Sujet Précédent Sujet Suivant

[VirtuMonde] Infection

Résolu/Fermé
caarheim - 12 juin 2008 à 22:53
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 12 juin 2008 à 23:27
Bonjour,

J'ai été infecté par virtumonde qui a été détecté par spybot, mais impossible à supprimer définitivement avec.

J'ai donc suivi la procédure décrite par gaston77 ici : http://www.commentcamarche.net/forum/affich 4127943 adware virtumonde

J'ai les 3 fichiers log suivant et je ne sais pas les interpréter complètement, mais une ligne me semble bizzare :
O2 - BHO: (no name) - {FD91CB86-7057-4ECD-B5BA-F6396CC598FA} - C:\Users\Julien\AppData\Local\Temp\nnnnMGVp.dll (file missing)


Suis-je encore infecté ?


Merci d'avance.

_______________________________________________________________________________
VBG
_______________________________________________________________________________
[06/12/2008, 22:20:28] - VirtumundoBeGone v1.5 ( "C:\Users\Julien\Desktop\VirtumundoBeGone.exe" )
[06/12/2008, 22:20:38] - Detected System Information:
[06/12/2008, 22:20:38] - Windows Version: 6.0.6001, Service Pack 1
[06/12/2008, 22:20:38] - Current Username: Julien (Admin)
[06/12/2008, 22:20:38] - Windows is in NORMAL mode.
[06/12/2008, 22:20:38] - Searching for Browser Helper Objects:
[06/12/2008, 22:20:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[06/12/2008, 22:20:38] - BHO 2: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAfee Phishing Filter)
[06/12/2008, 22:20:38] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/12/2008, 22:20:38] - BHO 4: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
[06/12/2008, 22:20:38] - BHO 5: {B640C41E-B8EA-4235-A45A-3C94EDBF54A4} ()
[06/12/2008, 22:20:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/12/2008, 22:20:38] - Checking for HKLM\...\Winlogon\Notify\nnnnMGVp
[06/12/2008, 22:20:38] - Key not found: HKLM\...\Winlogon\Notify\nnnnMGVp, continuing.
[06/12/2008, 22:20:38] - BHO 6: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/12/2008, 22:20:38] - BHO 7: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
[06/12/2008, 22:20:38] - Finished Searching Browser Helper Objects
[06/12/2008, 22:20:38] - Finishing up...
[06/12/2008, 22:20:38] - Nothing found! Exiting...


_______________________________________________________________________________
ComboFix
_______________________________________________________________________________
ComboFix 08-06-10.5 - Julien 2008-06-12 22:27:01.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.2842 [GMT 2:00]
Endroit: C:\Users\Julien\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))))))))
.

2008-06-12 22:05 . 2008-06-12 22:05 <REP> d-------- C:\VundoFix Backups
2008-06-12 21:51 . 2008-06-12 21:51 <REP> d-------- C:\PerfLogs
2008-06-12 18:39 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-06-12 18:36 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-12 18:36 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-12 18:36 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-12 18:36 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-12 18:36 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-12 18:36 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-12 15:23 . 2008-06-12 15:25 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-12 15:23 . 2008-06-12 15:25 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-12 15:23 . 2008-06-12 15:23 <REP> d-------- C:\Program Files\Lavasoft
2008-06-12 14:33 . 2008-06-12 14:33 118 --a------ C:\Windows\System32\MRT.INI
2008-06-11 18:10 . 2008-06-12 19:09 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-11 18:10 . 2008-06-12 19:09 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-11 18:10 . 2008-06-12 19:11 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 18:08 . 2008-06-11 18:08 <REP> d-------- C:\Windows\System32\Adobe
2008-06-11 12:45 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 12:45 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 12:42 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 12:42 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-08 01:24 . 2008-06-09 22:42 <REP> d-------- C:\Program Files\Bridge Building Game
2008-06-08 00:50 . 2008-06-09 10:05 <REP> d-------- C:\Program Files\Armadillo Run Demo
2008-06-07 02:29 . 2008-06-09 10:05 <REP> d-------- C:\Program Files\Frozen-Bubble
2008-06-06 16:03 . 2008-06-06 16:03 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-06-06 16:02 . 2008-06-06 16:02 <REP> d-------- C:\Program Files\Real
2008-06-06 16:02 . 2008-06-06 16:03 <REP> d-------- C:\Program Files\Common Files\Real
2008-06-03 16:44 . 2008-06-12 11:00 <REP> d-------- C:\Users\Julien\AppData\Roaming\gtk-2.0
2008-06-03 16:43 . 2008-06-03 16:43 <REP> d-------- C:\Users\Julien\.thumbnails
2008-06-03 16:41 . 2008-06-12 11:03 <REP> d-------- C:\Users\Julien\.gimp-2.4
2008-06-03 16:41 . 2008-06-03 16:41 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-28 13:38 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 13:38 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 23:04 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-27 23:03 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-27 23:02 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-05-27 23:01 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-05-27 23:00 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-27 22:58 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-27 22:58 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-27 22:58 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-27 22:58 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-27 22:58 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-27 22:57 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-27 22:57 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-27 22:57 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-27 22:57 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-17 17:34 . 2008-05-17 17:34 <REP> d-------- C:\Square Soft, Inc
2008-05-17 16:50 . 2008-05-17 16:50 <REP> d-------- C:\Program Files\Square Soft, Inc
2008-05-17 16:50 . 1997-12-17 18:33 304,128 --a------ C:\Windows\IsUninst.exe
2008-05-17 16:45 . 2008-05-17 16:45 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-17 16:41 . 2008-05-17 16:41 <REP> d-------- C:\Users\Julien\AppData\Roaming\DAEMON Tools
2008-05-17 16:06 . 2008-05-17 16:06 <REP> d-------- C:\Users\Julien\AppData\Roaming\DAEMON Tools Pro
2008-05-17 15:53 . 2008-05-17 16:41 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-05-16 01:25 . 2008-05-16 01:25 <REP> d-------- C:\Users\Julien\dwhelper
2008-05-16 01:18 . 2008-05-16 01:18 <REP> d-------- C:\Users\Julien\AppData\Roaming\Talkback
2008-05-16 01:18 . 2008-05-16 01:18 0 --a------ C:\Windows\nsreg.dat
2008-05-14 19:30 . 2008-05-14 19:30 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 20:03 --------- d-----w C:\ProgramData\NVIDIA
2008-06-12 20:01 174 --sha-w C:\Program Files\desktop.ini
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Mail
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Journal
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-12 19:54 --------- d-----w C:\Program Files\Windows Calendar
2008-06-12 19:53 --------- d-----w C:\Program Files\Windows Defender
2008-06-12 19:03 --------- d-----w C:\Program Files\Java
2008-06-12 16:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-12 13:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 01:47 --------- d-----w C:\Users\Julien\AppData\Roaming\Azureus
2008-05-17 16:07 63,630 ----a-w C:\Users\Julien\AppData\Roaming\nvModes.dat
2008-05-17 14:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-16 08:46 --------- d-----w C:\Users\Julien\AppData\Roaming\Free Download Manager
2008-05-11 17:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 14:29 --------- d-----w C:\ProgramData\Azureus
2008-05-03 14:28 --------- d-----w C:\Program Files\Azureus
2008-04-30 09:52 --------- d-----w C:\Program Files\McAfee
2008-04-29 12:23 --------- d-----w C:\Users\Julien\AppData\Roaming\IGN_DLM
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-28 22:25 --------- d-----w C:\Program Files\Download Manager
2008-04-28 14:40 --------- d-----w C:\Users\Julien\AppData\Roaming\vlc
2008-04-28 14:33 --------- d-----w C:\Program Files\VideoLAN
2008-04-20 18:36 --------- d-----w C:\ProgramData\Creative
2008-04-19 11:05 --------- d-----w C:\Users\Julien\AppData\Roaming\Turbine
2008-04-15 14:33 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 14:32 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG
2008-03-11 11:05 74 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD91CB86-7057-4ECD-B5BA-F6396CC598FA}]
C:\Users\Julien\AppData\Local\Temp\nnnnMGVp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-23 07:34 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 07:58 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 11:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 03:00 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37 174872]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 15:26 775952]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-11 13:15 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 17:39 189736]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 00:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-06 16:02 185896]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 05:44 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-10 11:54 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-10 11:54 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-10 11:54 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-01-10 11:54 86016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-11 13:13:07 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 20:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89E2C113-1B49-4FE1-B776-1CC7D7AA2C83}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{C6E4998E-2905-468A-B7DB-9DB7ECAE254B}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{D9AD830E-674A-4398-8478-6565BB2C36A3}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D71F8F6E-12D8-4E67-AA14-F55C27666C73}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{768CDA44-579A-4CAE-AC3D-EE96CC69C985}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{A2D8266C-9239-4E8A-9AA6-10083117A567}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F900B300-0246-42BA-9BB0-CA53B4F0B8CE}"= UDP:C:\Windows\System32\dldocoms.exe:Dell 968 Server
"{6C6927A4-ED88-469F-84AF-CAFC40800163}"= TCP:C:\Windows\System32\dldocoms.exe:Dell 968 Server
"TCP Query User{DD1B76AA-DAF6-47DF-B6A4-11D657AE4A0A}C:\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{32EE7E7C-FC6A-40CF-B97A-59C889C3275A}C:\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{E514330C-7EC2-471D-B971-8A33B8BA617B}C:\\world of warcraft\\wow-2.3.3.7799-to-2.4.0.8089-frfr-downloader.exe"= UDP:C:\world of warcraft\wow-2.3.3.7799-to-2.4.0.8089-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{DF8B5840-17E0-407B-88A0-C33F35A246F3}C:\\world of warcraft\\wow-2.3.3.7799-to-2.4.0.8089-frfr-downloader.exe"= TCP:C:\world of warcraft\wow-2.3.3.7799-to-2.4.0.8089-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{E9B21F1B-AF6F-4C09-8BF5-C7A34F8C4BD2}C:\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-frfr-downloader.exe"= UDP:C:\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{D230CC67-3006-46EE-B0ED-D5D16D4637C9}C:\\world of warcraft\\wow-2.4.0.8089-to-2.4.1.8125-frfr-downloader.exe"= TCP:C:\world of warcraft\wow-2.4.0.8089-to-2.4.1.8125-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{AA3E053B-2131-423A-9F5F-BF667C08C73C}C:\\lotro\\lotroclient.exe"= UDP:C:\lotro\lotroclient.exe:lotroclient
"UDP Query User{A41E19F3-7909-4268-8F46-0DA660849FC8}C:\\lotro\\lotroclient.exe"= TCP:C:\lotro\lotroclient.exe:lotroclient
"{44BA3BEF-6A8A-4471-AC12-3205BFB19393}"= UDP:C:\Program Files\Download Manager\DLM.exe:Download Manager
"{E5F450FF-DE51-45D5-8D4E-DF007EC38FFE}"= TCP:C:\Program Files\Download Manager\DLM.exe:Download Manager
"TCP Query User{50559582-DD04-4338-8983-69F35E5A85FA}C:\\dungeons & dragons online - stormreach\\dndclient.exe"= UDP:C:\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"UDP Query User{78B8DD61-2E59-4D74-B4D4-0091584FD7FA}C:\\dungeons & dragons online - stormreach\\dndclient.exe"= TCP:C:\dungeons & dragons online - stormreach\dndclient.exe:dndclient
"TCP Query User{4943E482-F1D2-4301-BBC6-B69AFABA76D2}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{D5ABC33A-E63C-4916-B7AD-C94BF3B15E15}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 05:44]
R2 dldo_device;dldo_device;C:\Windows\system32\dldocoms.exe [2007-10-05 14:30]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 15:30]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 07:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 07:59]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 21:15]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 08:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-11 11:26:06 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-31 23:00:00 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-12 11:15:18 C:\Windows\Tasks\User_Feed_Synchronization-{29798442-F750-4D30-9084-4CC7DE34893B}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 22:31:50
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\DLAAPI_W.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\System32\CTSVCCDA.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-12 22:37:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 20:36:54

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 236,470,681,600 octets libres

249 --- E O F --- 2008-06-12 19:35:49




_______________________________________________________________________________
hijackthis
_______________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:59, on 12/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Julien\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {FD91CB86-7057-4ECD-B5BA-F6396CC598FA} - C:\Users\Julien\AppData\Local\Temp\nnnnMGVp.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/29.57/uploader2.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dldo_device - - C:\Windows\system32\dldocoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Gestion de l'alimentation de l'adaptateur réseau interne Dell (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

3 réponses

Réponse 1 / 3
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
12 juin 2008 à 23:05
Salut !!

Je vois ca de suspect : C:\Windows\system32\dldocoms.exe

Mais je ne vais pas te dire la fixer car je ne sais ce que c est.

Tu peux faire ceci :

relance hijackthis, cliques sur scan only et coche cette ligne :

O2 - BHO: (no name) - {FD91CB86-7057-4ECD-B5BA-F6396CC598FA} - C:\Users\Julien\AppData\Local\Temp\nnnnMGVp.dll (file missing)

ensuite clique sur fix checked.

au sinon, je ne vois pas d autres infections ;)
0
Réponse 2 / 3
caarheim
12 juin 2008 à 23:23
Merci pour la réponse.

C:\Windows\system32\dldocoms.exe est référencé comme une appli Dell (marque de mon portable :) )


J'ai fait un FixChecked, et comparé le nouveau log avec l'ancien, et le bidule bizarre a disparu.

Je vais voir si ca revient, mais je n'ai plus de plantage d explorer depuis le nettoyage.

Merci en tout cas ;)
0
Réponse 3 / 3
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
12 juin 2008 à 23:27
ok..mais de rien...Si tu ne rencontre plus de problemes, tu peux mettre résolu en haut de ton topic

@+
0

Discussions similaires

Virtumonde.dll détècté avec spybot ??
Banban la tulipe -
dom -

18 réponses
Virtumonde.Dll
speedyyamas12 -
jlpjlp -

22 réponses
Virtumonde infeste .DLL file
hydracom -
hydracom -

17 réponses
Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
Virtumonde
ebproseller -
jlpjlp -

23 réponses