Virtumonde/Vundo

S'il vous plait. C'est Urgent.

Salut,

Je n'ai pas pu résister à un tel message xD

---> Désactive l'UAC le temps de la désinfection :
http://www.zebulon.fr/astuces/220-desactiver-l-uac-dans-vista.html

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Désolée d'avoir été aussi longue mais l'ordinateur n'avait pas l'ai très pressé ^^. Voici donc le rapport de ComboFix



ComboFix 08-07-05.1 - Home 2008-07-08 3:01:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1262 [GMT 2:00]
Endroit: C:\Users\Home\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Home\AppData\Roaming\.#
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.

2008-07-08 03:07 . 2008-07-08 03:07 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-08 03:07 . 2008-07-08 03:07 1,409 --a------ C:\Windows\QTFont.for
2008-07-08 02:56 . 2008-07-08 02:56 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-07-08 02:04 . 1999-09-10 13:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll
2008-07-08 02:04 . 1999-09-10 13:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sy­s
2008-07-08 02:04 . 1999-09-10 13:06 5,600 --a------ C:\Windows\system\winaspi.dll
2008-07-08 02:04 . 1999-09-10 13:06 4,672 --a------ C:\Windows\system\wowpost.exe
2008-07-08 02:03 . 2008-07-08 02:03 203,776 --a------ C:\Windows\System32\clrviddc.dll
2008-07-08 01:12 . 2008-07-08 03:06 335,904 --ahs---- C:\Windows\System32\drivers\fidbox2.­dat
2008-07-08 01:12 . 2008-07-08 03:06 2,228 --ahs---- C:\Windows\System32\drivers\fidbox2.id­x
2008-07-07 23:38 . 2008-07-08 01:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-07 23:38 . 2008-07-08 01:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-07 23:38 . 2008-07-07 23:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-07 22:46 . 2008-07-08 01:31 <REP> d-------- C:\Program Files\CCleaner
2008-07-07 17:25 . 2008-07-07 17:25 <REP> d-------- C:\Program Files\CyberQix
2008-07-06 18:31 . 2008-07-06 18:31 60,555 --a------ C:\Temp\dghue2.exe
2008-07-06 18:30 . 2008-07-06 18:37 <REP> d-------- C:\Windows\System32\olixds18
2008-07-06 18:30 . 2008-07-06 18:31 <REP> d-------- C:\Temp\stmpv4
2008-07-06 18:30 . 2008-07-06 18:31 <REP> d-------- C:\Temp
2008-07-06 15:59 . 2008-07-06 15:59 <REP> d-------- C:\Users\All Users\FLEXnet
2008-07-06 15:59 . 2008-07-06 15:59 <REP> d-------- C:\ProgramData\FLEXnet
2008-06-27 18:38 . 2008-06-27 18:38 53,248 ---hs---- C:\Users\Home\winlogon.exe
2008-06-18 11:57 . 2008-06-19 19:45 <REP> d-------- C:\Users\All Users\Kiwee Toolbar2
2008-06-18 11:57 . 2008-06-19 19:45 <REP> d-------- C:\ProgramData\Kiwee Toolbar2
2008-06-18 10:15 . 2008-06-18 10:17 <REP> d-------- C:\Program Files\DofusArena2
2008-06-14 14:38 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 14:38 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 14:38 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 14:38 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 15:47 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 15:47 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 15:47 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 15:47 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 01:07 --------- d-----w C:\Users\Home\AppData\Roaming\Skype
2008-07-08 01:03 373,628 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-08 01:03 27,817,248 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-08 00:56 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-08 00:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-07 23:15 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-07 23:15 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-07 23:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-07 23:02 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-07-07 22:01 --------- d-----w C:\Users\Home\AppData\Roaming\skypePM
2008-07-07 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 14:59 --------- d-----w C:\ProgramData\Google Updater
2008-07-06 23:41 --------- d-----w C:\Program Files\ICQ6
2008-07-06 23:30 --------- d-----w C:\Users\Home\AppData\Roaming\LimeWire
2008-07-04 07:59 27,240 ----a-w C:\Users\Home\AppData\Roaming\nvModes.dat
2008-06-17 15:49 --------- d-----w C:\Program Files\Dofus
2008-06-12 06:49 --------- d-----w C:\Program Files\Windows Mail
2008-06-01 07:30 --------- d-----w C:\Users\Home\AppData\Roaming\DivX
2008-05-30 16:52 --------- d-----w C:\Program Files\DivX
2008-05-30 16:52 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-23 20:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-23 18:08 --------- d-----w C:\ProgramData\Skype
2008-05-23 18:08 --------- d-----w C:\Program Files\Skype
2008-05-23 18:08 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-14 20:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-12 08:18 --------- d-----w C:\Program Files\Google
2008-04-25 16:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-03-22 09:24 174 --sha-w C:\Program Files\desktop.ini
2007-12-10 16:40 6,275,816 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 10:16 68856]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 12:58 206184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"GenePccMon.exe"="C:\Program Files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 17:21 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 08:44 1025320]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 08:23 102400]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-30 16:39 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 02:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 02:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-09 02:57 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 13:27 4702208 C:\Windows\RtHDVCpl.exe]

C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 10:16:35 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{808BABA4-643B-4E53-A007-81F4B22F9008}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C270669A-11F5-4491-BB58-89479F7E0C8A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{097D4AE1-D11C-43DC-9661-6BA922008931}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3F833376-9A0C-4E12-8951-A84FD19E99CF}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{09762964-C3C4-467B-BF1F-21A4AD439009}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{0036710B-CAE6-45EB-8E0A-B1E2AB9BFFAB}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{702A5740-66B4-4AF2-97AF-9E8BDE830904}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B09A4EBD-2403-4DCB-B2BA-42B4D153720F}C:\\program files\\ankama games\\dofusarenabeta2\\dofusarena.exe"= UDP:C:\program files\ankama games\dofusarenabeta2\dofusarena.exe:Dofus Arena Client
"UDP Query User{FE8E4F3A-4E60-4B50-BEBE-801AD70FC194}C:\\program files\\ankama games\\dofusarenabeta2\\dofusarena.exe"= TCP:C:\program files\ankama games\dofusarenabeta2\dofusarena.exe:Dofus Arena Client
"TCP Query User{17978A59-40FD-4F29-B8F0-08FBB2471B12}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{5B487E55-5C13-4EE2-8945-3DEEE73026AC}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"{321D55DF-58DE-4A36-8076-766B4D5FD781}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{26CFFC02-3CF7-4177-927F-BF1EB8DA3D07}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1B290ABF-3C02-4A43-89A4-4E7C093B236D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1BA82F0C-6E07-42ED-B9DC-9485E38B0BF8}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{0CDC1FA9-BDCC-400B-B145-4AD61B0DEAE6}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{188962FB-6867-4152-AE1B-7F3643DF5E7E}C:\\users\\home\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:C:\users\home\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{FA7C9A8A-A961-47A8-9AAA-E841777BDA24}C:\\users\\home\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:C:\users\home\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{5A7CFE10-A4D0-4E2D-AE44-24B30837805B}C:\\users\\home\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:C:\users\home\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{BA639164-C5E0-4F91-98A7-5702E505CDBF}C:\\users\\home\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:C:\users\home\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"{290B4444-1F39-436F-A667-BA1242710561}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6714F915-0A7F-47BA-8433-EF45E5310D5A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{789F2EA4-2B32-43DA-8382-60F6618D2BEB}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{75034FD5-399B-4D3E-B02E-C063733D1E70}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{82AA0925-0495-4BCC-A0A5-B4F527A80A18}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5B67949D-B29D-43EF-B559-0DBEE2A55A1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0E12D7FD-8A0E-4535-A40D-2F80FB919A7A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B0C0E3CA-0009-427E-A037-692C45A055FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E1A0509D-CC72-47D4-9FCF-EA5B931BA913}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{38C17653-780D-4C02-88DB-00C3E47F6BD6}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{846EBC8C-4866-4224-A89E-23EA5F5CBC0A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"UDP Query User{1D04E502-3EA1-4102-B5FC-68450CE5849D}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 13:44]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 21:47]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 10:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 10:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 10:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 10:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 10:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 10:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 10:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33d7de43-b52f-11dc-a655-0040d0c23ac9}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33d7f30b-b52f-11dc-a655-0040d0c23ac9}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-07 14:14:36 C:\Windows\Tasks\User_Feed_Synchronization-{FA2BE73E-4C92-4309-B4B0-48BF3AB5819C}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{827A121A-973D-40E0-B9E0-9FF1FC5709C5} - C:\Users\Home\AppData\Local\Temp\qoMdBtuU.dll
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-L08FXLRD_997033 - C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
ShellExecuteHooks-{85891CF5-118E-44AF-8682-A7B08D33A9E7} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 03:06:35
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.

Salut destrio5 et picta !!

t y vas direct avec du lourd en lui demandant de faire combofix pour 2 infections lol

malwarebytes et virtumundobegone n aurait pas été suffisant ?? ;)

Salut Geoffrey5,

pourrais tu me dire ce qu'il en est concernant les infections dont j'ai été victime ?

Je pensais qu'il allait trouver plus de choses.

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_­4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
http://www.malekal.com/modesansechec.php

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php­

oui picta...pour ca il faudra que tu refasses un nouveau rapport hijackthis apres avoir fais l analyse malwarebytes comme destrio5 t as demandé ;)

Bonne fin de soirée à vous deux...@+

Désolée, je me suis endormie sur mon canapé... pa sfacile de rester éveillé à 4H du matin ^^.

Voici le rapport :


Malwarebytes' Anti-Malware 1.20
Version de la base de données: 931
Windows 6.0.6001 Service Pack 1

11:50:00 2008-07-08
mbam-log-7-8-2008 (11-50-00).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 143320
Temps écoulé: 29 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Home\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Et voici le rapport HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56, on 2008-07-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Home\Desktop\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {827A121A-973D-40E0-B9E0-9FF1FC5709C5} - C:\Users\Home\AppData\Local\Temp\qoMdBtuU.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [L08FXLRD_997033] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7C4AE5-5DC6-4665-A46C-A2D7E78A962B}: NameServer = 192.168.0.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio.exe (file missing)
End of file - 10291 bytes

Alors, personne pour me répondre ?

As-tu encore des problèmes ?

supprime la ligne

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Home\AppData\Local\Temp\qoMdBtuU.dll,c

Genre


Nasty (2.74 / 5.00)

a supprimer aussi

Non, plus de problèmes. Mais je n'ai pas supprimée ces lignes.

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
http://www.ccleaner.com/download/downloading

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

C'est fait

Poste un nouveau rapport HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23, on 2008-07-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Home\Desktop\Icones inutiles\Scanner.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BH