Votre question

Problème vundo.gen

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
25 Mars 2009 12:18:48

Bonjour, je viens d'allumer mon ordinateur et avira antiguard s'est lancé automatiquement, cependant il n'a pas pu réaliser la mise à jour et il plante dès le début du scan system. j'ai donc lancé combofix, un ami me l'avait conseillé en cas de virus ou autre. Seulement le trojan est toujours présent!!
Voici le deuxième rapport de combofix que je viens juste d'éffectuer:

ComboFix 09-03-23.01 - Petite Cerise 2009-03-25 12:09:02.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1569 [GMT 1:00]
Lancé depuis: c:\documents and settings\Petite Cerise\Mes documents\Telechargements\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 ))))))))))))))))))))))))))))))))))))
.

2009-03-25 11:52 . 2009-03-25 11:52 <REP> d-------- c:\program files\Trend Micro
2009-03-20 21:51 . 2008-04-14 03:34 70,656 --a------ c:\windows\AhnRpta.exe
2009-03-20 21:35 . 2008-08-19 17:50 91,189 --ahs---- C:\ARKE.tmp
2009-03-20 21:16 . 2005-09-19 00:00 25,264 --a------ c:\windows\system32\CH341DLL.DLL
2009-03-20 21:16 . 2006-01-12 00:00 19,392 --a------ c:\windows\system32\drivers\CH341WDM.SYS
2009-03-20 09:47 . 2009-03-20 09:48 <REP> d-------- c:\program files\POV-Ray for Windows v3.6
2009-03-20 09:27 . 2009-03-20 09:27 <REP> d-------- c:\program files\MSXML 4.0
2009-03-19 22:35 . 2009-03-19 22:35 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-19 22:30 . 2009-03-19 22:30 <REP> d-------- c:\program files\MSXML 6.0
2009-03-19 19:20 . 2009-03-19 19:20 <REP> d-------- C:\Sounds
2009-03-19 19:17 . 2009-03-19 19:17 <REP> d-------- c:\program files\Windows Media Connect 2
2009-03-19 19:16 . 2009-03-19 19:16 <REP> d-------- c:\windows\system32\LogFiles
2009-03-19 19:16 . 2009-03-19 19:19 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-03-19 19:14 . 2009-03-19 19:14 <REP> d-------- c:\program files\LG Electronics
2009-03-19 19:12 . 2009-03-19 19:41 <REP> d-------- c:\program files\LG PC Suite II
2009-03-19 19:12 . 2009-03-19 19:12 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\LG Electronics
2009-03-19 19:12 . 2007-11-08 16:26 1,164,728 --a------ c:\windows\system32\NMSDVDXU.dll
2009-03-19 19:12 . 2005-09-26 22:55 419,240 --a------ c:\windows\system32\Vsflex7L.ocx
2009-03-19 19:12 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2009-03-19 10:09 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-18 18:04 . 2009-03-18 18:04 <REP> d-------- c:\program files\GanttProject
2009-03-13 12:01 . 2009-03-13 12:01 <REP> d-------- c:\program files\Microsoft Works
2009-03-13 11:52 . 2009-03-13 11:52 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\DAEMON Tools Pro
2009-03-13 11:52 . 2009-03-13 11:52 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\DAEMON Tools
2009-03-13 11:51 . 2009-03-13 11:51 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-13 11:51 . 2009-03-13 11:53 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\DAEMON Tools Lite
2009-03-13 11:51 . 2009-03-13 11:51 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-13 11:44 . 2009-03-13 11:44 <REP> d-------- c:\program files\free-downloads.net
2009-03-13 11:44 . 2009-03-13 11:44 <REP> d-------- c:\program files\Conduit
2009-03-13 11:44 . 2009-03-13 11:44 <REP> d-------- c:\program files\Alcohol Soft
2009-03-13 11:42 . 2009-03-13 11:42 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-10 12:02 . 2009-03-17 14:07 <REP> d-------- c:\documents and settings\Petite Cerise\vpworkspace
2009-03-10 12:01 . 2009-03-10 12:01 <REP> d-------- c:\documents and settings\Petite Cerise\.vplls
2009-03-10 12:00 . 2009-03-17 14:07 <REP> d-------- c:\program files\VP Suite 3.4
2009-03-09 21:10 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-25 21:23 . 2009-03-25 12:01 <REP> d-------- c:\program files\DNA
2009-02-25 21:23 . 2009-02-25 21:23 <REP> d-------- c:\program files\BitTorrent
2009-02-25 21:23 . 2009-03-25 12:01 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\DNA
2009-02-25 21:23 . 2009-03-13 11:40 <REP> d-------- c:\documents and settings\Petite Cerise\Application Data\BitTorrent
2009-02-25 21:06 . 2009-02-25 21:07 <REP> d-------- C:\wamp
2009-02-25 20:49 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-19 21:34 --------- d-----w c:\program files\Microsoft SQL Server
2009-03-19 18:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 11:01 --------- d-----w c:\program files\MSBuild
2009-03-13 10:57 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-25 19:49 --------- d-----w c:\program files\Windows Live
2009-02-22 16:39 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\dvdcss
2009-02-20 11:23 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-17 20:06 --------- d-----w c:\program files\Microsoft.NET
2009-02-17 20:03 --------- d-----w c:\program files\Microsoft SQL Server 2005 Mobile Edition
2009-02-17 20:03 --------- d-----w c:\program files\Microsoft Device Emulator
2009-02-17 19:56 --------- d-----w c:\program files\HTML Help Workshop
2009-02-17 19:55 --------- d-----w c:\program files\Fichiers communs\Merge Modules
2009-02-17 19:48 --------- d-----w c:\program files\CE Remote Tools
2009-02-17 19:48 --------- d-----w c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-02-17 19:22 --------- d-----w c:\program files\CDBurnerXP
2009-02-17 19:22 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\Canneverbe_Limited
2009-02-17 18:52 --------- d-----w c:\program files\Reference Assemblies
2009-02-14 06:27 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\vlc
2009-02-14 06:26 --------- d-----w c:\program files\VideoLAN
2009-02-10 10:12 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\postgresql
2009-02-10 10:11 --------- d-----w c:\program files\PostgreSQL
2009-02-09 17:14 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-09 17:14 --------- d-----w c:\program files\Microsoft
2009-02-09 17:09 --------- d-----w c:\program files\Fichiers communs\Windows Live
2009-02-09 16:44 --------- d-----w c:\program files\PDFCreator
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 15:03 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-08 14:58 --------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\ConeXware
2009-02-04 18:48 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\InterTrust
2009-02-04 18:41 --------- d-----w c:\program files\Fichiers communs\Macromedia
2009-02-04 18:40 --------- d-----w c:\program files\Macromedia
2009-02-04 18:39 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-02-04 11:53 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-04 11:53 --------- d-----w c:\program files\Java
2009-02-04 11:20 --------- d-----w c:\program files\CONEXANT
2009-02-04 11:13 315,392 ----a-w c:\windows\HideWin.exe
2009-02-04 11:13 --------- d-----w c:\program files\Realtek
2009-02-04 11:03 --------- d-----w c:\program files\Intel
2009-02-04 11:02 --------- d-----w c:\program files\Synaptics
2009-02-04 10:54 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-04 10:54 --------- d-----w c:\program files\AGEIA Technologies
2009-02-04 10:24 --------- d-----w c:\program files\ma-config.com
2009-02-04 10:24 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-04 10:20 --------- d-----w c:\program files\SUYIN
2009-02-04 10:20 --------- d-----w c:\program files\ACER Crystal Eye webcam
2009-02-04 10:19 --------- d-----w c:\documents and settings\Petite Cerise\Application Data\InstallShield
2009-02-04 10:09 --------- d-----w c:\program files\Avira
2009-02-04 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-02-04 09:45 --------- d-----w c:\program files\Launch Manager
2009-02-04 07:09 --------- d-----w c:\program files\microsoft frontpage
2009-02-04 07:07 --------- d-----w c:\program files\Services en ligne
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-25 321344]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-11-23 203208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13594624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-18 827392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-04 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2008-12-08 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petite Cerise\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-02-04 49254]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-04-14 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:p ostgres port

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-25 55152]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [2009-01-30 94376]
S2 EnterpriseDBApachePHP;EnterpriseDB ApachePHP;"c:\program files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe" -k runservice --> c:\program files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [?]
S3 CH341;CH341WDM;c:\windows\system32\drivers\CH341WDM.SYS [2009-03-20 19392]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32afb760-fd15-11dd-961a-001cbf43df54}]
\Shell\AutoRun\command - F:\jm3cx96.bat
\Shell\open\Command - F:\jm3cx96.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{750b5035-16d2-11de-9644-001cbf43df54}]
\Shell\AutoRun\command - d1vmq.exe
\Shell\open\Command - d1vmq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e13049-158b-11de-9641-001cbf43df54}]
\Shell\AutoRun\command - F:\jm3cx96.bat
\Shell\open\Command - F:\jm3cx96.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98c66b5e-f2a0-11dd-9601-001cbf43df54}]
\Shell\AutoRun\command - 11rhbu.cmd
\Shell\open\Command - 11rhbu.cmd
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Petite Cerise\Application Data\Mozilla\Firefox\Profiles\6k7aqmyp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=2&q=
FF - component: c:\documents and settings\Petite Cerise\Application Data\Mozilla\Firefox\Profiles\6k7aqmyp.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFAlert.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 12:10:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-03-25 12:11:20
ComboFix-quarantined-files.txt 2009-03-25 11:11:18
ComboFix2.txt 2009-03-25 11:06:18

Avant-CF: 92 536 434 688 octets libres
Après-CF: 92,521,504,768 octets libres

206 --- E O F --- 2009-03-20 08:28:48

J'espère de tout cœur que vous pourrez m'aider ainsi que m'expliquer la procédure si cela venait à se reproduire.
Cordialement,
Manuela.

Autres pages sur : probleme vundo gen

Anonyme
26 Mars 2009 19:25:25

Bonsoir, je relance la discussion. J'ai de gros problèmes sur mon PC! Avira Antivir ne veut plus ni faire de mises à jour, ni scanner mon système.
Cordialement,
Manuela.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS