Virus fxstaller.exe

Salut D11D,

je te transmets le rapport de combofix,

A+

Philippe




ComboFix 08-12-16.03 - philippe TIJERAS 2008-12-17 17:32:34.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1535.943 [GMT 1:00]
Lancé depuis: c:\documents and settings\philippe TIJERAS\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\philippe TIJERAS\Menu Démarrer\Antivirus 360
c:\documents and settings\philippe TIJERAS\Menu Démarrer\Antivirus 360\Help.lnk
c:\windows\pack.epk
c:\windows\system\oeminfo.ini
c:\windows\system32\ahasovye.dll
c:\windows\system32\ahnwmu.dll
c:\windows\system32\cipluxil.ini
c:\windows\system32\dbmoieht.dll
c:\windows\system32\dmmmiwjw.dll
c:\windows\system32\dnlqby.dll
c:\windows\system32\eyvosaha.ini
c:\windows\system32\geBroLDU.dll
c:\windows\system32\geBtUlkH.dll
c:\windows\system32\gheeepat.ini
c:\windows\system32\gofxavau.dll
c:\windows\system32\iwtiry.dll
c:\windows\system32\jkkHYoNe.dll
c:\windows\system32\jkmxhxqf.ini
c:\windows\system32\jmglio.dll
c:\windows\system32\jxwcoxnf.ini
c:\windows\system32\kmqskgvw.dll
c:\windows\system32\lcpbcqcv.dll
c:\windows\system32\lixulpic.dll
c:\windows\system32\ljlyobwq.dll
c:\windows\system32\LkRqYJlm.ini
c:\windows\system32\LkRqYJlm.ini2
c:\windows\system32\lpvrcklj.ini
c:\windows\system32\luiwhdwo.dll
c:\windows\system32\lxrmed.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJYqRkL.dll
c:\windows\system32\mwsrdeqw.dll
c:\windows\system32\omjgwyxw.dll
c:\windows\system32\pluhjqai.dll
c:\windows\system32\sirenacm(2).dll
c:\windows\system32\theiombd.ini
c:\windows\system32\uavaxfog.ini
c:\windows\system32\UDLorBeg.ini
c:\windows\system32\UDLorBeg.ini2
c:\windows\system32\uxyxxm.dll
c:\windows\system32\wqedrswm.ini
c:\windows\system32\xbfcnx.dll
c:\windows\system32\xsxmocai.dll
c:\windows\Tasks\ypxybcnk.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.

2008-12-17 17:38 . 2008-12-17 17:38 <REP> d-------- c:\windows\LastGood
2008-12-17 14:42 . 2008-12-17 14:42 <REP> d-------- c:\program files\Trend Micro
2008-12-16 18:58 . 2008-12-16 20:42 <REP> d-------- c:\program files\Navilog1
2008-12-15 20:32 . 2008-12-15 20:32 244 --ah----- C:\sqmnoopt01.sqm
2008-12-15 20:32 . 2008-12-15 20:32 244 --ah----- C:\sqmnoopt00.sqm
2008-12-15 20:32 . 2008-12-15 20:32 232 --ah----- C:\sqmdata01.sqm
2008-12-15 20:32 . 2008-12-15 20:32 232 --ah----- C:\sqmdata00.sqm
2008-12-15 18:50 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00002_.tmp
2008-12-15 13:26 . 2008-12-15 13:26 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-12-15 13:22 . 2008-12-15 13:22 <REP> d-------- c:\windows\ERUNT
2008-12-15 12:59 . 2008-12-15 18:35 <REP> d-------- C:\SDFix
2008-12-15 11:40 . 2008-12-15 11:43 <REP> d-------- C:\ToolBar SD
2008-12-15 11:03 . 2006-12-28 12:01 19,569 --a------ c:\windows\[u]0/u00001_.tmp
2008-12-13 21:07 . 2008-12-16 15:06 <REP> d-------- c:\program files\AxBx
2008-12-13 20:50 . 2008-12-13 20:50 84 --a------ c:\windows\system32\ikhcore.cfg
2008-12-13 20:28 . 2008-12-13 20:28 <REP> d-------- c:\windows\system32\runtime
2008-12-13 13:56 . 2008-12-13 13:56 <REP> d-------- c:\windows\report
2008-12-13 13:56 . 2008-12-13 13:55 21,415,977 --a------ c:\windows\LPT$VPN.707
2008-12-13 13:55 . 2008-12-13 13:55 <REP> d-------- c:\windows\AU_Backup
2008-12-13 13:55 . 2008-12-13 13:55 21,415,977 --a------ c:\windows\VPTNFILE.707
2008-12-13 13:55 . 2008-12-13 13:55 1,973,120 --a------ c:\windows\tsc.ptn
2008-12-13 13:55 . 2008-12-13 13:55 1,213,784 --a------ c:\windows\vsapi32.dll
2008-12-13 13:55 . 2008-12-13 13:55 345,157 --a------ c:\windows\tsc.exe
2008-12-13 13:55 . 2008-12-13 13:55 91,744 --a------ c:\windows\BPMNT.dll
2008-12-13 13:55 . 2008-12-13 13:55 71,749 --a------ c:\windows\hcextoutput.dll
2008-12-13 13:55 . 2008-12-13 18:37 823 --a------ c:\windows\tsc.ini
2008-12-13 13:51 . 2008-12-13 13:55 <REP> d-------- c:\windows\AU_Temp
2008-12-13 13:51 . 2008-12-13 13:51 <REP> d-------- c:\windows\AU_Log
2008-12-13 13:51 . 2008-12-13 13:51 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-12-13 13:51 . 2008-12-13 13:51 286,720 --a------ c:\windows\PATCH.EXE
2008-12-13 13:51 . 2008-12-13 13:51 69,689 --a------ c:\windows\UNZIP.DLL
2008-12-13 13:51 . 2008-12-13 13:51 170 --a------ c:\windows\GetServer.ini
2008-12-11 21:39 . 2008-12-11 21:40 <REP> d--h----- c:\windows\msdownld.tmp
2008-12-11 21:39 . 2008-12-11 21:39 <REP> d-------- c:\windows\Logs
2008-12-11 21:24 . 2008-12-11 21:30 <REP> d-------- c:\program files\QUAD Utilities
2008-12-11 15:21 . 2008-12-12 13:47 <REP> d-------- c:\program files\A360
2008-12-10 10:53 . 2008-12-11 09:30 26,162 --a------ C:\iri.exe
2008-12-04 20:50 . 2008-12-17 15:25 202,040 --a------ c:\windows\system32\PnkBstrB.exe
2008-12-04 20:50 . 2008-12-17 15:25 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-12-04 20:50 . 2008-12-04 20:53 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-12-04 20:50 . 2008-12-04 20:50 22,328 --a------ c:\documents and settings\philippe TIJERAS\Application Data\PnkBstrK.sys
2008-11-24 17:09 . 2008-11-24 17:28 <REP> d-------- c:\program files\NOS
2008-11-24 17:09 . 2008-11-24 17:31 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-23 19:01 . 2008-11-23 19:01 <REP> d-------- c:\documents and settings\TEMP\Application Data\Apple Computer
2008-11-23 18:46 . 2008-11-23 18:46 <REP> d-------- c:\program files\iTunes
2008-11-23 18:46 . 2008-11-23 18:46 <REP> d-------- c:\program files\iPod
2008-11-23 18:46 . 2008-11-23 18:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 16:32 --------- d-----w c:\documents and settings\philippe TIJERAS\Application Data\Skype
2008-12-17 15:03 --------- d-----w c:\documents and settings\philippe TIJERAS\Application Data\skypePM
2008-12-17 12:39 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 19:59 --------- d-----w c:\program files\Bonjour
2008-12-15 08:08 --------- d-----w c:\program files\Google
2008-12-13 20:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 09:14 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-09 17:01 322 ----a-w C:\ffmpeg_debug.bat
2008-12-09 17:01 315 ----a-w C:\ffmpeg.bat
2008-12-03 09:18 --------- d-----w c:\program files\Ripp-it_AM
2008-11-24 19:43 --------- d-----w c:\program files\QuickTime
2008-11-23 17:43 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-23 17:32 --------- d-----w c:\program files\Safari
2008-11-16 15:03 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-16 14:43 --------- d-----w c:\documents and settings\philippe TIJERAS\Application Data\OpenOffice.org
2008-11-15 20:23 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-11-15 20:22 --------- d-----w c:\documents and settings\TEMP\Application Data\agi
2008-11-13 19:19 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-13 13:23 --------- d-----w c:\program files\Fichiers communs\logishrd
2008-11-09 18:50 --------- d-----w c:\program files\BoontyGames
2008-11-09 15:19 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 08:49 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-02 10:50 --------- d-----w c:\documents and settings\nathalie TIJERAS\Application Data\OpenOffice.org2
2008-11-01 19:55 --------- d-----w c:\documents and settings\philippe TIJERAS\Application Data\OpenOffice.org2
2008-10-31 06:39 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 08:33 --------- d-----w c:\program files\Studio-Scrap
2008-10-26 23:12 230 ----a-w C:\muxmp4.bat
2008-10-26 20:33 --------- d-----w c:\program files\AviSynth 2.5
2008-10-25 09:56 --------- d-----w c:\documents and settings\philippe TIJERAS\Application Data\Apple Computer
2008-10-25 09:31 --------- d-----w c:\program files\LucasArts
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 07:23 --------- d-----w c:\program files\eRightSoft
2008-10-21 10:08 --------- d-----w c:\program files\IncrediMail
2008-05-03 07:24 0 -c--a-w c:\program files\temp01
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2003-03-21 487696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-21 483328]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-14 185632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-02 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jmglio.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%ProgramFiles%\\Messenger\\msmsgs.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 53248]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-06 1272000]
S3 CA_LIC_CLNT;Client de licence CA;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 77824]
S3 CA_LIC_SRVR;Serveur de licence CA;"c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 77824]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2008-03-02 21344]
.
Contenu du dossier 'Tâches planifiées'

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-13 20:22]

2008-12-12 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []

2008-03-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-16 c:\windows\Tasks\WebReg 20061215215211.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 14:39]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{026DEBBB-A506-4E01-A9E6-0F259A74F8C6} - (no file)
BHO-{35AB8832-1BA6-4CA8-9F55-145E17DAF561} - (no file)
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
BHO-{6e86bfee-4f68-4163-b2ec-0cac7ced5d23} - (no file)
BHO-{775BC9DB-F68A-40F1-83E5-5D3E8BEE0903} - (no file)
BHO-{89F59C94-3909-493F-90C9-38CDE20A5AAF} - (no file)
BHO-{b543a3c2-8b8f-4a04-8ebc-a23664e17dba} - c:\windows\system32\jmglio.dll
BHO-{BB062BDD-D6AD-476F-995C-1990584D6306} - c:\windows\system32\geBroLDU.dll
BHO-{bebaf313-8344-4090-8c24-a2b20cafb39f} - (no file)
BHO-{fc671755-728f-452f-a3b8-348734c1fe2a} - (no file)
Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
HKCU-Run-two hole - c:\documents and settings\philippe TIJERAS\Application Data\platform does\active ball jump.exe
HKCU-Run-E06FDXRC_16528109 - d:\collection microsoft encarta 2006\EDICT.EXE
HKLM-Run-AQ3HelperStartUp - c:\progra~1\AQUATI~1\AQ3HEL~1.EXE
HKLM-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Dit - Dit.exe
Notify-ljJYOfFW - ljJYOfFW.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.carrefour.fr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
c:\windows\Downloaded Program Files\MDM.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://express.foto.com/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\SpeedUploader.ocx
O16 -: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39}
hxxp://express.foto.com/SFUploader/SpeedUploader.cab
c:\windows\Downloaded Program Files\SpeedUploader.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 17:39:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\CA\eTrust Antivirus\InoRpc.exe
c:\program files\CA\eTrust Antivirus\InoRT.exe
c:\program files\CA\eTrust Antivirus\InoTask.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2008-12-17 17:42:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-17 16:42:07

Avant-CF: 15 775 391 744 octets libres
Après-CF: 16,789,925,888 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

312 --- E O F --- 2008-12-17 16:40:26

voila pour l'analyse de virus total:


Fichier iri.exe reçu le 2008.12.17 17:55:39 (CET)
Situation actuelle: terminé

Résultat: 22/37 (59.46%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - Worm/IrcBot.52786.2
Authentium - - W32/Trojan3.QR
Avast - - Win32:Trojan-gen {Other}
AVG - - BackDoor.Ircbot.GJG
BitDefender - - Backdoor.RBot.YBW
CAT-QuickHeal - - -
ClamAV - - -
Comodo - - -
DrWeb - - Trojan.Inject.5299
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Trojan3.QR
F-Secure - - Trojan.Win32.Agent.aukq
Fortinet - - W32/Agent.AUKQ!tr
GData - - Backdoor.RBot.YBW
Ikarus - - VirTool.Win32.CeeInject
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.Agent.aukq
McAfee - - -
McAfee+Artemis - - Generic!Artemis
Microsoft - - VirTool:Win32/CeeInject.gen!J
NOD32 - - Win32/Poebot
Norman - - W32/Smalltroj.JSIE
Panda - - Generic Worm
PCTools - - -
Prevx1 - - Malicious Software
Rising - - Worm.Win32.Autorun.fac
SecureWeb-Gateway - - Worm.IrcBot.52786.2
Sophos - - Troj/Agent-GZP
Sunbelt - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - Backdoor.Win32.IRCBot.gtu
ViRobot - - -
VirusBuster - - -
Information additionnelle
MD5: be21f3d06616afd2bcfa5fb57a62427d
SHA1: c00ef08444d9886f9ede1e7e39719b40f97f63a1
SHA256: 8a7e648dc86e658feeefa591b07cef1a4f46d29076426b4ae9b7dc5bc6058e4c
SHA512: f935e46646c75dc40ade2d333dc3f2b9cac25ae0b8ae8840dec94162cff00390b934b799d33a791237759e480d7a40554a70723d172c8bb900e74f413c9b3b72

A+

Bonjour D11D,

Je te transmets le rapport de NAVILOG:

Search Navipromo version 3.7.0 commencé le 16/12/2008 à 19:00:56,81

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : philippe TIJERAS ( Administrator )
BOOT : Normal boot




A:\ (USB)
C:\ (Local Disk) - NTFS - Total:92 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:91 Go (Free:87 Go)
E:\ (Local Disk) - FAT32 - Total:2 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (Local Disk) - NTFS - Total:232 Go (Free:33 Go)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (USB)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\philippe TIJERAS\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\NATHAL~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\TEMP\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\philippe TIJERAS\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\NATHAL~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\TEMP\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\philippe TIJERAS\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\NATHAL~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\TEMP\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\philippe TIJERAS\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\NATHAL~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\TEMP\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\philippe TIJERAS\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\NATHAL~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\TEMP\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\system32\LkRqYJlm.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\UDLorBeg.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 16/12/2008 à 19:07:47,89 ***

J'ai pas desoucis à ouvrir ma session, cela devient de plus en plus difficile.

A+

Philippe

Re bonjour D11D,

je te transmets le rapport HijackThis fait ce jour:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:19, on 17/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\SYSTRAN\4_0\Premium\SY1E22~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carrefour.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Premium 4.0 - {F9443A0B-6BFD-11D7-ACD0-00B0D094B576} - C:\Program Files\SYSTRAN\4_0\Premium\IEPlugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [fca26a95] rundll32.exe "C:\WINDOWS\system32\ahasovye.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [two hole] C:\Documents and Settings\philippe TIJERAS\Application Data\platform does\active ball jump.exe
O4 - HKCU\..\Run: [E06FDXRC_16528109] "D:\Collection Microsoft Encarta 2006\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.defenza.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1212838336312
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: jmglio.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

Voilà pour le rapport de MalwareByte's:

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahasovye.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dmmmiwjw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBroLDU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\geBtUlkH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gofxavau.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iwtiry.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkHYoNe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jmglio.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lixulpic.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\luiwhdwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\omjgwyxw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uxyxxm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xbfcnx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xsxmocai.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP646\A0119534.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP647\A0119600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP658\A0122427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AE25207-D0F3-45D6-8A28-2B738070A4D5}\RP663\A0125143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\12172008_231024\iri.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Bonne soirée je ferai le Ccleaner demain, merci pour ton aide

a+

Philippe

Bonjour D11D,

j'ai lancé le scan avec Kaspersky. Apparemment, il aurait trouvé un virus et trois fichiers infectés. Je transmets le rapport dès que possible, le scan est long.

En ce qui concerne l'antivirus, je pense que je vais faire comme toi et opter pour Antivir, et le coupler avec les deux logiciels que tu m'as conseillé. MALWAREBYTES et CCLEANER.

Bonne soirée
A+

Philippe

Ha ok,
très bien.
La phase concernant la suppression de services n'était que par précaution.

Tu peux continuer la suite stp ?

A+

Bonjour DllD,

je ne comprends pas, j'ai bien envoyé comme tu me l'avais me demandé les rapports, mais apparement cela n'a pas marché. Comme suivis le procédure je vais devoir télécharcher de nouveau toolcleaner et te renvoyer le rapport.
Je et remercie encore une fois de tout ce que tu as fait pour moi, je te souhaite un joyeux noël et de fêtes de fin d'année.

A+

Philippe

voici le rapport de Toolcleaner:
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\philippe TIJERAS\Recent\HijackThis.lnk: trouvé !

A+

Philippe

Voici la liste des mises à jour qu'il reste à faire

5 Updates Detected
RealPlayer 11.0.0.477
Installed Version: 6.0.12.1662 12.68MB
Safari 3.2.1
Installed Version: 3.2.0.0 19.70MB
Shockwave Player 11.0.3.471
Installed Version: 10.1.0.11 9.08MB
Skype 3.8.0.188
Installed Version: 3.8.0.115 21.25MB
Winamp 5.541 Full
Installed Version: 5.2.4.703 8.57MB
Total size: 71.28MB

4 Beta Updates Detected
Internet Explorer 8.0 Beta 2
Installed Version: 7.0.6000.16762 15.94MB
Skype 4.0.0.176 Beta
Installed Version: 3.8.0.115 23.54MB
Spybot Search & Destroy 1.6.1.41 Beta
Installed Version: 1.6.0.31 15.30MB
Windows Live Messenger 2009 Beta 2
Installed Version: 8.5.1302.1018 1.09MB
Total size: 55.86MB

A+