Besoin d'aide avec Virtumonde

Voila le premier rapport. À la suite du nettoyage, le logiciel m'a informé que certaines infections n'avaient pas pu être effacées. Je continu avec la deuxième étape.

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 947
Windows 5.1.2600 Service Pack 2

18:32:29 2008-07-13
mbam-log-7-13-2008 (18-32-29).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 131498
Temps écoulé: 31 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUomlkK.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yhudgyjs.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f84e4fe-2151-4a19-ac0f-ab3c0ca0d9d8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6f84e4fe-2151-4a19-ac0f-ab3c0ca0d9d8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4cdb640c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77244082-d27e-416c-9661-fad640973fce} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm4fe85790 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtuomlkk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtuomlkk -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\vtUomlkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\KklmoUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KklmoUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhudgyjs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sjygduhy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP377\A0027775.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP378\A0027830.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP378\A0028843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNeCuV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayXqNdc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4fe85790.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM4fe85790.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Voici le rapport de Combofix. Je n'ai plus les problèmes que j'ai connu au démérage. Je crois que ça y est, j'attend ta confirmation.

MERCI!!

ComboFix 08-07-13.6 - Utilisateur 2008-07-13 18:44:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.495 [GMT -4:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\KklmoUtv.ini
C:\WINDOWS\system32\KklmoUtv.ini2
C:\WINDOWS\system32\moeyjk.dll
C:\WINDOWS\system32\nqewjipw.ini
C:\WINDOWS\system32\qfwsffix.dll
C:\WINDOWS\system32\vtUomlkK.dll
C:\WINDOWS\system32\yhudgyjs.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 17:59 . 2008-07-13 17:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-13 17:59 . 2008-07-13 17:59 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-07-13 17:59 . 2008-07-13 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 17:59 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-13 17:59 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 16:14 . 2008-07-13 16:14 <REP> d-------- C:\Program Files\Panda Security
2008-07-13 14:54 . 2008-07-13 14:54 <REP> d-------- C:\VundoFix Backups
2008-07-13 12:56 . 2008-07-13 12:56 93 --a------ C:\WINDOWS\wininit.ini
2008-07-01 17:27 . 2008-07-01 17:27 <REP> d-------- C:\WINDOWS\Can You See What I See
2008-07-01 17:27 . 2008-07-01 17:29 <REP> d-------- C:\Program Files\Can You See What I See
2008-06-15 12:31 . 2008-06-15 12:31 <REP> d-------- C:\Program Files\XP Codec Pack
2008-06-15 12:31 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 22:51 --------- d-----w C:\Program Files\lg_fwupdate
2008-07-13 16:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 16:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 15:54 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-12 01:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-28 17:11 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Skype
2008-06-23 22:32 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 13:18 --------- d-----w C:\Program Files\World of Warcraft
2008-06-07 23:02 --------- d-----w C:\Program Files\DivX
2008-06-07 00:41 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\ForgottenRiddles
2008-06-07 00:09 --------- d-----w C:\Program Files\Pogo Games
2008-05-24 14:25 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\U3
2008-04-05 14:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 13:38 534200]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 04:42 202088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-17 11:37 249856]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 10:16 949376]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 22:33 5898240]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 17:45 279912]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 17:46 709992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"nwiz"="nwiz.exe" [2006-07-24 22:33 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22154:TCP"= 22154:TCP:BitComet 22154 TCP
"22154:UDP"= 22154:UDP:BitComet 22154 UDP
"55555:TCP"= 55555:TCP:BitComet 55555 TCP
"55555:UDP"= 55555:UDP:BitComet 55555 UDP
"24684:TCP"= 24684:TCP:BitComet 24684 TCP
"24684:UDP"= 24684:UDP:BitComet 24684 UDP
"25308:TCP"= 25308:TCP:BitComet 25308 TCP
"25308:UDP"= 25308:UDP:BitComet 25308 UDP
"11660:TCP"= 11660:TCP:BitComet 11660 TCP
"11660:UDP"= 11660:UDP:BitComet 11660 UDP
"8619:TCP"= 8619:TCP:BitComet 8619 TCP
"8619:UDP"= 8619:UDP:BitComet 8619 UDP
"25842:TCP"= 25842:TCP:BitComet 25842 TCP
"25842:UDP"= 25842:UDP:BitComet 25842 UDP

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 17:45]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68e9e982-0faa-11dd-a0ed-0008028de094}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-20 04:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKLM-Run-NWEReboot - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 18:51:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-13 18:56:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 22:55:54

Pre-Run: 55,494,823,936 octets libres
Post-Run: 55,592,128,512 octets libres

159 --- E O F --- 2008-07-08 22:46:16

Je viens de m'appercevoir qu'il y a encore un problème. Il m'est impossible de fermer l'ordinateur à partir du menu Démarer de Windows. Lorsque j'essai, mon anti-virus(NOD32) se désactive et c'est tout.

Je viens de faire les mise à jour de Explorer et voici le dernier rapport de HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:01, on 2008-07-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Merci pour ton aide, je crois m'avoir débarassé de Virtumonde avec Spybot.

Cependant, je continu à recevoir une alerte au démarage :

C:\Windows\system32\qkmenive.dll Le module spécifié est introuvable

Et chaque fois que je redémare, la fonction mise à jour automatique de Windows est toujours désactivé. Est-ce que ça pourait être des trace de Virtumonde encore?

Merci pour ton aide.

tu a lair calé avec ce pb peux tu venir m aider? MERCI

Voici pour le fichier Can you see what I see. Je ne crois pas qu'il y est vraiment de probleme ici, ce n'est que jeux.

Je t'envoi le dernier scan dans 1 min. J'ai aussi fais un scan avec RAV et il n'y avait aucun problème.

Merci

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.11.0 2008.07.14 -
AntiVir 7.8.0.64 2008.07.14 -
Authentium 5.1.0.4 2008.07.14 -
Avast 4.8.1195.0 2008.07.14 -
AVG 7.5.0.516 2008.07.14 -
BitDefender 7.2 2008.07.14 -
CAT-QuickHeal 9.50 2008.07.14 -
ClamAV 0.93.1 2008.07.14 -
DrWeb 4.44.0.09170 2008.07.14 -
eSafe 7.0.17.0 2008.07.14 -
eTrust-Vet 31.6.5954 2008.07.14 -
Ewido 4.0 2008.07.14 -
F-Prot 4.4.4.56 2008.07.14 -
F-Secure 7.60.13501.0 2008.07.14 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.14 -
GData 2.0.7306.1023 2008.07.14 -
Ikarus T3.1.1.26.0 2008.07.14 -
Kaspersky 7.0.0.125 2008.07.14 -
McAfee 5338 2008.07.14 -
Microsoft 1.3704 2008.07.14 -
NOD32v2 3266 2008.07.14 -
Norman 5.80.02 2008.07.14 -
Panda 9.0.0.4 2008.07.14 -
Prevx1 V2 2008.07.14 Suspicious
Rising 20.53.02.00 2008.07.14 -
Sophos 4.31.0 2008.07.14 -
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.14 -
TheHacker 6.2.96.379 2008.07.14 -
TrendMicro 8.700.0.1004 2008.07.14 -
VBA32 3.12.6.9 2008.07.13 -
VirusBuster 4.5.11.0 2008.07.14 -
Webwasher-Gateway 6.6.2 2008.07.14 Win32.Malware.gen#PECompact (suspicious)
Information additionnelle
File size: 2355712 bytes
MD5...: 2bb15e6030d24f8a45d55ae1fe9d9887
SHA1..: 118bbec189a36f5dcd627c441fb7368883368b6f
SHA256: 33c3eb1cdf79038fbe8fbebd7924721c069374d0783465696fc67644f0d9fff3
SHA512: f4279f08cf39571c7d4262a88ff44507712315f284fc8659c094b119b1f1bf2d
aa298b7856d3ba366bbfb0185c265292160ba245abd8c62f3a0d67cf0584fe73
PEiD..: PECompact 2.xx --> BitSum Technologies
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x52bfd7
timedatestamp.....: 0x47d6a749 (Tue Mar 11 15:37:45 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x418000 0x238e00 8.00 1f5189eb6a469f9648ac91d615f5754e
.rsrc 0x419000 0x6000 0x6000 5.56 961f988d8d3f685b2c3edda99bc1c5ff

( 9 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree
> WINMM.dll: timeGetTime
> ADVAPI32.dll: RegDeleteValueA
> USER32.dll: GetMessageA
> WSOCK32.dll: -
> GDI32.dll: SetTextColor
> SHELL32.dll: ShellExecuteA
> ole32.dll: CoCreateInstance
> OLEAUT32.dll: -

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=59F0E3B700A888E8F2C623DD967EC5007BD4BE95
packers (F-Prot): PecBundle, PECompact
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact

Voici le rapport du scan effectué avec PandaActiveScan. Pour ton information, pendant ce scan, mon antivirus a intercepté un autre Trojan et l'a mis en quarantaine.

Merci pour ton aide.

ANALYSIS: 2008-07-14 16:07:20
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031882.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031880.exe[²ƒÇ]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Cookies\utilisateur@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Cookies\utilisateur@xiti[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[www.burstbeacon.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.weborama.fr/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.go.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.did-it.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\v9aeacub.default\cookies.txt[.atwola.com/]
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031880.exe
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031882.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031887.EXE
01211551 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP330\A0023541.dll
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8A27A8C6-8F0E-4F01-8ECF-FD3763CB8AA5}\RP379\A0031872.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Déjà fait. (Message #14)

Tout a l'air de bien foncionner.

Merci encore pour ton aide!!