Win32:virtumonde-JA (adw)

slt,



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

__________________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe­
______________________



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : http://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_______________________



colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/d­emohijack.htm
http://leblogdeclaude.blogspot.com/2006/10/informatique-sect­ion-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Voici le rapport HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:33, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Club-Internet\TOM\TOM.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\cleanmg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\DOCUME~1\LAUREG~1\LOCALS~1\Temp\Rar$EX02.750\HijackThis.e­xe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TOM] C:\Program Files\Club-Internet\TOM\TOM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\iqtrmnft.dll",b
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\eqfnlvxa.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\eqfnlvxa.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.­cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/s­wflash.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LAUREG~1/LOCALS~1/Temp/msohtml1/01/clip_­image001.jpg
End of file - 11053 bytes

il faut me faire le reste avant de me coller un hijackthis et le faire en suivant le manuel

a plus

rapport virtuamundo begone

[04/26/2008, 21:48:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\laure grosshamann\Bureau\VirtumundoBeGone.exe" )
[04/26/2008, 21:48:15] - Detected System Information:
[04/26/2008, 21:48:15] - Windows Version: 5.1.2600, Service Pack 2
[04/26/2008, 21:48:15] - Current Username: laure grosshamann (Admin)
[04/26/2008, 21:48:15] - Windows is in NORMAL mode.
[04/26/2008, 21:48:15] - Searching for Browser Helper Objects:
[04/26/2008, 21:48:15] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/26/2008, 21:48:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/26/2008, 21:48:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/26/2008, 21:48:15] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 21:48:16] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/26/2008, 21:48:16] - BHO 4: {A6C54318-5AC7-477D-B0A7-49AF5189300C} ()
[04/26/2008, 21:48:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:16] - Checking for HKLM\...\Winlogon\Notify\pmnkHAtT
[04/26/2008, 21:48:16] - Found: HKLM\...\Winlogon\Notify\pmnkHAtT - This is probably Virtumundo.
[04/26/2008, 21:48:16] - Assigning {A6C54318-5AC7-477D-B0A7-49AF5189300C} MSEvents Object
[04/26/2008, 21:48:16] - BHO list has been changed! Starting over...
[04/26/2008, 21:48:16] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/26/2008, 21:48:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:16] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/26/2008, 21:48:16] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/26/2008, 21:48:16] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 21:48:16] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/26/2008, 21:48:16] - BHO 4: {A6C54318-5AC7-477D-B0A7-49AF5189300C} (MSEvents Object)
[04/26/2008, 21:48:16] - ALERT: Found MSEvents Object!
[04/26/2008, 21:48:16] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/26/2008, 21:48:16] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/26/2008, 21:48:16] - BHO 7: {dbf07479-19c3-46d7-a912-753f66eecccd} ()
[04/26/2008, 21:48:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:16] - Checking for HKLM\...\Winlogon\Notify\jygodcrt
[04/26/2008, 21:48:16] - Key not found: HKLM\...\Winlogon\Notify\jygodcrt, continuing.
[04/26/2008, 21:48:16] - BHO 8: {EF12E5A5-5338-4ED4-87C6-88DF596CE0A2} ()
[04/26/2008, 21:48:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:16] - Checking for HKLM\...\Winlogon\Notify\ddcawXrP
[04/26/2008, 21:48:16] - Key not found: HKLM\...\Winlogon\Notify\ddcawXrP, continuing.
[04/26/2008, 21:48:16] - BHO 9: {EF5369E8-FD25-45CF-ACA1-13D5753E47F1} ()
[04/26/2008, 21:48:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:16] - No filename found. Continuing.
[04/26/2008, 21:48:16] - Finished Searching Browser Helper Objects
[04/26/2008, 21:48:16] - *** Detected MSEvents Object
[04/26/2008, 21:48:16] - Trying to remove MSEvents Object...
[04/26/2008, 21:48:17] - Terminating Process: IEXPLORE.EXE
[04/26/2008, 21:48:18] - Terminating Process: RUNDLL32.EXE
[04/26/2008, 21:48:18] - Disabling Automatic Shell Restart
[04/26/2008, 21:48:18] - Terminating Process: EXPLORER.EXE
[04/26/2008, 21:48:19] - Suspending the NT Session Manager System Service
[04/26/2008, 21:48:19] - Terminating Windows NT Logon/Logoff Manager
[04/26/2008, 21:48:20] - Re-enabling Automatic Shell Restart
[04/26/2008, 21:48:20] - File to disable: C:\WINDOWS\system32\pmnkHAtT.dll
[04/26/2008, 21:48:20] - Renaming C:\WINDOWS\system32\pmnkHAtT.dll -> C:\WINDOWS\system32\pmnkHAtT.dll.vir
[04/26/2008, 21:48:20] - File successfully renamed!
[04/26/2008, 21:48:20] - Removing HKLM\...\Browser Helper Objects\{A6C54318-5AC7-477D-B0A7-49AF5189300C}
[04/26/2008, 21:48:21] - Removing HKCR\CLSID\{A6C54318-5AC7-477D-B0A7-49AF5189300C}
[04/26/2008, 21:48:21] - Adding Kill Bit for ActiveX for GUID: {A6C54318-5AC7-477D-B0A7-49AF5189300C}
[04/26/2008, 21:48:21] - Deleting ATLEvents/MSEvents Registry entries
[04/26/2008, 21:48:21] - Removing HKLM\...\Winlogon\Notify\pmnkHAtT
[04/26/2008, 21:48:21] - Searching for Browser Helper Objects:
[04/26/2008, 21:48:21] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/26/2008, 21:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:21] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/26/2008, 21:48:21] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/26/2008, 21:48:21] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/26/2008, 21:48:21] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/26/2008, 21:48:21] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/26/2008, 21:48:21] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[04/26/2008, 21:48:21] - BHO 6: {dbf07479-19c3-46d7-a912-753f66eecccd} ()
[04/26/2008, 21:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:21] - Checking for HKLM\...\Winlogon\Notify\jygodcrt
[04/26/2008, 21:48:21] - Key not found: HKLM\...\Winlogon\Notify\jygodcrt, continuing.
[04/26/2008, 21:48:21] - BHO 7: {EF12E5A5-5338-4ED4-87C6-88DF596CE0A2} ()
[04/26/2008, 21:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:21] - Checking for HKLM\...\Winlogon\Notify\ddcawXrP
[04/26/2008, 21:48:21] - Key not found: HKLM\...\Winlogon\Notify\ddcawXrP, continuing.
[04/26/2008, 21:48:21] - BHO 8: {EF5369E8-FD25-45CF-ACA1-13D5753E47F1} ()
[04/26/2008, 21:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/26/2008, 21:48:21] - No filename found. Continuing.
[04/26/2008, 21:48:21] - Finished Searching Browser Helper Objects
[04/26/2008, 21:48:21] - Finishing up...
[04/26/2008, 21:48:21] - A restart is needed.
[04/26/2008, 21:48:31] - Attempting to Restart via STOP error (Blue Screen!)

voici le rapport combofix

ComboFix 08-04-24.1 - laure grosshamann 2008-04-26 21:59:44.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.105 [GMT 2:00]
Endroit: C:\Documents and Settings\laure grosshamann\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bHQWacfe.ini
C:\WINDOWS\system32\bHQWacfe.ini2
C:\WINDOWS\system32\byXPJCTN.dll
C:\WINDOWS\system32\cbXrPhhG.dll
C:\WINDOWS\system32\ddcawXrP.dll
C:\WINDOWS\system32\efccBsQH.dll
C:\WINDOWS\system32\efcCSKcy.dll
C:\WINDOWS\system32\eqfnlvxa.dll
C:\WINDOWS\system32\fcccabCU.dll
C:\WINDOWS\system32\fuwyjckh.dll
C:\WINDOWS\system32\geBsqRlk.dll
C:\WINDOWS\system32\gsgxxubo.dll
C:\WINDOWS\system32\hgGawVOg.dll
C:\WINDOWS\system32\iifdaxya.dll
C:\WINDOWS\system32\jkkIBRhe.dll
C:\WINDOWS\system32\jygodcrt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBQJcy.dll
C:\WINDOWS\system32\obuxxgsg.ini
C:\WINDOWS\system32\opnnkkhh.dll
C:\WINDOWS\system32\PrXwacdd.ini
C:\WINDOWS\system32\PrXwacdd.ini2
C:\WINDOWS\system32\qoMgEVPj.dll
C:\WINDOWS\system32\rqRIxwVL.dll
C:\WINDOWS\system32\rqRLbywx.dll
C:\WINDOWS\system32\tuvSjHWQ.dll
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\vtUOgfgE.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
.

2008-04-26 21:14 . 2008-04-26 21:14 <REP> d-------- C:\VundoFix Backups
2008-04-26 14:31 . 2008-04-26 14:31 57,856 --a------ C:\WINDOWS\system32\ikh.exe
2008-04-26 14:31 . 2008-04-26 14:31 57,856 ---h----- C:\Documents and Settings\laure grosshamann\pewi.exe
2008-04-25 20:06 . 2008-04-25 20:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-25 15:53 . 2008-04-26 15:14 1,510,630 ---hs---- C:\WINDOWS\system32\tfnmrtqi.ini
2008-04-25 10:41 . 2008-04-25 15:39 1,509,348 ---hs---- C:\WINDOWS\system32\xdkoubfy.ini
2008-04-25 10:39 . 2008-04-26 21:55 109,792 --a------ C:\WINDOWS\BM313e2b3d.xml
2008-04-23 22:21 . 2008-04-23 10:39 126,976 -r-hs---- C:\WINDOWS\system32\cleanmg.exe
2008-04-23 22:21 . 2008-04-23 22:21 37,888 --a------ C:\WINDOWS\system32\pmnkHAtT.dll.vir
2008-04-15 13:30 . 2008-04-15 13:30 <REP> d-------- C:\Program Files\CCleaner
2008-04-10 20:06 . 2008-04-10 20:06 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-10 19:23 . 2008-04-10 19:23 <REP> d-------- C:\Program Files\MSN Messenger
2008-04-06 15:55 . 2008-04-06 15:56 245,760 --a------ C:\WINDOWS\system32\uninst_saver.exe­
2008-04-02 22:42 . 2008-04-02 22:43 <REP> d-------- C:\Program Files\VideoLAN
2008-03-27 13:06 . 2008-03-27 13:08 195,541 --a------ C:\WINDOWS\hpqins16.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.­sys
2008-03-04 12:20 --------- d-----w C:\Program Files\PhotoFiltre
2008-03-01 17:16 --------- d-----w C:\Program Files\LE COMPAGNON CLUB
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.­dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.­exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.e­xe
2008-02-28 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-23 18:07 87,608 ----a-w C:\Documents and Settings\laure grosshamann\Application Data\inst.exe
2008-02-23 18:07 47,360 ----a-w C:\Documents and Settings\laure grosshamann\Application Data\pcouffin.sys
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.e­xe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll­
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.d­ll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dl­l
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dl­l
2006-11-12 12:50 81,920 ----a-w C:\Documents and Settings\laure grosshamann\Application Data\ezpinst.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe&­quot; [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­" [2007-04-02 12:43 68856]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 11:48 906480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"LaunchApp"="Alaunch" []
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.­exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\­ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TIN­TLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGN­T\TINTSETP.exe" [2004-08-05 05:00 455168]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40 110592]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-01 14:25 421888]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-04 16:36 69632]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-27 18:56 98304]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 11:10 450560]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Clean Mgr"="cleanmg.exe" [2008-04-23 10:39 126976 C:\WINDOWS\system32\cleanmg.exe]
"ikh"="C:\WINDOWS\system32\ikh.exe" [2008-04-26 14:31 57856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersi­on\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE&­quot; [2004-08-05 05:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MIC­ROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion­\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversio­n\explorer\shellexecutehooks]
"{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}"= C:\WINDOWS\system32\byXRijgh.dll [2008-04-26 22:08 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRijgh]
byXRijgh.dll 2008-04-26 22:08 40448 C:\WINDOWS\system32\byXRijgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqRlk]
geBsqRlk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stan­dardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqCopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\BIN\\hpqnrs08.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\laure grosshamann\\pewi.exe"=
"C:\\WINDOWS\\System32\\ikh.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\prcmondrv104­1.sys [2006-10-17 14:34]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys [2004-03-18 13:43]
R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys [2004-03-18 13:44]
R3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2004-09-06 03:00]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2005-10-21 03:47]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 20:09:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-26 20:00:02 C:\WINDOWS\Tasks\AD808C8A91AB0AF6.job"
- c:\docume~1\laureg~1\applic~1\elsepl~1\Thunkdeafgreat.exe
.
************************************************************­**************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 22:07:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

************************************************************­**************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRijgh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\ACER\ACER ECONSOLE\MEDIASERVERSERVICE.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************************­**************
.
Temps d'accomplissement: 2008-04-26 22:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 20:11:02

Pre-Run: 7,677,575,168 octets libres
Post-Run: 7,594,704,896 octets libres

224 --- E O F --- 2008-04-25 08:47:12

voila le rapport vundofix


j'espere que ca ne posera pas de problemes que j'ai fait les differents scan dans le desordre

j'attend ton aide

merci d'avance

@+ Laure

VundoFix V7.0.3

Scan started at 21:14:01 26/04/2008

Listing files found while scanning....

C:\WINDOWS\system32\bgikipyk.dll
C:\WINDOWS\system32\bxddtyqx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bgikipyk.dll
C:\WINDOWS\system32\bgikipyk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bxddtyqx.dll
C:\WINDOWS\system32\bxddtyqx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.3

Scan started at 21:36:25 26/04/2008

Listing files found while scanning....

No infected files were found.

analyse ces fichier sur virus total et si infécté tu les mets dans la citation otmovit pour les virer:
http://www.virustotal.com/fr/


C:\WINDOWS\system32\tfnmrtqi.ini
C:\WINDOWS\system32\xdkoubfy.ini
C:\WINDOWS\BM313e2b3d.xml
C:\WINDOWS\system32\pmnkHAtT.dll.vir


_________________



télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.






_____________________
colle un rapport hijackhtis et dis moi tes problèmes actuels

Voici le rapport situé dans C:\_OTMoveIt\MovedFiles:

C:\WINDOWS\system32\pmnkHAtT.dll.vir moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04282008_180217



rapport hijackhtis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:59, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\cleanmg.exe
C:\WINDOWS\system32\ikh.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\laure grosshamann\Bureau\eden.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5} - C:\WINDOWS\system32\ddcAssqr.dll
O2 - BHO: {9519876e-e212-3728-5c94-7517c0596261} - {1626950c-7157-49c5-8273-212ee6789159} - C:\WINDOWS\system32\fknfwupq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6F485261-7787-4608-B9F0-B2FB1A4B5CEF} - C:\WINDOWS\system32\efcYRJBs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Clean Mgr] cleanmg.exe
O4 - HKLM\..\Run: [ikh] C:\WINDOWS\system32\ikh.exe \u
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\enefduqu.dll",s
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hmcsdsuf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.­cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/s­wflash.cab
O20 - Winlogon Notify: byXRijgh - byXRijgh.dll (file missing)
O20 - Winlogon Notify: ddcAssqr - C:\WINDOWS\SYSTEM32\ddcAssqr.dll
O20 - Winlogon Notify: geBsqRlk - geBsqRlk.dll (file missing)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LAUREG~1/LOCALS~1/Temp/msohtml1/01/clip_­image001.jpg
End of file - 10699 bytes






Le problème c'est que je continue d'avoir des fenetres publicitaires quand je navique sur internet. Par contre le pc n'est plus ralentie et avast ne me donne plus de message d'infection. Mais je comprend pas quand je lance un scan complet avec spyware doctor il me trouve encore virtumonde et tt pleins d'autres infections!!!

Qu'est ce que je dois faire stp?????

Merci et dsl pour le message d'avant j'avais mal lu :)

relance hijakchits, fais : DO A SYSTEM SCAN ONLY et selectionne ces lignes puis fais FIX CHEKED


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5} - C:\WINDOWS\system32\ddcAssqr.dll
O2 - BHO: {9519876e-e212-3728-5c94-7517c0596261} - {1626950c-7157-49c5-8273-212ee6789159} - C:\WINDOWS\system32\fknfwupq.dll
O2 - BHO: (no name) - {6F485261-7787-4608-B9F0-B2FB1A4B5CEF} - C:\WINDOWS\system32\efcYRJBs.dll

O4 - HKLM\..\Run: [ikh] C:\WINDOWS\system32\ikh.exe \u

O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\enefduqu.dll",s
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hmcsdsuf.dll",b
O20 - Winlogon Notify: byXRijgh - byXRijgh.dll (file missing)
O20 - Winlogon Notify: ddcAssqr - C:\WINDOWS\SYSTEM32\ddcAssqr.dll
O20 - Winlogon Notify: geBsqRlk - geBsqRlk.dll (file missing)


_________________________

analyse ces fichiers sur virus total et si infécté tu le rajoute dans la partie File::

C:\WINDOWS\system32\ikh.exe
C:\Documents and Settings\laure grosshamann\pewi.exe
________________________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs ! sans le renommer cette fois




Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :








File::
C:\WINDOWS\SYSTEM32\ddcAssqr.dll
C:\WINDOWS\system32\enefduqu.dll
C:\WINDOWS\system32\hmcsdsuf.dll
C:\WINDOWS\system32\efcYRJBs.dll
C:\WINDOWS\system32\ddcAssqr.dll
C:\WINDOWS\system32\fknfwupq.dll

Registry::






Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________
vire ce qui est dans moved files en allant dans POSTE DE TRAVAIL Puis C puis OTMOVIT
_____________
vire ce qui est dans Quarantine en allant dans poste de travail puis C puis QOOBOX

____________

dis tes soucis actuels