Infection multiple Résolu/Fermé

Question

Bonjour,
             suite à certains disfonctionnement recent dans mon P.C (Plus de bloquage de Popup, Virtumonde detecté pas Spybot, etc)
             Je me permet de poster le Log Hyjack, afin de trouver quelqu'un qui pourrait m'aider à eradiquer ces problemes.

             Vous remerciant par avance, à bientot...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:20:51, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Overlander\Mes documents\PC Inst\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {81b67966-7c72-d6eb-1184-df252b5270e1} - {1e0725b2-52fd-4811-be6d-27c766976b18} - C:\WINDOWS\system32\pbrugigu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CE5FBA24-A65A-4F78-9832-6FF1EE471B63} - C:\WINDOWS\system32\jkhfe.dll
O2 - BHO: (no name) - {FED51DF2-9644-4C58-9104-90244EDD6EEC} - C:\WINDOWS\system32\fccayaw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [2823862d] rundll32.exe "C:\WINDOWS\system32\hwgccucy.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: fccayaw - C:\WINDOWS\SYSTEM32\fccayaw.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ydylmtqj.exe (file missing)
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Pi_Xi · Answer

Bonjour,

télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

*  Double-clique sur VundoFix.exe
* Clique sur le bouton Scan for Vundo
* Si le programme te demande de supprimer des fichiers, dis oui
* Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Ensuite fais une analyse BitDefender: http://www.bitdefender.fr/scan8/
et poste le rapport stp.

Overlander24 · Answer

Dejà merci pour votre aide, voila le rapport en ce qui concerne Vundofix:

VundoFix V6.7.7

Checking Java version...

Scan started at 19:25:46 18/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\amlhyexs.dll
C:\WINDOWS\system32\deeogjpj.dll
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\eqphjqbw.dll
C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\hsxgwcra.dll
C:\WINDOWS\system32\hwgccucy.dll
C:\WINDOWS\system32\jiomjbvr.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkkjklm.dll
C:\WINDOWS\system32\jpjgoeed.ini
C:\WINDOWS\system32\mljhiif.dll
C:\WINDOWS\system32\pbrugigu.dll
C:\WINDOWS\system32\qroompnb.dll
C:\WINDOWS\system32\rtieurkp.dll
C:\WINDOWS\system32\ycuccgwh.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\amlhyexs.dll
C:\WINDOWS\system32\amlhyexs.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\deeogjpj.dll
C:\WINDOWS\system32\deeogjpj.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\eqphjqbw.dll
C:\WINDOWS\system32\eqphjqbw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccayaw.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\hsxgwcra.dll
C:\WINDOWS\system32\hsxgwcra.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hwgccucy.dll
C:\WINDOWS\system32\hwgccucy.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\jiomjbvr.dll
C:\WINDOWS\system32\jiomjbvr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhfe.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkkjklm.dll
C:\WINDOWS\system32\jkkjklm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jpjgoeed.ini
C:\WINDOWS\system32\jpjgoeed.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mljhiif.dll
C:\WINDOWS\system32\mljhiif.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pbrugigu.dll
C:\WINDOWS\system32\pbrugigu.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qroompnb.dll
C:\WINDOWS\system32\qroompnb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\rtieurkp.dll
C:\WINDOWS\system32\rtieurkp.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ycuccgwh.ini
C:\WINDOWS\system32\ycuccgwh.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccayaw.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hwgccucy.dll
C:\WINDOWS\system32\hwgccucy.dll Has been deleted!

Performing Repairs to the registry.
Done!

Pi_Xi · Answer

Il a bien travaillé :o)

Et le rapport BitDefender stp? ^^

Overlander24 · Answer

Bonjour, Pour le rapport Bit Defender je ne te l'ai pas posté car il a été clean aprés deux passages. Par contre, lorsque j'ai relancé Vundofix >> aucune détection, mais aprés avoir lancé Spybot il me detecte toujours 6 élements Virtumonde. Est ce normal ou faudrait il que je passe en mode sans echec avec décochage de point de restauration? (Encore merci pour tes preconisations tres precieuses)...

Overlander24 · Answer

Non, je n'avais pas redemarré, je te tiens au courant ce soir de l'évolution <:o§).

Overlander24 · Answer

Aprés redemarrage tout est nickel... Un MERCI de 250Go à toi. Dans l'espoir de te renvoyer l'ascenceur...

Overlander24 · Answer

Pi_Xi + Vundofix + Bitdefender = Mega Soluce

Infection multiple

7 réponses

Discussions similaires