Aller au contenu

Zzokin

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Zzokin

  1. Zzokin
    Bonjour à toutes et à tous, Mon PC (XP SP2) est infecté par Virtumonde. J'ai fait un scan avec Combofix. Certains fichiers ont été effacés, mais je ne peux toujours pas réactiver lamise à jour automatique de Windows... Voici le log de Combofix Merci de votre aide ! Nicolas ComboFix 08-12-20.05 - Nico 2008-12-21 11:57:44.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.486 [GMT -5:00] Lancé depuis: c:\documents and settings\Nico\Desktop\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Nico\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_000006_.tmp.dll c:\windows\system32\ddcBSJyx.dll c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\micr0st.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\prunnet.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\xyJSBcdd.ini c:\windows\system32\xyJSBcdd.ini2 . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 )))))))))))))))))))))))))))))))))))) . 2008-12-21 11:12 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe 2008-12-21 11:10 . 2008-12-21 11:10 <DIR> d-------- c:\documents and settings\Administrator 2008-12-21 10:58 . 2008-12-21 11:53 <DIR> d-------- c:\program files\Spyware Doctor 2008-12-21 10:58 . 2008-12-21 11:00 <DIR> d-------- c:\program files\Common Files\PC Tools 2008-12-21 10:58 . 2008-12-21 10:58 <DIR> d-------- c:\documents and settings\Nico\Application Data\PC Tools 2008-12-21 10:58 . 2008-12-21 11:53 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-12-21 10:58 . 2008-12-21 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools 2008-12-21 10:58 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys 2008-12-21 10:58 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys 2008-12-21 10:58 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys 2008-12-21 10:58 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys 2008-12-21 10:58 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys 2008-12-21 10:07 . 2008-12-21 10:07 <DIR> d-------- C:\VundoFix Backups 2008-12-20 19:29 . 2008-12-20 19:29 <DIR> d-------- c:\program files\Windows Defender 2008-12-20 17:26 . 2008-12-20 17:26 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2008-12-20 17:26 . 2008-12-20 17:26 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2008-12-20 16:58 . 2008-12-20 16:59 <DIR> d-------- c:\documents and settings\Nico\Application Data\Media Player Classic 2008-12-20 11:21 . 2008-12-20 16:55 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-20 11:21 . 2008-12-20 11:21 1,409 --a------ c:\windows\QTFont.for 2008-12-17 21:45 . 2008-10-08 03:03 129,520 --a------ c:\windows\system32\pxafs.dll 2008-12-17 21:45 . 2008-10-08 03:03 9,200 --a------ c:\windows\system32\drivers\cdralw2k.sys 2008-12-17 21:45 . 2008-10-08 03:03 9,072 --a------ c:\windows\system32\drivers\cdr4_xp.sys 2008-12-16 08:22 . 2008-12-16 08:22 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-13 19:25 . 2008-12-13 19:35 <DIR> d-------- c:\program files\PC_GTA.ViceCity -rip- 2008-12-13 10:19 . 2008-10-03 05:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2008-12-09 19:35 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-12-09 19:35 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-12-09 19:35 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-12-09 19:35 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-12-09 19:35 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-12-09 19:35 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-12-09 19:35 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-12-09 19:35 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-12-09 19:35 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-12-09 19:29 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll 2008-12-07 09:53 . 2008-12-07 09:53 <DIR> d-------- c:\documents and settings\Nico\Application Data\dvdcss 2008-12-06 17:51 . 2008-12-06 17:51 <DIR> d-------- c:\program files\Nuclear Coffee 2008-12-06 17:39 . 2008-12-06 17:39 <DIR> d-------- c:\program files\AskBarDis 2008-12-06 13:39 . 2008-12-06 13:39 <DIR> d-------- c:\program files\Lavasoft 2008-12-06 13:39 . 2008-12-06 13:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-06 13:39 . 2008-12-06 13:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-01 21:00 . 2008-12-01 21:00 7,680 --ahs---- c:\windows\Thumbs.db 2008-12-01 07:55 . 2008-12-01 07:55 <DIR> d-------- c:\documents and settings\Nico\Application Data\InterVideo 2008-11-24 20:16 . 2008-11-24 20:16 <DIR> d-------- c:\program files\DVD Shrink 2008-11-24 20:16 . 2008-12-08 18:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-23 12:28 . 2008-12-01 19:52 40 --a------ C:\Auth.prof 2008-11-23 11:33 . 2008-11-23 11:33 <DIR> d-------- c:\program files\QuickTime Alternative 2008-11-23 11:33 . 2008-11-23 11:33 <DIR> d-------- c:\program files\Media Player Classic 2008-11-23 11:33 . 2008-11-23 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-23 11:33 . 2007-04-27 09:42 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx 2008-11-23 11:33 . 2007-04-27 09:42 49,152 --a------ c:\windows\system32\QuickTime.qts 2008-11-23 11:20 . 2008-11-23 11:20 <DIR> d-------- c:\program files\MPEG Streamclip 2008-11-23 11:09 . 2008-11-23 11:09 <DIR> d-------- c:\documents and settings\Nico\Application Data\MPEG Streamclip 2008-11-23 11:01 . 2008-11-23 11:02 <DIR> d-------- c:\program files\Super DVD Ripper 2008-11-22 10:17 . 2008-11-22 10:17 <DIR> d-------- c:\program files\Common Files\Vbox 2008-11-22 10:15 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 15:12 --------- d-----w c:\program files\PeerGuardian2 2008-12-21 01:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-20 22:36 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-20 22:26 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2008-12-20 22:26 --------- d-----w c:\program files\Symantec 2008-12-20 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-12-17 03:07 --------- d-----w c:\program files\Common Files\Adobe 2008-12-16 13:21 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-15 12:48 --------- d-----w c:\program files\Norton AntiVirus 2008-11-28 01:42 --------- d-----w c:\documents and settings\Nico\Application Data\foobar2000 2008-11-23 16:11 --------- d-----w c:\program files\QuickTime 2008-11-21 00:41 --------- d-----w c:\documents and settings\Nico\Application Data\AdobeUM 2008-11-20 00:05 --------- d-----w c:\program files\Apple Software Update 2008-11-20 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-11-19 23:54 --------- d-----w c:\program files\Common Files\Macromedia 2008-11-19 23:53 --------- d-----w c:\program files\Macromedia 2008-11-19 23:42 --------- d-----w c:\program files\Common Files\Macromedia Shared 2008-11-19 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision 2008-11-18 00:49 --------- d-----w c:\documents and settings\Nico\Application Data\PROject MT 2008-11-18 00:48 --------- d-----w c:\documents and settings\Nico\Application Data\vlc 2008-11-18 00:45 --------- d-----w c:\program files\PRMT7 2008-11-18 00:44 --------- d-----w c:\program files\Common Files\PROject MT 2008-11-18 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\PROject MT 2008-11-16 18:39 --------- d-----w c:\program files\Common Files\Ahead 2008-11-16 18:39 --------- d-----w c:\program files\Ahead 2008-11-16 18:34 --------- d-----w c:\program files\vlc-0.8.5 2008-11-15 15:31 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2008-11-14 13:41 --------- d-----w c:\documents and settings\Nico\Application Data\Sonic 2008-11-14 13:11 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-14 12:55 --------- d---a-w c:\program files\foobar2000 2008-11-12 13:23 --------- d-----w c:\program files\BitLord 2008-11-12 13:21 --------- d-----w c:\program files\7-Zip 2008-11-12 12:22 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-11 13:33 --------- d-----w c:\program files\CCleaner 2008-11-11 13:20 --------- d--h--w c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} 2008-11-11 13:20 --------- d-----w c:\program files\Eraser 2008-11-11 03:46 --------- d-----w c:\program files\MSXML 4.0 2008-11-11 02:56 --------- d-----w c:\documents and settings\Nico\Application Data\Symantec 2008-11-11 02:50 10,344 ----a-w c:\windows\system32\drivers\symlcbrd.sys 2008-11-10 17:57 0 --sha-r c:\windows\system32\drivers\TOSHIBA_Satellite P100_S3A2390D002_PSPA3C-SD300E.MRK 2008-11-10 17:57 --------- d-----w c:\program files\TOSHIBA 2008-11-10 17:54 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-10 17:54 --------- d-----w c:\program files\Intel 2008-11-10 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2008-11-10 17:53 --------- d-----w c:\program files\InterVideo 2008-11-10 17:53 --------- d-----w c:\documents and settings\Nico\Application Data\Intel 2008-11-10 17:52 --------- d-----w c:\program files\Synaptics 2008-11-10 17:52 --------- d-----w c:\program files\Microsoft.NET 2008-11-10 17:38 --------- d-----w c:\program files\Datalode 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Eraser"="c:\program files\Eraser\eraser.exe" [2007-12-22 916240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="launchapp" [X] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-15 7557120] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-14 1769472] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-07 4891472] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-28 c:\windows\system32\CHDAudPropShortcut.exe] "NDSTray.exe"="NDSTray.exe" [bU] "nwiz"="nwiz.exe" [2006-02-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2008-11-10 298] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-22 110592] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-27 155648] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-21 160792] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-10 99376] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920] S4 Cdfngule;Cdfngule; [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{260eb130-bf32-11dd-a6f7-0013026e09f2}] \Shell\AutoRun\command - 8ng8w.com \Shell\explore\Command - 8ng8w.com \Shell\open\Command - 8ng8w.com . Contenu du dossier 'Tâches planifiées' 2008-12-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-11-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Nico.job - c:\progra~1\NORTON~1\Navw32.exe [2007-05-23 12:13] 2008-11-10 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 00:00] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{49591340-A067-4D07-A200-382975C5817A} - c:\windows\system32\ddcBSJyx.dll Notify-qoMeEVom - qoMeEVom.dll . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = hxxp://shoptoshiba.ca/welcome IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PRMT7\PRMTIE\prmtie5.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PRMT7\PRMTIE\options.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PRMT7\PRMTIE\prmtie5.htm - IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PRMT7\PRMTIE\options.htm - LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll FF - ProfilePath - c:\documents and settings\Nico\Application Data\Mozilla\Firefox\Profiles\gufz1e59.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-21 12:02:47 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(996) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Norton AntiVirus\NAVAPSVC.EXE c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE . ************************************************************************** . Heure de fin: 2008-12-21 12:05:20 - La machine a redémarré [Nico] ComboFix-quarantined-files.txt 2008-12-21 17:05:17 Avant-CF: 58,472,075,264 bytes free Après-CF: 58,412,822,528 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 275 --- E O F --- 2008-12-18 04:00:42
×
×
  • Créer...