probleme avec virtualmonde Résolu

Question

Bonjour,
 j'ai un probleme avec le virus virtual monde, depuis quelques jours, j'essaye de desinfecter, mais avast ne le detect pas, et spybot le detect mais arrive pas a l'enlever. De plus je crois que j'ai un second virus car dans le gestionnaire de tache y a deux truc que je n'avait jamais vu, verclist et imapi qui apparaissent et a ce moment la explorer plante, ou autrement il m'affiche une pub pour que je telecharge un antivirus car il dit que windows detect un virus mais ne peu pas l'enlever^^.

Sur le conseil d'un autre post dans ce forum, j'ai fait une analyse avec hijackthis et il donne sa: 


Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 12:28:34, on 05/09/2008 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\Explorer.EXE 
C:\WINDOWS\system32\spoolsv.exe 
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\system32\CTsvcCDA.EXE 
C:\WINDOWS\System32
vsvc32.exe 
C:\WINDOWS\system32\PnkBstrA.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe 
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe 
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe 
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\WINDOWS\system32undll32.exe 
C:\hjk\HijackThis.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: library.edu - {8EF40C36-293F-4749-8EA0-94FB3AD83FA1} - C:\WINDOWS\system32\lpov32u.dll 
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
O2 - BHO: (no name) - {DA16164D-96D5-4ACB-BCF7-BA486B8ABC1A} - C:\WINDOWS\system32\byXpmkjG.dll 
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit 
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r 
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe 
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" 
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm 
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm 
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O20 - Winlogon Notify: byXpmkjG - C:\WINDOWS\SYSTEM32\byXpmkjG.dll 
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe 
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE 
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe 
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 

j'ai aussi essayé d'utiliser vundo, mais il ne detect rien d'anormal dans mon pc.

Voila en gros, si quelqu'un à une idée comment résoudre ce probleme, merci d'avance.

jlpjlp · Answer

slt



virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
________________

Télécharge Combofix de sUBs : . aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_________________
recolle un nouveau hijackhtis en le renommant cette fois et dis tes soucis

el scorpio · Answer

salut, je croit que sa a reussi^^ merci beaucoup, j'ai fait en 1er, virtumundobegome, il a detecté virtualmonde, ensuite j'ai utilisé combofix, il a marché 30minutes, et a donné le rapport suivant: .
.
.
.
ComboFix 08-09-05.02 - bertrand lhuillier 2008-09-06 14:39:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.715 [GMT 2:00]
Endroit: C:\Documents and Settings\bertrand lhuillier\Bureau\Comboix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\elkg.exe
C:\WINDOWS\system32\jaksgtgm.dll
C:\WINDOWS\system32\lfenbipt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnolKaW.dll
C:\WINDOWS\system32\sippwc.dll
C:\WINDOWS\SYSTEM32\tpibnefl.ini
C:\WINDOWS\SYSTEM32\WaKlonpo.ini
C:\WINDOWS\SYSTEM32\WaKlonpo.ini2
J:\autorun.inf
J:\copy.exe
J:\host.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.

2008-09-06 10:29 . 2008-09-06 10:29 <REP> d-------- C:\VundoFix Backups
2008-09-05 12:28 . 2008-09-05 12:28 <REP> d-------- C:\hjk
2008-09-05 00:16 . 2008-09-06 10:25 402 --a------ C:\WINDOWS\wininit.ini
2008-09-04 23:50 . 2008-09-04 23:50 34,176 --a------ C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir
2008-09-04 23:49 . 2008-09-04 19:34 86,016 --a------ C:\WINDOWS\sxmaokgf.exe
2008-09-04 23:47 . 2008-09-04 23:47 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
2008-09-04 23:47 . 2008-09-04 23:47 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32i.dll
2008-09-04 23:46 . 2008-09-04 23:46 23,552 --a------ C:\WINDOWS\SYSTEM32\cfen32u.dll
2008-09-04 23:46 . 2008-09-04 23:46 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32x.dll
2008-09-04 23:45 . 2008-09-04 23:45 23,552 --a------ C:\WINDOWS\SYSTEM32\lpov32u.dll
2008-09-04 16:03 . 2008-09-05 13:21 <REP> d-------- C:\Program Files\Runtime Software
2008-09-04 15:50 . 2001-07-13 13:56 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SBKUPNT.SYS
2008-09-04 15:50 . 1997-02-08 17:11 13,312 --a------ C:\WINDOWS\SYSTEM32\DEVLOAD.EXE
2008-09-04 15:50 . 2008-09-04 15:50 287 --a------ C:\WINDOWS\SKNIFE.INI
2008-09-04 15:49 . 2001-12-28 03:49 2,799 --a------ C:\WINDOWS\SKLANG.INI
2008-09-03 23:07 . 2008-09-03 23:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-09-03 23:04 . 2008-09-03 23:04 392,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys
2008-09-03 23:04 . 2008-09-03 23:04 32,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys
2008-09-03 23:03 . 2008-09-03 23:03 114,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys
2008-09-02 14:23 . 2008-09-02 14:23 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\My Games
2008-09-02 14:21 . 2008-09-02 14:21 <REP> d---s---- C:\Program Files\Xfire
2008-09-02 14:21 . 2008-09-02 14:21 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\Xfire
2008-09-02 14:14 . 2008-09-02 14:14 <REP> d-------- C:\Program Files\Firaxis Games
2008-09-02 14:14 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-09-02 13:17 . 2008-09-02 13:17 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-01 19:50 . 2008-09-01 19:50 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\DAEMON Tools
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-28 00:27 . 2008-08-28 00:27 <REP> d-------- C:\Program Files\X-NetStat
2008-08-24 19:06 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\SYSTEM32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 11:22 --------- d-----w C:\Program Files\BOINC
2008-09-04 21:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 12:19 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\uTorrent
2008-09-01 17:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-29 13:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-28 13:58 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\Creative
2008-08-26 17:35 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\Temporary
2008-08-24 16:44 --------- d-----w C:\Program Files\Audible
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-03 15:31 17,544 ----a-w C:\Documents and Settings\bertrand lhuillier\Application Data\GDIPFONTCACHEV1.DAT
2007-12-28 11:32 349 -c--a-w C:\Program Files\INSTALL.LOG
2007-08-16 23:33 266 --sh--w C:\Program Files\desktop.ini
2007-08-16 23:33 11,208 -c-ha-w C:\Program Files\folder.htt
2003-12-18 10:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 06:46 10,960 -c--a-w C:\Program Files\EULA.txt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-05-14 3784704]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-05-14 81920]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"nwiz"="nwiz.exe" [2004-05-14 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sippwc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]
S3 kbeepm;kbeepm;C:\DOCUME~1\BERTRA~1\LOCALS~1\Temp\kbeepm.sys [ ]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb2747a-36d3-11dd-9e2c-00110931ec1e}]
\Shell\AutoRun\command - I:\ino6.com
\Shell\explore\Command - I:\ino6.com
\Shell\open\Command - I:\ino6.com
.
- - - - ORPHANS REMOVED - - - -

BHO-{92014D5F-DC20-4C67-8CE7-3FED5BEC41C7} - C:\WINDOWS\system32\opnolKaW.dll
BHO-{fee088d9-e07d-487a-9446-62d3bd0befe0} - C:\WINDOWS\system32\sippwc.dll
HKLM-Run-e0193f48 - C:\WINDOWS\system32\lfenbipt.dll
ShellExecuteHooks-{DA16164D-96D5-4ACB-BCF7-BA486B8ABC1A} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\bertrand lhuillier\Application Data\Mozilla\Firefox\Profiles\j3yhkn4a.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.live.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 14:41:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-06 14:43:40
ComboFix-quarantined-files.txt 2008-09-06 12:42:51

Pre-Run: 34,608,728,064 octets libres
Post-Run: 34,596,735,488 octets libres

156 --- E O F --- 2008-08-26 17:34:03

.
.
.

ensuite j'ai refait virtumundobegone, et il ne detect plus rien.

encore merci pour tout

jlpjlp · Answer

analyse ces fichiers sur virus total et si inféctés tu les vires:   https://www.virustotal.com/gui/

C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir
C:\WINDOWS\sxmaokgf.exe 

________________

nettoie les traces d'infection avec ccleaner:
https://www.malekal.com/tutoriel-ccleaner/

__________________

remets un nouvel hijackhtis

el scorpio · Answer

Bon voila, les deux fichier étaient bien des virus, zlog, et virtual monde^^

Bon voila le scan HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:39, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjk\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [e0193f48] rundll32.exe "C:\WINDOWS\system32\lfenbipt.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5984] command /c del "C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7184] cmd /c del "C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7501] command /c del "C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7143] cmd /c del "C:\WINDOWS\SYSTEM32\byXpmkjG.dll.vir"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sippwc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

jlpjlp · Answer

ok ce n'est pas finit . Vire ce qui est en quarantaine dans spybot puis vire spybot de ton ordinateur. Mets à jour internet explorer avec la version 7 . Puis recolles un rapport combofix suivi d'un rapport hijackthis

el scorpio · Answer

Bon j'ai viré spybot et sa quarantaine, j'ai installé IE7, et j'ai fait hijackthis, par contre mon icône de avast qui est sensé tourner en bas a droite n'est plus la, j'ai peur de ne plus avoir d'antivirus, est ce que c'est le cas?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:20, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjk\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sippwc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

jlpjlp · Answer

ok on remettra avast . Mais avant comme demandé remets moi un rapport combofix . À plus

el scorpio · Answer

Oups, désolé, j'avais pas remarqué, tient le voila^^:

ComboFix 08-09-05.03 - bertrand lhuillier 2008-09-07 22:23:03.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.707 [GMT 2:00]
Endroit: C:\Documents and Settings\bertrand lhuillier\Mes documents\Comboix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 15:50 . 2008-09-07 15:50 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-09-07 15:49 . 2006-06-02 21:32 33,792 -----c--- C:\WINDOWS\SYSTEM32\dllcache\custsat.dll
2008-09-06 15:57 . 2008-09-07 01:54 <REP> d-------- C:\Program Files\Recuva
2008-09-06 15:22 . 2008-09-06 15:22 <REP> d-------- C:\Program Files\CCleaner
2008-09-06 10:29 . 2008-09-06 10:29 <REP> d-------- C:\VundoFix Backups
2008-09-05 12:28 . 2008-09-07 15:56 <REP> d-------- C:\hjk
2008-09-05 00:16 . 2008-09-06 15:23 458 --a------ C:\WINDOWS\wininit.ini
2008-09-04 23:47 . 2008-09-04 23:47 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
2008-09-04 23:47 . 2008-09-04 23:47 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32i.dll
2008-09-04 23:46 . 2008-09-04 23:46 23,552 --a------ C:\WINDOWS\SYSTEM32\cfen32u.dll
2008-09-04 23:46 . 2008-09-04 23:46 23,552 --a------ C:\WINDOWS\SYSTEM32\cfax32x.dll
2008-09-04 23:45 . 2008-09-04 23:45 23,552 --a------ C:\WINDOWS\SYSTEM32\lpov32u.dll
2008-09-04 16:03 . 2008-09-05 13:21 <REP> d-------- C:\Program Files\Runtime Software
2008-09-04 15:50 . 2001-07-13 13:56 14,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SBKUPNT.SYS
2008-09-04 15:50 . 1997-02-08 17:11 13,312 --a------ C:\WINDOWS\SYSTEM32\DEVLOAD.EXE
2008-09-04 15:50 . 2008-09-04 15:50 287 --a------ C:\WINDOWS\SKNIFE.INI
2008-09-04 15:49 . 2001-12-28 03:49 2,799 --a------ C:\WINDOWS\SKLANG.INI
2008-09-03 23:07 . 2008-09-03 23:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-09-03 23:04 . 2008-09-03 23:04 392,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\timntr.sys
2008-09-03 23:04 . 2008-09-03 23:04 32,768 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys
2008-09-03 23:03 . 2008-09-03 23:03 114,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\snapman.sys
2008-09-02 14:23 . 2008-09-02 14:23 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\My Games
2008-09-02 14:21 . 2008-09-02 14:21 <REP> d---s---- C:\Program Files\Xfire
2008-09-02 14:21 . 2008-09-02 14:21 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\Xfire
2008-09-02 14:14 . 2008-09-02 14:14 <REP> d-------- C:\Program Files\Firaxis Games
2008-09-02 14:14 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-09-02 13:17 . 2008-09-02 13:17 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-01 19:50 . 2008-09-01 19:50 <REP> d-------- C:\Documents and Settings\bertrand lhuillier\Application Data\DAEMON Tools
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-28 00:27 . 2008-08-28 00:27 <REP> d-------- C:\Program Files\X-NetStat
2008-08-24 19:06 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\SYSTEM32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 13:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-07 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 11:22 --------- d-----w C:\Program Files\BOINC
2008-09-04 21:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 12:19 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\uTorrent
2008-09-01 17:50 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-28 13:58 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\Creative
2008-08-26 17:35 --------- d-----w C:\Documents and Settings\bertrand lhuillier\Application Data\Temporary
2008-08-24 16:44 --------- d-----w C:\Program Files\Audible
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-03 15:31 17,544 ----a-w C:\Documents and Settings\bertrand lhuillier\Application Data\GDIPFONTCACHEV1.DAT
2007-12-28 11:32 349 -c--a-w C:\Program Files\INSTALL.LOG
2007-08-16 23:33 266 --sh--w C:\Program Files\desktop.ini
2007-08-16 23:33 11,208 -c-ha-w C:\Program Files\folder.htt
2003-12-18 10:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 06:46 10,960 -c--a-w C:\Program Files\EULA.txt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\SYSTEM32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\SYSTEM32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-06_14.42.22.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-19 23:09:47 49,152 ----a-w C:\WINDOWS\SYSTEM32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\SYSTEM32\wdigest.dll
+ 2008-09-07 20:19:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_198.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-05-14 81920]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-05-14 3784704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sippwc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-05-14 07:41 3784704 C:\WINDOWS\SYSTEM32\nvcpl.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]
S3 kbeepm;kbeepm;C:\DOCUME~1\BERTRA~1\LOCALS~1\Temp\kbeepm.sys [ ]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb2747a-36d3-11dd-9e2c-00110931ec1e}]
\Shell\AutoRun\command - I:\ino6.com
\Shell\explore\Command - I:\ino6.com
\Shell\open\Command - I:\ino6.com
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\bertrand lhuillier\Application Data\Mozilla\Firefox\Profiles\j3yhkn4a.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.live.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 22:25:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-07 22:28:19
ComboFix-quarantined-files.txt 2008-09-07 20:28:11
ComboFix2.txt 2008-09-06 12:43:42

Pre-Run: 34,619,639,296 octets libres
Post-Run: 34,622,156,800 octets libres

146 --- E O F --- 2008-08-26 17:34:03

jlpjlp · Answer

encore des problèmes???



pour remettre la boule avast:  exécutez manuellement le fichier ashDisp.exe qui se trouve dans ce dossier : (poste de travail puis C:\Program Files\ALWIL Software\Avast4\). Cela devrait ramener l'icône.

el scorpio · Answer

Non rien de détecté pour l'instant, encore merci bcp pour ton aide, elle m'a été très précieuse.

Bonne fin de semaine, et encore merci^^

jlpjlp · Answer

ok parfait tu peux remettre spybot . Bonne suite

Probleme avec virtualmonde

11 réponses

Votre réponse

Newsletters