Y a-t-il une infection dans mon PC ?

[Glenor]

Bonjour à tous,

 

Mon pc portable est infesté par plusieurs virus trojan au niveau win32. J'identifie particulièrement l'un d'entre eux : virtumonde. Je mets en place une procédure d'éradication en recourant déjà à Hijacthis. Je vous soumets mon log en espérant que vous m'aiderez à fixer les lignes nuisibles. Je rmercie d'avance ceux qui m'apporteront leur aide. Très cordialement.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:54:44, on 22.05.2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

F:\Securite\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jura.ch:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.ju.ch;*.jura.ch;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {06226989-F900-4162-9F21-AFD40EEC9950} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {15AFF3E3-E06B-48F8-9298-2DAB80003C55} - (no file)

O2 - BHO: (no name) - {1A1D0F36-E58E-4132-A4CD-E45713A09E83} - (no file)

O2 - BHO: (no name) - {331E04D3-16FA-487D-BBBC-14492A4CF2DA} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6809DE80-B482-41F1-BFAF-EB73263F311D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - C:\WINDOWS\System32\nnnmkKeC.dll

O2 - BHO: MySidesearch Search Assistant - {9506910A-0F94-4ea1-B567-7070428B8B2B} - C:\WINDOWS\System32\mysidesearch_sidebar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {EA5D5461-9B4D-4E74-9F8B-E68EC2B2256F} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\Pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\System32\zentray.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Bluewin\QUICKH~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [{57537a6b-e59b-4827-b374-c75651a72212}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\{4e856afc-6087-346e-1986-068906bbe417}.dll" DllInit

O4 - HKLM\..\Run: [{52-23-3B-BC-DW}] c:\windows\system32\jpwnw64m.exe DWram

O4 - HKLM\..\Run: [bMab46108f] Rundll32.exe "C:\WINDOWS\System32\bebnfbgt.dll",s

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA6060] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4333] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA2889] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4915] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA5037] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4372] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA2002] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC4342] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\Run: [fwstatus.exe] C:\Program Files\Bluewin\Firewall\fwstatus.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB4260] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD1968] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB250] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD5025] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB1889] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD9992] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB3400] command /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD4373] cmd /c del "C:\WINDOWS\system32\wvUoNDtR.dll_old"

O4 - Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\notify.exe

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

O4 - Global Startup: GroupWise Notify.lnk = C:\NOVELL\GroupWise\notify.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Quick Help.lnk = C:\Program Files\Bluewin\Quick Help\bin\matcli.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://snt-tofs1/officescan/ClientInstall/WinNTChk.cab

O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://snt-tofs1/officescan/clientinstall/setupini.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://snt-tofs1/officescan/clientinstall/setup.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://snt-tofs1/officescan/clientinstall/RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207984501224

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O20 - Winlogon Notify: nnnmkKeC - C:\WINDOWS\SYSTEM32\nnnmkKeC.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Programme de lancement d'applicatifs Novell (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\OfficeScan NT\OfcPfwSvc.exe

O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe

O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - C:\Program Files\Novell\ZENworks\wm.exe

 

--

End of file - 12618 bytes