE.905
    2007-12-24 23:44 . 2007-12-24 23:44 1,906,226 --a------ C:\WINDOWS\tsc.ptn
    2007-12-24 23:44 . 2007-12-24 23:44 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2007-12-24 23:44 . 2007-12-24 23:44 267,845 --a------ C:\WINDOWS\tsc.exe
    2007-12-24 23:44 . 2007-12-24 23:44 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2007-12-24 23:44 . 2007-12-24 23:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2007-12-24 23:44 . 2007-12-24 23:59 823 --a------ C:\WINDOWS\tsc.ini
    2007-12-24 23:40 . 2007-12-24 23:44 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-24 23:40 . 2007-12-24 23:40 <REP> d-------- C:\WINDOWS\AU_Log
    2007-12-24 23:40 . 2007-12-24 23:40 170 --a------ C:\WINDOWS\GetServer.ini
    2007-12-24 23:39 . 2007-12-24 23:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-12-24 23:39 . 2007-12-24 23:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-12-24 23:39 . 2007-12-24 23:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-12-24 08:42 . 2007-12-24 08:42 15 --a------ C:\WINDOWS\system32\90c6198b
    2007-12-23 11:39 . 2007-12-26 13:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-23 11:39 . 2007-12-23 11:39 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-20 20:39 . 2007-12-27 04:21 9,486 --ahs---- C:\WINDOWS\system32\vwwvw.ini
    2007-12-20 20:39 . 2007-12-27 04:19 9,384 --ahs---- C:\WINDOWS\system32\vwwvw.ini2
    2007-12-20 20:04 . 2007-12-23 01:26 314,624 --------- C:\WINDOWS\system32\wvwwv.dll
    2007-12-20 19:58 . 2007-12-20 19:58 24,304 --a------ C:\WINDOWS\system32\mljgdaw.dll.vir
    2007-12-20 19:56 . 2007-12-20 19:56 <REP> d-------- C:\WINDOWS\Sun

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-27 01:22 --------- d-----w C:\Program Files\Mindscape
    2007-12-27 01:21 --------- d-----w C:\Program Files\eMule
    2007-12-27 01:21 --------- d-----w C:\Program Files\Azureus
    2007-12-26 19:05 --------- d-----w C:\Documents and Settings\Joly\Application Data\Azureus
    2007-12-25 02:10 --------- d-----w C:\Program Files\Everest Poker
    2007-12-24 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-19 07:22 --------- d-----w C:\Program Files\Google
    2007-12-17 19:30 --------- d-----w C:\Program Files\Java
    2007-11-25 23:38 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia Multimedia Player
    2007-11-25 20:55 --------- d-----w C:\Documents and Settings\Joly\Application Data\PC Suite
    2007-11-25 20:52 --------- d-----w C:\Documents and Settings\Joly\Application Data\Nokia
    2007-11-25 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
    2007-11-25 20:41 --------- d-----w C:\Program Files\Fichiers communs\Nokia
    2007-11-25 20:40 --------- d-----w C:\Program Files\Nokia
    2007-11-25 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
    2007-11-25 20:39 --------- d-----w C:\Program Files\DIFX
    2007-11-25 20:36 --------- d-----w C:\Program Files\PC Connectivity Solution
    2007-11-25 20:36 --------- d-----w C:\Program Files\7-Zip
    2007-11-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2007-11-25 14:03 --------- d-----w C:\Program Files\Panda Security
    2007-11-25 13:11 --------- d-----w C:\Documents and Settings\Joly\Application Data\DivX
    2007-11-25 13:07 --------- d-----w C:\Program Files\DivX
    2007-11-25 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
    2007-11-17 15:24 --------- d-----w C:\Program Files\QuickTime
    2007-11-17 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-11 13:02 283,648 ----a-w C:\WINDOWS\uninst.exe
    2007-11-11 10:48 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-11-08 16:12 --------- d-----w C:\Program Files\IncrediMail
    2007-11-04 10:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2007-11-03 18:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2007-11-03 17:54 --------- d-----w C:\Program Files\Fichiers communs\ODBC
    2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09ADA475-622F-45F7-A4DA-22D688460D19}]
    2007-12-23 01:26 314624 --------- C:\WINDOWS\system32\wvwwv.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 14:01]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 23:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" []
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 14:53]
    "SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-04-28 13:02]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-19 01:18]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-12 19:06]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\wvwwv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk
    backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
    C:\Program Files\BroadJump\Client Foundation\CFD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboot]
    C:\WINDOWS\Temp\RecoverFromReboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Workflow]
    D:\install\Workflow.exe

    R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
    R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
    S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-01-27 21:24]
    S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 07:43]

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-27 04:20:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\WINDOWS\system32\wvwwv.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\WINDOWS\system32\wvwwv.dll
    .
    Completion time: 2007-12-27 4:22:28 - machine was rebooted
    0
  11. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour une petite question
    c'est toi qui choisi de mettre CanalPlayer.exe
    dans tes sites de confiance

    répond à ça ensuite je te donne la manip à suivre
    @+
    0
  12. docjol Messages postés 20 Statut Membre
     
    Bonne question,
    je l'ai télécharger il y a peut etre 6 mois mais je ne m"'en suis quasi jamais servi et il est vite devenu envahissant, s'ouvrant au démarrage et étant à l'origine de ralentissements.
    Je pense qu'il se met en favoris automatiquement.
    Tu pense que le virus vient de là?
    Je veux bien me débarasser de media player.
    Quels sont les conséquences de ce genre de virus?
    Encore merci.
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    non ton soucis ne vient pas de celui-ci

    mais par sécurité nous le supprimons

    selectionne ceci

    registry::

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ADA475-622F-45F7-A4DA-22D688460D19}]

    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanalPlayer"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CanalPlayer"=-

    File::

    C:\WINDOWS\system32\vwwvw.ini
    C:\WINDOWS\system32\vwwvw.ini2
    C:\WINDOWS\system32\wvwwv.dll
    C:\WINDOWS\system32\mljgdaw.dll.vir


    => Copie le texte sélectionné (CTRL+C).
    => Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    => Colle le texte copié dans ce bloc-notes (CTRL+V).
    => Sauvegarde ce fichier sous le nom de CFScript.txt
    => Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    => Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    => Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    => Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    => Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    ensuite

    refais un nouveau rapport hijack
    @+
    0
  14. docjol Messages postés 20 Statut Membre
     
    Comme je travaille aujourd'hui tard, je ne suis pas sur de pouvoir le faire avt le réveillon.
    Je m'en occup dès demain.
    Encore merci et bon réveillon à toi.
    A +.
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok
    merci et bonne fêtes à toi ;-)
    @+
    0
  16. docjol Messages postés 20 Statut Membre
     
    Alors, j'ai fait comme tu m'as dit mais au redémmarrage de windows apres combofix, message d'erreur:
    Issas.exe - Erreur Systeme
    Isass.exe. Nom d'objet introuvable.
    La seule facon de redémarrer a été de prendre la derniere bonne config connue.
    A ce moment là, il n'a pu affiché le rapport combofix et le trojan semble avoir disparu car plus de messages d'erreur concernant ce virus.
    Par contre autre message concercernant Trojan Inject dans local setting\temp que je ne trouve pas.
    Maintenant cela a l'air de marcher.
    J'essaye un hijack:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:00, on 2007-12-31
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\docjol.exe\docjol.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  17. docjol Messages postés 20 Statut Membre
     
    Dernieres news de 2007....
    J'ai fait un nettoyage pour enlever les fichiers temporaires et le Inject semble avoir disparu.
    Plus de nouvelles de Vundo OUF..
    Reste juste le pb du demarrage qui ne peut se faire qu'en derniere bonne config car manque tjs ce fichier Isass...
    Bonne année...
    0
  18. docjol Messages postés 20 Statut Membre
     
    Salut,
    je n'ai pas compris ta question sur le pare feu.
    J'ai fait un scan avec mon antivirus hier soir et il semble qu'actuellement tout va bien, plus de pb au démarrage.
    Par contre voici le rapport de mon antivirus: qu'en pense tu?
    En tous cas encore merci pour ta précieuse aide.
    @ +
    AntiVir PersonalEdition Classic
    Report file date: lundi 31 décembre 2007 19:45

    Scanning for 996949 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: JOLY-76DB3399B9

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 06/09/2007 20:43:47
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 06/09/2007 20:43:47
    LUKE.DLL : 7.0.5.3 147496 Bytes 06/09/2007 20:43:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 06/09/2007 20:43:48
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:09:57
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 07:39:22
    ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 16:31:05
    ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 16:31:06
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 19:39:19
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 06/09/2007 20:43:47
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 19:39:21
    AVREG.DLL : 7.0.1.6 30760 Bytes 06/09/2007 20:43:47
    AVARKT.DLL : 1.0.0.20 278568 Bytes 06/09/2007 20:43:42
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 06/09/2007 20:43:43
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 06/09/2007 20:43:33
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 06/09/2007 20:43:33
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 06/09/2007 20:43:48

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 31 décembre 2007 19:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
    Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
    Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'SetIcon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '22' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\qoobox\Quarantine\catchme2007-12-31_184551.03.zip
    [0] Archive type: ZIP
    --> wvwwv.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ed735d.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\wvwwv.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '47f07384.qua'!

    End of the scan: lundi 31 décembre 2007 23:54
    Used time: 4:08:17 min

    The scan has been canceled!

    2554 Scanning directories
    148364 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    148362 Files not concerned
    943 Archives were scanned
    2 Warnings
    0 Notes
    0
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    oui en effet
    toujours présent wvwwv.dll

    relance vundofix http://www.atribune.org/ccount/click.php?id=4

    => Ne clique pas sur "Scan for a vundo"
    => Clique droit au milieu de la fenêtre
    => Clique sur Add more files ?
    => Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\vwwvw.dll.vir
    C:\WINDOWS\system32\wvwwv.dll

    => Clique sur Add files
    => Ensuite clique sur Close Windows
    => Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    => Si l'outil demande un redémarrage, accepte
    => Poste le rapport Vundofix,
    0
  • 1
  • 2