Votre question

Besoin d'aide : virus Virtumonde.FP appliqué C:\WINDOWS\system32\ddcyx

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Avril 2008 12:49:03

Bonjour à tous.
Depuis quelques jours mon antivirus (nod32) détecte un virus et n'arrive pas à l'isoler n'y à le neutraliser. Le rapport de Nod32 est :
Virus détecté en mémoire: application Win32/Adware.Virtumonde.FP. Infection de la mémoire système originaire du fichierC:\WINDOWS\system32\ddcyx.dll.

Si quelqu'un pourrait m'aider... plz

Autres pages sur : besoin aide virus virtumonde applique windows system32 ddcyx

a b 8 Sécurité
9 Avril 2008 13:02:52

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    9 Avril 2008 14:07:28

    Voilà le contrendu :

    Citation :
    ComboFix 08-04-08.9 - Nico 2008-04-09 13:57:05.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.647 [GMT 2:00]
    Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    C:\WINDOWS\BM03fead00.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\cbxuuts.dll
    C:\WINDOWS\system32\ddcyx.dll
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini2
    C:\WINDOWS\system32\fqxtbloh.dll
    C:\WINDOWS\system32\gvuevmst.dll
    C:\WINDOWS\system32\holbtxqf.ini
    C:\WINDOWS\system32\holbtxqf.ini2
    C:\WINDOWS\system32\jpiohtcm.dll
    C:\WINDOWS\system32\klkkj.ini2
    C:\WINDOWS\system32\mcluiayk.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\msjtrkks.ini
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\pmdimykw.ini
    C:\WINDOWS\system32\pstwa.ini
    C:\WINDOWS\system32\pstwa.ini2
    C:\WINDOWS\system32\skkrtjsm.dll
    C:\WINDOWS\system32\tmdknhry.dll
    C:\WINDOWS\system32\tsmveuvg.ini
    C:\WINDOWS\system32\ttutv.ini
    C:\WINDOWS\system32\ttutv.ini2
    C:\WINDOWS\system32\ungqdvle.dll
    C:\WINDOWS\system32\wkymidmp.dll
    C:\WINDOWS\system32\xycdd.ini
    C:\WINDOWS\system32\xycdd.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 18:11 . 2008-04-06 18:11 202,752 --a------ C:\WINDOWS\cndr32a.dll
    2008-04-06 18:11 . 2008-04-07 23:04 48 --a------ C:\smp.bat
    2008-04-02 15:08 . 2008-04-02 15:08 1,598,885 ---hs---- C:\WINDOWS\system32\rxlholpc.ini
    2008-03-31 19:18 . 2008-03-31 21:30 1,597,234 ---hs---- C:\WINDOWS\system32\thvwdevp.ini
    2008-03-30 19:57 . 2008-03-30 19:57 1,583,637 ---hs---- C:\WINDOWS\system32\veebisci.ini
    2008-03-30 18:08 . 2008-03-30 18:14 1,583,697 ---hs---- C:\WINDOWS\system32\denucunx.ini
    2008-03-30 14:24 . 2006-07-23 14:34 194,073 --a------ C:\WINDOWS\patcher.exe
    2008-03-30 14:19 . 2008-03-30 14:19 1,583,637 ---hs---- C:\WINDOWS\system32\nyujocnb.ini
    2008-03-29 14:33 . 2008-03-29 14:33 1,583,637 ---hs---- C:\WINDOWS\system32\fnrhiqhp.ini
    2008-03-28 18:21 . 2008-03-28 18:21 1,584,019 ---hs---- C:\WINDOWS\system32\cckphbwq.ini
    2008-03-28 17:12 . 2008-03-28 17:13 1,583,959 ---hs---- C:\WINDOWS\system32\vtgnjiim.ini
    2008-03-27 20:36 . 2008-03-27 19:58 1,583,550 --ahs---- C:\WINDOWS\system32\bhkgiwli.ini
    2008-03-27 19:58 . 2008-03-27 20:36 1,583,169 ---hs---- C:\WINDOWS\system32\casarmce.ini
    2008-03-27 19:49 . 2008-03-27 19:50 <REP> d-------- C:\Program Files\Windows Live
    2008-03-27 19:49 . 2008-03-27 19:49 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-27 19:48 . 2008-03-27 19:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-24 18:02 . 2008-03-24 18:02 <REP> d-------- C:\Program Files\PowerQuest
    2008-03-21 17:59 . 2008-03-21 17:59 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2008-03-21 17:59 . 2008-03-21 17:59 298,104 --a------ C:\WINDOWS\system32\imon.dll
    2008-03-21 17:59 . 2008-03-21 17:59 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
    2008-03-21 13:33 . 2008-03-21 15:01 32,764 --a------ C:\WINDOWS\17PHolmes2000351.exe
    2008-03-21 13:32 . 2008-03-30 20:00 53,692 --a------ C:\Program Files\serial.dat
    2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\WINDOWS\system32\wunauclt.exe
    2008-03-21 13:29 . 2006-10-07 21:44 424,136 --a------ C:\Program Files\wunauclt.exe
    2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\Nico\Application Data\SUPERAntiSpyware.com
    2008-03-19 19:28 . 2008-03-19 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-19 14:10 . 2008-03-19 14:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-19 14:09 . 2008-03-19 20:20 <REP> d-------- C:\Program Files\NetProject
    2008-03-19 13:33 . 2008-03-19 13:33 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-03-12 21:25 . 2008-03-12 21:25 57,344 --a------ C:\WINDOWS\dr.exe
    2008-03-10 21:29 . 2008-04-08 17:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-10 21:29 . 2008-03-10 21:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-09 19:37 . 2008-03-09 19:37 <REP> d-------- C:\Program Files\DAEMON Tools

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 12:02 --------- d-----w C:\Documents and Settings\Nico\Application Data\OpenOffice.org2
    2008-04-09 11:48 --------- d-----w C:\Program Files\Wanadoo
    2008-04-03 19:05 --------- d-----w C:\Documents and Settings\Nico\Application Data\uTorrent
    2008-03-24 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-21 16:07 --------- d-----w C:\Program Files\ESET
    2008-03-19 17:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-18 12:23 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-03-15 14:57 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-14 18:47 --------- d-----w C:\Program Files\Java
    2008-03-09 13:08 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-08 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-02-26 17:19 --------- d-----w C:\Program Files\DomPlayer
    2006-10-07 20:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
    2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.zip
    2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.tde
    2006-08-27 15:19 56,239 ----a-w C:\Program Files\svchosts.tbe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 13:06 196608]
    "DomPlayer Service"="C:\Program Files\DomPlayer\wakeservice.exe" [ ]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 16:29 7561216]
    "nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2007-10-27 13:06 24576]
    "MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2007-10-27 13:06 32768]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2007-10-27 13:07 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2007-10-27 13:07 53248]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42 1404928]
    "QuickTime Task"="E:\utils\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 13:24 217088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "adiras"="adiras.exe" []
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 16:29 86016]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "I downloaded pirated Software from P2P"="Warhammer 40K Dawn of War Dark Crusade" []
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-21 17:59 949376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{9d19a1a9-3cdf-4f15-a5ca-ea3905febded}"= C:\WINDOWS\system32\wcscqa.dll [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuuts]
    cbxuuts.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "E:\\utils\\eMule\\emule.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "E:\\Games\\JEUX\\Dawn Of War\\W40kWA.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25:TCP"= 25:TCP:192.168.0.0/255.255.255.0:Enabled:eliz


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\AutoRun\command - H:\AutoPlay.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5af0d51-d7ed-11dc-9c53-4d6564696130}]
    \Shell\AutoRun\command - powerpnt.exe /S "IXOvoeux2008.ppt"

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-20 10:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-21 19:00:00 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 13:00:36 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\user32.exe
    "2008-03-28 19:00:00 C:\WINDOWS\Tasks\At11.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-28 16:51:32 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-28 16:51:32 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-28 19:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-28 16:55:45 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-28 16:55:45 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-30 12:24:53 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-30 18:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-30 12:24:55 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 11:29:27 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 14:28:11 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 19:00:00 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 13:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 11:31:58 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-03-21 11:32:49 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\dr.exe
    "2008-03-21 11:32:49 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\user32.exe
    "2008-03-21 13:00:36 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\dr.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 14:02:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\Program Files\Eset\pr_imon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-09 14:04:51 - machine was rebooted [Nico]
    ComboFix-quarantined-files.txt 2008-04-09 12:04:35
    Pre-Run: 1,553,567,744 octets libres
    Post-Run: 1,862,176,768 octets libres
    .
    2008-03-11 21:49:22 --- E O F ---
    Contenus similaires
    a b 8 Sécurité
    9 Avril 2008 14:22:17

    On va continuer notre nettoyage :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    10 Avril 2008 13:13:53

    Désolé pour ma réponse tardive, mais grosse fête obligeai. :ange: 

    Voilà la rapport de MlwareByte's :
    Citation :

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 603

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 112348
    Temps écoulé: 3 hour(s), 8 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cndr32a.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{38e4618f-e3e4-42e9-925f-6b02c798bd94} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\cndr32a.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ungqdvle.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP85\A0018818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP86\A0018887.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B8FE1429-16DD-435C-8764-53ABBA085DFD}\RP93\A0021296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\WINDOWS\17PHolmes2000351.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Nico\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.


    PS : Je sais pas si ça peut influencer les manœuvres mais mon pc à effectuée une mise à jour automatique.

    Merci tout de même Mr, l'Ange Sombre !
    a b 8 Sécurité
    10 Avril 2008 17:52:38

    Reposte un rapport Hijackthis :) 
    10 Avril 2008 18:13:46

    Un rapport Hijackthis ? qu'est-ce ?
    11 Avril 2008 09:41:31

    Ah je crois avoir trouvé :whistle:  ... C'est la bonne version ?

    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:40:01, on 11/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\utils\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Warhammer 40K Dawn of War Dark Crusade
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F1C64B-A629-4FE8-A0B9-9B43CA25AB9F}: NameServer = 81.253.149.1 80.10.246.3
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 6718 bytes
    a b 8 Sécurité
    11 Avril 2008 12:45:20

    Re,

    Ton pc se comporte mieux ?

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] Warhammer 40K Dawn of War Dark Crusade
    O4 - HKCU\..\Run: [DomPlayer Service] C:\Program Files\DomPlayer\wakeservice.exe
    O20 - Winlogon Notify: cbxuuts - cbxuuts.dll (file missing)


    Supprime :
    C:\Program Files\DomPlayer
    12 Avril 2008 18:07:31

    Parfaitement mieux chers amis ! Je te remercie grandement. Si j'ai encore un soucis vis à vis de la suite, je reposterai.

    Encore merci ! :D 
    a b 8 Sécurité
    13 Avril 2008 11:13:42

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS