Tom's Guide > Forum > Sécurité - Virus > virumonde aidez moi

virumonde aidez moi

Forum Sécurité - Virus : virumonde aidez moi

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
babossa   12-09-2008 à 13:08:41

Bonjour,
je viens d'avoir une nouvelle machine sous vista.
J'ai choppe virumonde ca me ralentit tout. Spybot le trouve corrige le probleme mais ca revient aussitot apres. Mon antivirus c eset.
Voici le log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:40, on 12/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\zepeps\Program Files\DNA\btdna.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Applications\Utilitaires\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50410C1F-9A40-4EA1-A5A8-CF1608F96848} - C:\Windows\system32\opnMfffc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnlkliI.dll,#1
O4 - HKLM\..\Run: [4094f994] rundll32.exe "C:\Windows\system32\ktexapvh.dll",b
O4 - HKLM\..\Run: [BM43a7ca08] Rundll32.exe "C:\Windows\system32\xmjnylrq.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\zepeps\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Run] "C:\Users\zepeps\AppData\Roaming\Adobe\Manager.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\zepeps\AppData\Local\Temp\khfCttrQ.dll,#1
O4 - HKCU\..\Run: [BM43a7ca08] Rundll32.exe "C:\Users\zepeps\AppData\Local\Temp\cbyqiobu.dll",s
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] _0_3_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 6196 bytes

Merci de m'aider je suis perdu

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   12-09-2008 à 13:25:37
- 0 +

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
babossa   14-09-2008 à 14:14:05
- 0 +

Merci

J'ai reussi a m'en debarasser.
un coup de vundofix
combofix en sans echec
un coup de malwarebyte's anti malware
et enfin j'ai fixe les lignes en 04 infectees sous hijackthis.

Mainstenant a priori ca va, spybot ne detecte pas virumonde.
merci

Répondre à babossa
babossa   14-09-2008 à 14:15:43
- 0 +

Pour info voici le rapport que m'a donne combofix

ComboFix 08-09-10.04 - zepeps 2008-09-12 14:00:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1357 [GMT 2:00]
Endroit: C:\Users\zepeps\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\zepeps\AppData\Roaming\Adobe\Manager.exe
C:\Windows\system32\cbXPjHXO.dll
C:\Windows\system32\dDspNhEV.dll
C:\Windows\system32\hvpaxetk.ini
C:\Windows\system32\khfGayyY.dll
C:\Windows\system32\ktexapvh.dll
C:\Windows\system32\mljhICUK.dll
C:\Windows\system32\ojijmpro.dll
C:\Windows\system32\oPIbXOec.dll
C:\Windows\system32\opnmNDtT.dll
C:\Windows\system32\oyjosanl.dll
C:\Windows\system32\qomljKeD.dll
C:\Windows\system32\rqRhhifd.dll
C:\Windows\system32\vtusRJab.dll
C:\Windows\system32\xmjnylrq.dll

----- BITS: Possible sites infect‚s -----

http://pornotube30.net
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 12:02 --------- d-----w C:\Users\zepeps\AppData\Roaming\DNA
2008-09-12 11:51 --------- d-----w C:\Users\zepeps\AppData\Roaming\Malwarebytes
2008-09-12 11:51 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-12 11:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 11:29 --------- d-----w C:\Program Files\DNA
2008-09-12 07:21 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-12 06:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-11 16:48 --------- d-----w C:\Users\zepeps\AppData\Roaming\BitTorrent
2008-09-11 13:45 --------- d-----w C:\Users\zepeps\AppData\Roaming\Talkback
2008-09-10 19:13 --------- d-----w C:\Users\zepeps\AppData\Roaming\AdobeUM
2008-09-10 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-10 16:31 --------- d-----w C:\Users\zepeps\AppData\Roaming\SPORE
2008-09-10 16:24 --------- d-----w C:\Program Files\Electronic Arts
2008-09-10 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-10 12:26 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-09-09 17:44 --------- d-----w C:\Program Files\Activision
2008-09-09 16:30 --------- d-----w C:\Program Files\Sun
2008-09-09 16:30 --------- d-----w C:\Program Files\Java
2008-09-09 16:27 --------- d-----w C:\Program Files\Common Files\Java
2008-09-08 21:31 --------- d--h--r C:\Users\zepeps\AppData\Roaming\SecuROM
2008-09-07 16:17 --------- d-----w C:\Program Files\BitTorrent
2008-09-07 16:14 --------- d-----w C:\Users\zepeps\AppData\Roaming\uTorrent
2008-09-05 13:10 --------- d-----w C:\Users\zepeps\AppData\Roaming\GrabIt
2008-09-05 12:58 --------- d-----w C:\Users\zepeps\AppData\Roaming\Winamp
2008-09-04 19:14 --------- d-----w C:\Program Files\Windows Live
2008-09-04 19:13 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-04 19:10 --------- d-----w C:\ProgramData\WLInstaller
2008-09-04 14:59 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-09-04 14:54 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-09-04 14:54 --------- d-----w C:\Users\zepeps\AppData\Roaming\DAEMON Tools
2008-09-04 11:58 --------- d-----w C:\Program Files\Picasa2
2008-09-04 11:05 --------- d-----w C:\Users\zepeps\AppData\Roaming\Thinstall
2008-09-03 23:49 --------- d-----w C:\Program Files\Google
2008-09-03 13:36 --------- d-----w C:\Program Files\VideoLAN
2008-09-03 13:27 --------- d-----w C:\Users\zepeps\AppData\Roaming\vlc
2008-09-03 13:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-03 13:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-03 12:35 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-09-03 12:35 22,328 ----a-w C:\Users\zepeps\AppData\Roaming\PnkBstrK.sys
2008-09-03 12:21 --------- d-sh--w C:\ProgramData\Modèles
2008-09-03 12:21 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-09-03 12:21 --------- d-sh--w C:\ProgramData\Favoris
2008-09-03 12:21 --------- d-sh--w C:\ProgramData\Bureau
2008-09-03 12:21 --------- d-sh--w C:\Program Files\Fichiers communs
2008-09-03 12:00 --------- d-----w C:\Users\zepeps\AppData\Roaming\TuneUp Software
2008-09-03 12:00 --------- d-----w C:\ProgramData\TuneUp Software
2008-09-03 11:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-03 11:58 159,903 ----a-w C:\Windows\Marsu-Fix Uninstaller.exe
2008-09-03 11:58 --------- d-----w C:\Program Files\Marsu-Fix
2008-09-03 11:57 --------- d-----w C:\Users\zepeps\AppData\Roaming\ESET
2008-09-03 11:56 --------- d-----w C:\ProgramData\ESET
2008-09-03 11:56 --------- d-----w C:\Program Files\ESET
2008-09-03 11:53 --------- d-----w C:\Program Files\ATI
2008-09-03 11:40 --------- d-----w C:\Users\zepeps\AppData\Roaming\ATI
2008-09-03 11:40 --------- d-----w C:\ProgramData\ATI
2008-09-03 11:38 --------- d-----w C:\Program Files\ATI Technologies
2008-09-03 11:31 --------- d-----w C:\Program Files\Intel
2008-09-03 11:28 --------- d-----w C:\ProgramData\ma-config.com
2008-09-03 11:28 --------- d-----w C:\Program Files\ma-config.com
2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9B0E3A8-5EBD-40DB-A4E9-383544EDA588}]
2008-09-11 19:02 252928 --------- C:\Windows\system32\opnMfffc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitTorrent DNA"="C:\Users\zepeps\Program Files\DNA\btdna.exe" [2008-09-12 342848]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{39A9D6B3-60F1-4D07-8CF5-3174938664B8}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{ECEA12AA-566D-4E77-8264-68464CC52427}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{F5109295-71AC-42F3-9C8E-A803B191BF6C}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{AD261490-616C-4300-A031-C79464E4AF46}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{C8322193-2889-404F-881D-9B645C0DEDEE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0851DDF2-ED4D-43C0-B043-8898671067A9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{56FBA8DC-FFF7-4D39-9840-2863CC881FAB}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{25927DBF-F70D-4843-966C-D2EA8D5ADD27}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{B627D880-B4B4-41DC-987A-69EE933D7E43}"= UDP:D:\Applications\internet\utorrent.exe:µTorrent (TCP-In)
"{7F1ED53D-DF22-475D-9B83-94B19171EE6F}"= TCP:D:\Applications\internet\utorrent.exe:µTorrent (UDP-In)
"{5BEE700A-A8DE-47EB-9B1A-3B9A2B00FBE9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC2A356F-8476-4742-AC09-4304B8E7BD8F}"= UDP:D:\Applications\internet\torrent\utorrent.exe:µTorrent (TCP-In)
"{9032B251-CDA6-4F4F-ACDD-0B639DA8E61F}"= TCP:D:\Applications\internet\torrent\utorrent.exe:µTorrent (UDP-In)
"{0839D5F8-1A60-4486-84A2-0CD971971775}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{4EAD60E6-1526-405D-BD2C-861B5F0C2948}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{DE8E5339-CB9F-4518-9CC0-259E25162BAE}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{148F1C07-240D-407C-BC90-467180C8B95D}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{B1360ACE-9F05-487F-B085-814EF4ED2224}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{50C0A716-CE16-46E0-8A19-4402A86A6F69}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x86.sys [2007-12-17 46592]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-10 355584]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ BFE mpssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aa785ae-7ed4-11dd-9a85-001fc6a596e9}]
\shell\AutoRun\command - G:\setup\rsrc\Autorun.exe
\shell\dinstall\command - G:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3800659-7a91-11dd-b963-001fc6a596e9}]
\shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{50410C1F-9A40-4EA1-A5A8-CF1608F96848} - (no file)
HKLM-Run-MSServer - C:\Windows\system32\opnmNDtT.dll
HKLM-Run-4094f994 - C:\Windows\system32\ktexapvh.dll
HKLM-Run-BM43a7ca08 - C:\Windows\system32\ojijmpro.dll
ShellExecuteHooks-{CD912E69-1B5E-4B6D-B5C1-D34B5164F87B} - C:\Windows\system32\opnmNDtT.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\zepeps\AppData\Roaming\Mozilla\Firefox\Profiles\j8zf691t.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 14:03:44
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 14:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 12:04:59

Pre-Run: 81,944,244,224 octets libres
Post-Run: 83,994,017,792 octets libres

217 --- E O F --- 2008-09-10 12:32:00

Répondre à babossa
Angeldark   14-09-2008 à 19:58:34
- 0 +

Re,

Citation :

----- BITS: Possible sites infect‚s -----

http://pornotube30.net


Faudrait faire attention aux sites visités :o

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\Windows\system32\opnMfffc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9B0E3A8-5EBD-40DB-A4E9-383544EDA588}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > virumonde aidez moi
Aller à :

Il y a 791 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,183 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens