Trojan vitumonde

je viens de me remettre de cette saloperie, il faut que tu utilises combofix ca a marche directement pour moi ; apres, tu fais une analyse complete du systeme par ton antivirus et par spybot et c'est reparti.

infos sur combofix et d autres (que j ai pas teste) :
http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde

balance ton rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:37, on 13/08/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
C:\Program Files\CA\BrightStor ARCserve Backup\casmrtbk.exe
C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
C:\Program Files\HP\Cissesrv\cissesrv.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe
C:\WINDOWS\system32\Dfssvc.exe
c:\divalto\sys\DhsDivalto.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\BrightStor ARCserve Backup\RDS.EXE
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caloggerd.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\sysdown.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
c:\divalto\sys\DhsDivaAgent.exe
c:\divalto\sys\DhsServices.exe
c:\divalto\sys\DhsXlanServer.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
C:\Inetpub\wwwroot\PAPO\CRMEscalationService.exe
C:\Inetpub\wwwroot\PAPO\eWareEmailManager.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\Program Files\CA\BrightStor ARCserve Backup\Mediasvr.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\Program Files\CA\BrightStor ARCserve Backup\caauthd.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LQServer.exe
C:\WINDOWS\TEMP\TECEE2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\BrightStor ARCserve Backup\LDBServer.exe
C:\Program Files\CA\BrightStor ARCserve Backup\asalert.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\NCU\cpqteam.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\divalto\sys\DhSession.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: DhsDivalto.lnk = C:\divalto\sys\DhSession.exe (User 'Default user')
O4 - Startup: DhsDivalto.lnk = C:\divalto\sys\DhSession.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/...
O16 - DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} (XeWare Control) - http://srv-divalto/PAPO/Plugin/eWarePluginX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - https://srv-divalto.papo.fr:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED40} (Console d'administration de Security Server) - https://srv-divalto.papo.fr:4343/SMB/console/html/root/AtxConsole.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = papo.fr
O17 - HKLM\Software\..\Telephony: DomainName = papo.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA33FD94-004E-438D-8D5F-7CEB2591C107}: NameServer = 192.168.0.2,192.168.0.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = papo.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = papo.fr
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\Alert\ALERT.EXE
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Moteur de bases de données CA BrightStor (CASDBEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\DBENG.exe
O23 - Service: Service de découverte BrightStor de CA (CASDiscoverySvc) - CA - C:\Program Files\CA\SharedComponents\BrightStor\CADS\casdscsvc.exe
O23 - Service: Moteur de jobs CA BrightStor (CASJobEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\jobeng.exe
O23 - Service: Moteur de messages CA BrightStor (CASMsgEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\msgeng.exe
O23 - Service: Contrôleur de service CA Brightstor (CASSvcControlSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\caserved.exe
O23 - Service: Moteur de bandes CA BrightStor (CASTapeEngine) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\tapeeng.exe
O23 - Service: Serveur de domaine CA BrightStor (CASUnivDomainSvr) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\cadiscovd.exe
O23 - Service: Agent universel BrightStor de CA (CASUniversalAgent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\UniAgent\UnivAgent.exe
O23 - Service: Serveur d'appel de procédure distante CA (CATIRPC) - CA - C:\Program Files\CA\BrightStor ARCserve Backup\Catirpc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: HP Smart Array SAS/SATA Event Notification Service (Cissesrv) - Hewlett-Packard Company - C:\Program Files\HP\Cissesrv\cissesrv.exe
O23 - Service: HP Insight NIC Agents (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
O23 - Service: CRM Escalation Service (CRMEscalationService) - Unknown owner - C:\Inetpub\wwwroot\PAPO\CRMEscalationService.exe
O23 - Service: Serveur RPC de l'agent Backup BrightStor de CA (DbaRpcService) - CA - C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\DBASVR.exe
O23 - Service: Divalto DhsDivaAgent Version 6.1a (DhsDivaAgent) - Divalto - c:\divalto\sys\DhsDivaAgent.exe
O23 - Service: Divalto DhsDivalto Version 6.1a (DhsDivalto) - Divalto - c:\divalto\sys\DhsDivalto.exe
O23 - Service: Divalto DhsServices Version 6.1a (DhsServices) - Divalto - c:\divalto\sys\DhsServices.exe
O23 - Service: Divalto XLANSQL Version 6.1a (DhsXlanServer) - Divalto - c:\divalto\sys\DhsXlanServer.exe
O23 - Service: CRM E-Mail Manager (EmailManager) - ACCPAC International, Inc. - C:\Inetpub\wwwroot\PAPO\eWareEmailManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: CA BrightStor Backup Agent Remote Service (RemoteDbagent) - CA - C:\Program Files\CA\SharedComponents\BrightStor\DBAcommon\dbasqlr.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Hewlett-Packard Company - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

merci de ta rapidité c'est vraiment agreable!!!

utilise combofix et ensuite repost un rapport hijackthis

je ne peux pas telecharger combofix mais j'ai lancer vundofix et il n'a rien trouver

voila le lien pour dl combofix :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Que peux tu dire de mon premier rapport j'ai déjà remarqué que les ligne 02 et 20 avais disparus???

OS incompatible la version ne marche pas sur 2003 serveur!!!

je ne suis pas assez competent pour ton post, je pensais pouvoir l'analyser mais je ne saurais te dire ou est le probleme. sur mon pc c est facile parce que je connais les programmes mais la je bloque.

tente combofix, ca regle le pb

Je suis dans la merde il est revenu spyboy le retrouve dans les clef de registre

tentez les deux autres methodes avec le lien de mon premier post, bon courage

[08/12/2008, 15:08:03] - VirtumundoBeGone v1.5 ( "U:\VirtumundoBeGone.exe" )
[08/12/2008, 15:08:08] - User choose NOT to continue. Exiting...

[08/13/2008, 16:11:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur.PAPO\Bureau\VirtumundoBeGone.exe" )
[08/13/2008, 16:12:26] - Detected System Information:
[08/13/2008, 16:12:26] - Windows Version: 5.2.3790, Service Pack 2
[08/13/2008, 16:12:26] - Current Username: ADMINISTRATEUR (Admin)
[08/13/2008, 16:12:26] - Windows is in NORMAL mode.
[08/13/2008, 16:12:26] - Searching for Browser Helper Objects:
[08/13/2008, 16:12:26] - Finished Searching Browser Helper Objects
[08/13/2008, 16:12:26] - Finishing up...
[08/13/2008, 16:12:26] - Nothing found! Exiting...

Mechant ce trojan!!!

c est une vrai saloperie, je ne sais comment vous aider plus...

Merci de votre aide!!!