win32/adware.virtumonde.fp application

win32/adware.virtumonde.fp application - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !

Se connecter | Inscription

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : win32/adware.virtumonde.fp application

p0ussin

Profil : IDNaute

Plus d'informations

15-09-2008 à 19:36:46

Bonjour à tous,

Je suis un petit nouveau sur le forum, et je vous avoue que je ne viens pas dans un but désintéressé.

Mon ordi a contracté le virus win32/adware.virtumonde.fp application, et NOD32 a tendance à me rendre fou avec ça

Je vous colle mon rapport Hijackthis, Pouvez vous venir à mon aide ?

Merci d'avance !

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:12, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Documents and Settings\Mawine\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {30CFC982-36B6-458D-9AEF-4126F4E97B62} - C:\WINDOWS\system32\geedd.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\ljjkhhh.dll (file missing)
O2 - BHO: (no name) - {C2D8A131-4582-6A52-DA27-4CE607835CE7} - C:\WINDOWS\system32\wdym.dll (file missing)
O2 - BHO: (no name) - {C8DD2D1C-25E5-42BB-98CC-257A8E142BA7} - C:\Program Files\Internet Explorer\qidahuneb777444.dll
O2 - BHO: 0 - {CA0374FB-0571-47A7-F99F-638D77A898BC} - C:\Program Files\Windows NT\lagurigyb.dll (file missing)
O2 - BHO: {23d38190-aa40-2e09-3a94-8998d90bce2e} - {e2ecb09d-8998-49a3-90e2-04aa09183d32} - C:\WINDOWS\system32\lgovycup.dll (file missing)
O2 - BHO: (no name) - {EF8804B7-3462-45B1-8FCD-2F272AEF40D8} - C:\Program Files\Messenger\hotexyf4444.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [c8de5e43] rundll32.exe "C:\WINDOWS\system32\hjutpjtv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O20 - Winlogon Notify: ljjkhhh - ljjkhhh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ibusvfed.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8191 bytes

Liens sponsorisés

Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark

Profil : Helper

Plus d'informations

15-09-2008 à 19:46:32

Masquer

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

Télécharge ComboFix (sUBs) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

p0ussin

Profil : IDNaute

Plus d'informations

15-09-2008 à 19:50:09

Masquer

Merci beaucoup, je m'executte de suite =)

p0ussin

Profil : IDNaute

Plus d'informations

15-09-2008 à 20:18:30

Masquer

Pfiou ! quel parcours du combattant ! toujours est il que je pense avoir réussi.

Merci de ton aide en tout cas =) Que fais-je maintenant ?

Citation :

ComboFix 08-09-14.06 - Mawine 2008-09-15 19:54:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.594 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mawine\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\Bertrand KNITTEL\Application Data\install.dat
C:\Documents and Settings\Bertrand KNITTEL\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\Bertrand KNITTEL\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\Bertrand KNITTEL\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Bertrand KNITTEL\ResErrors.log
C:\Documents and Settings\Josiane KNITTEL\ResErrors.log
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Mawine\Cookies\mawine@edt02[2].txt
C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
C:\Program Files\MalwareAlarm\routines.dll
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\BMcbed6ddf.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\btdvkgmk.ini
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dvivaaxs.dll
C:\WINDOWS\system32\ebhghlem.ini
C:\WINDOWS\system32\gvadijvn.ini
C:\WINDOWS\system32\hcfovtfi.ini
C:\WINDOWS\system32\hdvwqxoy.dll
C:\WINDOWS\system32\hqpvhkkj.dll
C:\WINDOWS\system32\hrxjkfma.dll
C:\WINDOWS\system32\hsypfuuk.ini
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\icroso~1\?icrosoft\
C:\WINDOWS\system32\ikpuigfu.ini
C:\WINDOWS\system32\jovpfkff.ini
C:\WINDOWS\system32\kmfidoog.ini
C:\WINDOWS\system32\kunqlfnc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdeweyfx.ini
C:\WINDOWS\system32\melhghbe.dll
C:\WINDOWS\system32\mkgwfixc.ini
C:\WINDOWS\system32\mpvbbsjp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nxjrkjyq.ini
C:\WINDOWS\system32\ofjrlldt.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ppuwywqs.ini
C:\WINDOWS\system32\qbbjyvtf.ini
C:\WINDOWS\system32\qidgsqgp.dll
C:\WINDOWS\system32\qraljjmf.ini
C:\WINDOWS\system32\qygoqxex.ini
C:\WINDOWS\system32\rhttrlnn.ini
C:\WINDOWS\system32\rtnthini.ini
C:\WINDOWS\system32\sjdlaxky.ini
C:\WINDOWS\system32\slbadkjc.ini
C:\WINDOWS\system32\txojoxsw.ini
C:\WINDOWS\system32\vtjptujh.ini
C:\WINDOWS\system32\wetsxflx.ini
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wlgvatqc.ini
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wqqxjnic.ini
C:\WINDOWS\system32\xkcgcneh.ini
C:\WINDOWS\system32\xlfxstew.dll
C:\WINDOWS\system32\yjeefjxi.ini
C:\WINDOWS\system32\ypccaosa.ini
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ystem3~1\m?hta.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_DomainService
-------\Service_Network Monitor

((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.

2008-09-15 19:17 . 2008-09-15 19:24 <REP> d-------- C:\Program Files\SpyZooka
2008-09-15 19:10 . 2008-09-15 19:10 <REP> d-------- C:\VundoFix Backups
2008-08-19 20:55 . 2008-08-19 20:55 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 18:10 --------- d-----w C:\Documents and Settings\Mawine\Application Data\OpenOffice.org2
2008-09-01 16:44 --------- d-----w C:\Program Files\Wanadoo
2008-09-01 13:10 --------- d-----w C:\Documents and Settings\Josiane KNITTEL\Application Data\OpenOffice.org2
2008-07-31 05:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-12-23 15:59 260,632 ----a-w C:\Documents and Settings\Bertrand KNITTEL\Application Data\setup_fr[1].exe
2007-06-12 14:04 29,184 ----a-w C:\Documents and Settings\Bertrand KNITTEL\wn0069.exe
2007-06-12 13:47 29,184 ----a-w C:\Documents and Settings\Bertrand KNITTEL\wn0008.exe
2006-02-27 17:10 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-07-29 15:24 472 --sha-r C:\WINDOWS\QmVydHJhbmQgS05JVFRFTA\kApVxJL1vAk0mXcLpIlInE.vbs
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B4682EB-79A9-4666-AE26-D97A78CD37C2}]
2007-12-16 12:22 324608 --------- C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8DD2D1C-25E5-42BB-98CC-257A8E142BA7}]
2008-02-28 03:54 217088 --a------ C:\Program Files\Internet Explorer\qidahuneb777444.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-20 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bertrand KNITTEL^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Bertrand KNITTEL\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 18:33 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-05-12 23:00 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 03:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 10:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 16:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 16:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-05 19:00 61440 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 16:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{C2D8A131-4582-6A52-DA27-4CE607835CE7} - C:\WINDOWS\system32\wdym.dll
BHO-{CA0374FB-0571-47A7-F99F-638D77A898BC} - C:\Program Files\Windows NT\lagurigyb.dll
BHO-{e2ecb09d-8998-49a3-90e2-04aa09183d32} - C:\WINDOWS\system32\lgovycup.dll
BHO-{EF8804B7-3462-45B1-8FCD-2F272AEF40D8} - C:\Program Files\Messenger\hotexyf4444.dll
HKLM-Run-c8de5e43 - C:\WINDOWS\system32\hjutpjtv.dll
Notify-ljjkhhh - ljjkhhh.dll
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell.fr/myway
O15 -: Trusted Zone: *.amaena.com
O15 -: Trusted Zone: *.avsystemcare.com
O15 -: Trusted Zone: *.gomyhit.com
O15 -: Trusted Zone: *.imageservr.com
O15 -: Trusted Zone: *.imagesrvr.com
O15 -: Trusted Zone: *.onerateld.com
O15 -: Trusted Zone: *.trustedantivirus.com
O15 -: Trusted Zone: *.virusschlacht.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 20:10:32
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs charg‚es dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\geedd.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Heure de fin: 2008-09-15 20:14:26 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-15 18:14:18

Avant-CF: 66,126,393,344 octets libres
AprŠs-CF: 67,947,892,736 octets libres

278 --- E O F --- 2008-08-18 19:57:31

Angeldark

Profil : Helper

Plus d'informations

15-09-2008 à 21:16:38

Masquer

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

DirLook::
C:\Program Files\Internet Explorer

File::
C:\WINDOWS\system32\geedd.dll
C:\Program Files\Internet Explorer\qidahuneb777444.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B4682EB-79A9-4666-AE26-D97A78CD37C2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C8DD2D1C-25E5-42BB-98CC-257A8E142BA7}]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.

---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o

p0ussin

Profil : IDNaute

Plus d'informations

15-09-2008 à 23:47:57

Masquer

ET voila mon rapport comboFix :

Citation :

ComboFix 08-09-14.06 - Mawine 2008-09-15 23:38:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.613 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mawine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mawine\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Internet Explorer\qidahuneb777444.dll
C:\WINDOWS\system32\geedd.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.

2008-09-15 19:17 . 2008-09-15 19:24 <REP> d-------- C:\Program Files\SpyZooka
2008-09-15 19:10 . 2008-09-15 19:10 <REP> d-------- C:\VundoFix Backups
2008-08-19 20:55 . 2008-08-19 20:55 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 21:42 --------- d-----w C:\Documents and Settings\Mawine\Application Data\OpenOffice.org2
2008-09-01 16:44 --------- d-----w C:\Program Files\Wanadoo
2008-09-01 13:10 --------- d-----w C:\Documents and Settings\Josiane KNITTEL\Application Data\OpenOffice.org2
2008-07-31 05:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-23 15:59 260,632 ----a-w C:\Documents and Settings\Bertrand KNITTEL\Application Data\setup_fr[1].exe
2007-06-12 14:04 29,184 ----a-w C:\Documents and Settings\Bertrand KNITTEL\wn0069.exe
2007-06-12 13:47 29,184 ----a-w C:\Documents and Settings\Bertrand KNITTEL\wn0008.exe
2006-02-27 17:10 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-07-29 15:24 472 --sha-r C:\WINDOWS\QmVydHJhbmQgS05JVFRFTA\kApVxJL1vAk0mXcLpIlInE.vbs
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Internet Explorer ----

2008-06-23 11:21 625664 --a------ C:\Program Files\Internet Explorer\iexplore.exe
2008-02-28 03:54 217088 --a------ C:\Program Files\Internet Explorer\qidahuneb777444.dll
2006-11-17 21:27 5632 --------- C:\Program Files\Internet Explorer\fr-fr\iedw.exe.mui
2006-11-17 21:27 16384 --------- C:\Program Files\Internet Explorer\fr-fr\iexplore.exe.mui
2006-11-07 23:03 33792 --------- C:\Program Files\Internet Explorer\custsat.dll
2006-11-07 23:03 287744 --------- C:\Program Files\Internet Explorer\ieproxy.dll
2006-11-07 05:24 448 --a------ C:\Program Files\Internet Explorer\SIGNUP\install.ins
2006-10-17 14:04 69120 --a------ C:\Program Files\Internet Explorer\iedw.exe
2006-10-17 13:44 60416 --a------ C:\Program Files\Internet Explorer\hmmapi.dll
2006-10-17 13:44 32768 --------- C:\Program Files\Internet Explorer\fr-fr\hmmapi.dll.mui
2004-08-05 14:00 86016 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
2004-08-05 14:00 851 --a------ C:\Program Files\Internet Explorer\Connection Wizard\state.icw
2004-08-05 14:00 73728 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
2004-08-05 14:00 65536 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll
2004-08-05 14:00 617 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwx25b.dun
2004-08-05 14:00 61440 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll
2004-08-05 14:00 566 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwx25c.dun
2004-08-05 14:00 566 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwx25a.dun
2004-08-05 14:00 49152 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll
2004-08-05 14:00 40960 --a------ C:\Program Files\Internet Explorer\Connection Wizard\trialoc.dll
2004-08-05 14:00 352 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwip.dun
2004-08-05 14:00 32768 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll
2004-08-05 14:00 2921 --a------ C:\Program Files\Internet Explorer\Connection Wizard\phone.icw
2004-08-05 14:00 24576 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
2004-08-05 14:00 218624 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
2004-08-05 14:00 20480 --a------ C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
2004-08-05 14:00 197 --a------ C:\Program Files\Internet Explorer\Connection Wizard\msn.isp
2004-08-05 14:00 19 --a------ C:\Program Files\Internet Explorer\Connection Wizard\phone.ver
2004-08-05 14:00 176128 --a------ C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll
2004-08-05 14:00 16384 --a------ C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
2004-08-05 14:00 158 --a------ C:\Program Files\Internet Explorer\Connection Wizard\msicw.isp
2004-08-05 14:00 132 --a------ C:\Program Files\Internet Explorer\Connection Wizard\support.icw
2004-07-15 01:34 16896 --a------ C:\Program Files\Internet Explorer\MUI\0409\mscorier.dll
2003-02-21 04:43 16896 --a------ C:\Program Files\Internet Explorer\MUI\040C\mscorier.dll
2000-01-11 10:33 279040 -ra------ C:\Program Files\Internet Explorer\PLUGINS\NPWMin32.dll

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-20 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bertrand KNITTEL^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Bertrand KNITTEL\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-09-13 18:33 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-05-12 23:00 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 03:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 10:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2004-10-30 16:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 03:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 16:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-05 19:00 61440 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 16:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 23:42:23
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs charg‚es dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-15 23:45:23 - La machine a red‚marr‚ [Mawine]
ComboFix-quarantined-files.txt 2008-09-15 21:45:20
ComboFix2.txt 2008-09-15 18:14:29

Avant-CF: 68,076,343,296 octets libres
AprŠs-CF: 68,073,603,072 octets libres

174 --- E O F --- 2008-08-18 19:57:31

et mon rapport hijackthis :

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:34, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mawine\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/ [...] insctl.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6453 bytes

Merci encore pour ta réactivité

Angeldark

Profil : Helper

Plus d'informations

16-09-2008 à 12:33:20

Messages similaires

Dans l'actualité

Virtumonde digne successeur de Xupiter ?

Les pires virus de 2007

Les statistiques de Microsoft sur les malwares

Browzar qualifié comme Adware

Les téléchargements

Ressources relatives

Albums

Les derniers dossiers

Le comparatif des casques antibruit de 2008

7 jours avec Windows 7 : nos impressions

Ces entreprises high-tech au passé étonnant

TouchSmart : test des PC tactiles HP

Les offres partenaires