Sujet Précédent Sujet Suivant

Virtumonde à l'aide!!!

Fermé
yshaii - 16 janv. 2009 à 10:15
 yshaii - 16 janv. 2009 à 10:38
Bonjour,
Mon ordi a été infecté pas virtumonde... J'ai donc suivi les instructions en faisant appelle à Mawarebytes anti- malaware, ais il me disait qu'il y avait des fichiers qui n'étaient pas supprimé... J'ai donc ensuite utilisé combifox dont voici le rapport:

ComboFix 09-01-15.01 - JESS 2009-01-16 9:34:34.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1014.484 [GMT 1:00]
Lancé depuis: c:\documents and settings\JESS\Bureau\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\BOUIL\Application Data\HbTools_Icons
c:\documents and settings\BOUIL\Application Data\HbTools_Icons\games2.ico
c:\documents and settings\BOUIL\Application Data\HbTools_Icons\wallpapere1.ico
c:\windows\system32\elivnbmt.ini
c:\windows\system32\gOWvDJlm.ini
c:\windows\system32\gOWvDJlm.ini2
c:\windows\system32\KlSAyGgh.ini
c:\windows\system32\KlSAyGgh.ini2
c:\windows\system32\wstyiocu.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.

2009-01-16 07:44 . 2008-12-12 04:08 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-15 23:55 . 2009-01-15 23:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 23:55 . 2009-01-15 23:55 <REP> d-------- c:\documents and settings\JESS\Application Data\Malwarebytes
2009-01-15 23:55 . 2009-01-15 23:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 23:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 23:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-15 21:05 . 2009-01-15 21:05 <REP> d-------- c:\program files\Symantec
2009-01-15 21:05 . 2009-01-15 21:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 21:05 . 2009-01-15 21:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-15 21:05 . 2009-01-15 21:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 21:05 . 2009-01-15 21:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 21:04 . 2009-01-16 09:11 <REP> d-------- c:\windows\system32\drivers\NAV
2009-01-15 21:04 . 2009-01-15 21:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-15 21:03 . 2009-01-15 21:03 <REP> d-------- c:\program files\NortonInstaller
2009-01-15 21:03 . 2009-01-15 21:03 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-15 17:56 . 2009-01-15 17:56 <REP> d-------- c:\documents and settings\BOUIL\Application Data\Vso
2009-01-15 17:56 . 2009-01-15 17:56 87,608 --a------ c:\documents and settings\BOUIL\Application Data\ezpinst.exe
2009-01-15 17:56 . 2009-01-15 17:56 47,360 --a------ c:\documents and settings\BOUIL\Application Data\pcouffin.sys
2009-01-15 17:53 . 2009-01-14 21:12 262,144 --a------ c:\program files\Uninstall Ask Toolbar.dll
2009-01-15 15:12 . 2009-01-15 15:12 <REP> d-------- c:\program files\vghd
2009-01-15 15:12 . 2009-01-15 15:12 <REP> d-------- c:\documents and settings\JESS\Application Data\vghd
2009-01-15 15:12 . 2009-01-15 15:12 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-14 21:12 . 2009-01-14 21:12 <REP> d-a------ c:\program files\AskSBar
2009-01-13 14:20 . 2009-01-13 14:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Escape From Paradise
2009-01-13 13:07 . 2009-01-15 15:03 <REP> d-------- c:\program files\PlayFirst
2009-01-11 13:52 . 2009-01-11 13:52 <REP> d-------- c:\documents and settings\JESS\Application Data\ViquaSoft
2009-01-10 00:41 . 2009-01-13 21:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-10 00:41 . 2009-01-10 00:41 1,409 --a------ c:\windows\QTFont.for
2009-01-09 22:13 . 2009-01-09 22:13 <REP> d-------- c:\documents and settings\All Users\Application Data\DivoGames
2009-01-08 22:01 . 2009-01-08 22:01 <REP> d-------- c:\documents and settings\JESS\Application Data\Skip-Bo
2009-01-07 23:21 . 2009-01-07 23:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-01-07 18:15 . 2009-01-07 18:15 <REP> d-------- c:\documents and settings\All Users\Application Data\RealArcade
2009-01-07 14:13 . 2009-01-07 14:13 <REP> d-------- c:\program files\Astonsoft
2009-01-07 14:13 . 2009-01-07 14:32 <REP> d-------- c:\documents and settings\JESS\Application Data\DeepBurner
2009-01-07 13:13 . 2009-01-07 13:13 <REP> d-------- c:\documents and settings\JESS\Application Data\AVS4YOU
2009-01-07 13:13 . 2009-01-07 13:13 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-07 13:12 . 2009-01-07 13:13 <REP> d-------- c:\program files\Fichiers communs\AVSMedia
2009-01-07 13:12 . 2009-01-07 14:01 <REP> d-------- c:\program files\AVS4YOU
2009-01-07 13:12 . 2003-05-21 13:50 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-05 23:09 . 2009-01-05 23:09 <REP> d-------- c:\documents and settings\All Users\Application Data\NevoSoft Games
2009-01-04 22:04 . 2009-01-04 22:04 <REP> d-------- c:\documents and settings\JESS\Application Data\FirstColony
2009-01-04 18:32 . 2009-01-16 07:55 <REP> d-------- c:\program files\Spyware Doctor
2009-01-04 18:32 . 2009-01-05 09:51 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-04 18:32 . 2009-01-05 09:51 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-04 18:32 . 2009-01-05 09:51 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-04 18:32 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-04 18:31 . 2009-01-15 20:44 <REP> d-------- c:\program files\Norton Security Scan
2009-01-03 21:12 . 2009-01-03 21:12 <REP> d-------- c:\documents and settings\JESS\Application Data\World-LooM
2009-01-03 17:15 . 2009-01-03 17:15 <REP> d-------- c:\documents and settings\All Users\Application Data\Fugazo
2008-12-20 19:38 . 2008-12-20 19:38 <REP> d-------- c:\program files\bfgclient
2008-12-20 19:37 . 2009-01-12 22:02 <REP> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-19 23:10 . 2008-12-19 23:10 <REP> d-------- c:\documents and settings\JESS\Application Data\Meridian93
2008-12-17 22:56 . 2008-12-17 22:56 <REP> d-------- c:\documents and settings\All Users\Application Data\FreshGames

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 08:56 --------- d-----w c:\documents and settings\JESS\Application Data\Skype
2009-01-16 08:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 23:00 --------- d-----w c:\documents and settings\JESS\Application Data\skypePM
2009-01-15 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 20:05 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-15 20:04 --------- d-----w c:\program files\Norton AntiVirus
2009-01-15 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-15 16:56 --------- d-----w c:\program files\VSO
2009-01-15 14:11 --------- d-----w c:\program files\eMule
2009-01-15 14:03 --------- d-----w c:\program files\Zylom Games
2009-01-14 20:12 --------- d-----w c:\documents and settings\JESS\Application Data\PlayFirst
2009-01-09 20:09 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-08 21:01 --------- d-----w c:\documents and settings\JESS\Application Data\Zylom
2009-01-08 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-07 13:03 --------- d-----w c:\documents and settings\JESS\Application Data\EoRezo
2009-01-07 13:02 --------- d-----w c:\documents and settings\JESS\Application Data\BSplayer
2009-01-07 12:56 --------- d-----w c:\documents and settings\JESS\Application Data\Vso
2009-01-03 18:48 --------- d-----w c:\documents and settings\All Users\Application Data\HipSoft
2008-12-18 21:51 --------- d-----w c:\program files\Google
2008-12-14 21:58 --------- d-----w c:\documents and settings\JESS\Application Data\OpenOffice.org
2008-12-14 21:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-14 21:50 --------- d-----w c:\program files\JRE
2008-12-14 21:49 --------- d-----w c:\program files\Java
2008-12-12 21:45 --------- d-----w c:\program files\Chill
2008-12-12 21:26 --------- d-----w c:\program files\Oberon Media
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 17:13 --------- d-----w c:\program files\orange
2008-12-08 10:15 --------- d-----w c:\documents and settings\JESS\Application Data\U3
2008-10-18 19:52 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-01 21:28 0 ----a-w c:\program files\temp01
2008-06-15 11:53 262 ----a-w c:\documents and settings\JESS\Application Data\wklnhst.dat
2007-04-04 15:51 87,608 ----a-w c:\documents and settings\JESS\Application Data\ezpinst.exe
2007-04-04 15:51 47,360 ----a-w c:\documents and settings\JESS\Application Data\pcouffin.sys
2006-08-17 10:05 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-06-29 17:12 22 -csha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-09 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-01-05 1168264]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\JESS\Menu D‚marrer\Programmes\D‚marrage\
BoontyBox 01net.lnk - c:\program files\Boonty\BoontyBox\BoontyBox.exe [2006-08-19 857696]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-25 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ynghvm.dll pgzqcp.dll msxuwy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"vidc.X264"= x264vfw.dll
"vidc.mpng"= c:\program files\t@bvideo\[u]0/u.957\686\tabdec.dll
"vidc.mvjp"= c:\program files\t@bvideo\[u]0/u.957\686\tabdec.dll
"vidc.444p"= c:\program files\t@bvideo\[u]0/u.957\686\tabdec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-01-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-01-16 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys [2009-01-16 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-16 99376]
R4 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-01-16 115560]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-04 356920]
S3 jfdcd;jfdcd;\??\c:\docume~1\JESS\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\JESS\LOCALS~1\Temp\jfdcd.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
S4 Nwlety;Nwlety; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-01-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]

2009-01-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 18:30]

2009-01-09 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2009-01-16 c:\windows\Tasks\wkhmmrge.job
- c:\windows\system32\rundll32.exe [2004-08-05 09:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-OHE - c:\program files\Ohé\OHE.exe
HKLM-Run-EoEngine - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47b7ecdc06114aa681584e34d556c5e2
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47b7ecdc06114aa681584e34d556c5e2

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file://c:\program files\Sally's Salon\Images\stg_drm.ocx

c:\windows\Downloaded Program Files\FlyLoader.dll - O16 -: {48DF87EE-F2DE-11D8-BE7F-302050C10811}
hxxp://www.flysuite.com/flyword/loaderword_win_fr.cab

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243}
hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file://c:\program files\Sally's Salon\Images\armhelper.ocx
FF - ProfilePath - c:\documents and settings\JESS\Application Data\Mozilla\Firefox\Profiles\h7wxrzup.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home);user_pref(browser.link.open_external, 2
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 09:54:25
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????7????|?p???? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3245526263-4204053630-754232259-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5a,d5,5b,3f,59,a8,b5,fb,89,d1,be,84,50,8c,6d,bd,94,cd,4f,c8,f8,79,c5,
f2,34,6c,e9,4a,18,29,18,9f,87,70,58,51,22,f2,23,e9,b7,d5,79,b7,0f,34,91,7c,\
"??"=hex:90,84,5e,de,a5,26,12,33,90,ef,63,81,26,e8,84,3b
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\LVComS.exe
c:\program files\Hp\hpcoretech\comp\hptskmgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hp\Digital Imaging\bin\hpqimzone.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2009-01-16 10:03:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-16 09:02:50

Avant-CF: 21 401 030 656 octets libres
Après-CF: 29,256,134,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

296 --- E O F --- 2009-01-15 08:23:31


Pourriez vous me dire si je suis enfin débarassée de ce virtumonde... et si j'ai fais ce qu'il fallait...
Merci mille fois pour votre aide!!!
Cordialement.

1 réponse

Réponse 1 / 1
yshaii
16 janv. 2009 à 10:38
Voici le rapport de hijackthis effecté juste apres combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:37, on 16/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JESS\Bureau\scanner.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?47b7ecdc06114aa681584e34d556c5e2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?47b7ecdc06114aa681584e34d556c5e2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Sally's Salon\Images\stg_drm.ocx
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=2877a6dd2183e02cd8f8b53f94100ab2/aff=t_25oa_frca_wg/p/release/mumbo/wg_luxor_ar/luxor_ar/mjolauncher.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-63bb297085eb5551.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Sally's Salon\Images\armhelper.ocx
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ynghvm.dll pgzqcp.dll msxuwy.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0

Discussions similaires

Virtumonde.dll détècté avec spybot ??
Banban la tulipe -
dom -

18 réponses
Virtumonde.dll/.sci virus ?
core_quad -
scaravenger -

4 réponses