mistoufle

Bonjour, ça y est, je ne suis plus infecté, je passé MBAM .. et j'ia fini par un scan Antivir, qui m'a trouvé 11 chevaux de troie. Tout est OK pour moi Merci beaucoup

Merci, je viens de passer malware, et il m'a trouvé 3 fichiers que j'ai supprimé, mais j'ai pas gardé le log Demain soir quand je rentre du boulot, je m'y remet et je poste tout. Pour combofix, j'ai pris des infos sur un site, ouf ça m'a pas fait de dégats je pense, ça m'a quand même amélioré pas mal l'ordi (il ne s'éteint plus, et les redirections google n'existent plus non plus Merci, à demain

Et le rapport Combofix Quelqu'un voit quelquechose ??? ComboFix 08-12-14.05 - Propri‚taire 2008-12-15 17:42:23.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.190.27 [GMT 1:00] Lancé depuis: c:\documents and settings\Propriétaire\Bureau\Killbagle.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Propri‚taire\Application Data\Google\fhexj6825097.exe c:\hp\KBD\KBD.EXE c:\program files\Ahead\Nero BackItUp\nbj.exe c:\program files\Internet Explorer\fxavx.ini c:\windows\Downloaded Program Files\Quarantine c:\windows\Downloaded Program Files\setup.inf c:\windows\system\oeminfo.ini c:\windows\system32\config\systemprofile\Cookies\MM2048.DAT c:\windows\system32\config\systemprofile\Cookies\MM256.DAT c:\windows\system32\drivers\svchost.exe c:\windows\system32\drivers\TDSSeyct.sys c:\windows\system32\TDSSermj.dll c:\windows\system32\TDSSgihc.dll c:\windows\system32\TDSShhho.dat c:\windows\system32\TDSSlqme.dll c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSotqk.dll c:\windows\system32\TDSSqhjb.log c:\windows\system32\TDSSwhuu.log c:\windows\system32\TDSSxjvw.dll c:\windows\system32\TDSSxsmy.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV.SYS -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 )))))))))))))))))))))))))))))))))))) . 2008-12-15 17:16 . <REP> c:\documents and settings\Propriétaire\Application Data\drivers 2008-12-15 15:15 . 2008-12-15 16:42 <REP> d-------- c:\program files\FindyKill 2008-12-15 13:58 . 2008-12-15 13:58 <REP> d-------- c:\program files\Trend Micro 2008-12-15 12:53 . 2008-12-15 12:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-15 12:53 . 2008-12-15 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-15 12:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\drivers\mbamswissarmy.sys 2008-12-15 12:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\drivers\mbam.sys 2008-12-14 20:50 . 2008-12-14 20:51 <REP> d-------- c:\program files\Spybot - Search & Destroy 2008-12-14 09:11 . 2008-12-14 09:11 <REP> d-------- c:\program files\Elaborate Bytes 2008-12-14 09:11 . 2008-12-14 09:12 <REP> d-------- c:\program files\DVD2one V2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 16:46 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Google 2008-12-15 11:12 --------- d-----w c:\program files\Lavasoft 2008-12-15 11:12 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-15 11:02 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-15 10:37 --------- d-----w c:\program files\eMule 2008-12-14 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-13 18:09 --------- d-----w c:\documents and settings\Propriétaire\Application Data\uTorrent 2008-12-08 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-12-01 16:04 --------- d-----w c:\program files\Monkey's Audio 2008-12-01 15:20 --------- d-----w c:\documents and settings\Propriétaire\Application Data\foobar2000 2008-11-30 08:06 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Apple Computer 2008-10-25 10:12 --------- d-----w c:\program files\microsoft frontpage 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2003-05-24 09:45 7,168 -csha-w c:\program files\Fichiers communs\Thumbs.db 2008-11-13 19:34 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-13 19:35 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-13 19:35 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-13 19:35 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-13 19:35 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2003-04-21 10:43 32 -csha-w c:\windows\{8FC8A7FB-357B-4A8C-A85C-A4526F3886D8}.dat 2006-01-23 14:58 56 -csh--r c:\windows\SYSTEM32\6FEFA38B6E.sys 2003-05-24 10:26 56 -csh--r c:\windows\SYSTEM32\FE6F052D3E.sys 2006-01-23 14:58 11,270 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys 2003-04-21 10:43 32 -csha-w c:\windows\SYSTEM32\{63935FD1-F77D-4C8F-B003-3876F74FEB43}.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-12-15 81000] "USB Storage Toolbox"="c:\program files\USBToolbox\Res.EXE" [2002-01-15 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-07-17 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-17 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\SYSTEM32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.SEDG"= mcs_vfw.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\javaw.exe"= "c:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . Contenu du dossier 'Tâches planifiées' 2008-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2002-12-23 c:\windows\Tasks\TASK20021223134627.job - c:\program files\WS_FTP Pro\wsftppro.exe [] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-NBJ - c:\program files\Ahead\Nero BackItUp\nbj.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.free.fr/ mSearch Bar = hxxp://srch-fr3.hpwis.com/ uInternet Settings,ProxyOverride = localhost;*.local IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\installer2.dll - O16 -: {09CC593B-E8A9-4491-927D-A3E33534DDD4} hxxp://m6video.m6.fr/1click/install/files/installer2.cab O16 -: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/CDT/ie/bridge-c2.cab c:\windows\Downloaded Program Files\tra2_2_4.rc - c:\windows\Downloaded Program Files\PIXACODnDUpload.ocx O16 -: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} hxxp://www.pixaco.fr/static/download/pixacodndupload.cab c:\windows\Downloaded Program Files\PIXACODnDUpload.inf c:\windows\Downloaded Program Files\vb2s.dll - O16 -: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} hxxp://www.subdo.com/activex/vb2s.cab c:\windows\system32\l3codecx.ax - c:\windows\system32\QEdit.dll c:\windows\scroll.bmp c:\windows\system32\Pal.dll c:\windows\system32\ErrorHandler.dll c:\windows\system32\MCS.dll c:\windows\Downloaded Program Files\xmltok.dll c:\windows\Downloaded Program Files\xmlparse.dll c:\windows\Downloaded Program Files\coltrans.ax c:\windows\Downloaded Program Files\WBMPSource.ax c:\windows\Downloaded Program Files\PNGSource.ax c:\windows\system32\Mpeg4DSF.dll c:\windows\system32\Mpeg4Tools.dll c:\windows\system32\Mpeg4System.dll c:\windows\Downloaded Program Files\MelodySourceParser.ax c:\windows\system32\AMRDSF.dll c:\windows\system32\AMR.dll c:\windows\Downloaded Program Files\scg.ax c:\windows\Downloaded Program Files\HtmlParser.dll c:\windows\Downloaded Program Files\HTMLSourceFilter.ax c:\windows\Downloaded Program Files\VideoCompositor.ax c:\windows\Downloaded Program Files\StreamControl.ax c:\windows\Downloaded Program Files\DownloadersWI.dll c:\windows\Downloaded Program Files\Parsers.dll c:\windows\Downloaded Program Files\PlayerServer.dll c:\windows\Downloaded Program Files\MPO.dll c:\windows\Downloaded Program Files\CoreExecutive.dll c:\windows\Downloaded Program Files\SMILInetCtrl.dll c:\windows\Downloaded Program Files\RegType_IE.dll O16 -: {8731163E-77B9-4F91-9122-F112521C28AF} hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab c:\windows\Downloaded Program Files\SMILViewer_DX6.inf O16 -: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab c:\windows\Downloaded Program Files\setup.inf c:\windows\SYSTEM32\msvcp60.dll - c:\windows\SYSTEM32\atl.dll c:\windows\Downloaded Program Files\AdVerifierADP.dll c:\windows\Downloaded Program Files\AdSignerADP.dll O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab c:\windows\Downloaded Program Files\AdSignerADP.inf c:\windows\system32\StreamSaferFilter.dll - c:\windows\system32\MAStreamCtrl.ocx O16 -: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} hxxp://www.csafer.net/ActiveX/MAStreamCtrl.cab c:\windows\Downloaded Program Files\MAStreamCtrl.inf c:\windows\Downloaded Program Files\msway.dll - O16 -: {E15111B0-95AE-4C05-B91F-F4564057990C} hxxp://servicesv4.moviesystem.com/cabs/msway.cab c:\windows\Downloaded Program Files\msway.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 17:55:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Heure de fin: 2008-12-15 18:03:32 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-15 17:03:18 Avant-CF: 2,531,262,464 octets libres AprÞs-CF: 2,557,100,032 octets libres 218 --- E O F --- 2008-12-11 19:42:19

Bonjour, Je crois que je viens de choper pas mal de virus d'un coup !!! Dans le gestionnaire des taches, j'ai un processus, winupgro.exe qui tourne. Si je ne termine pas ce processus, mon ordi s'éteint tout seul. Autre chose, sur google, quand je clique sur une recherche, il me redirige vers des pubs (go.google.com ...). Je n'arrive pas à ouvrir spybot, ni Malwarebytes ... mon antivirus (avast) ne demarre plus ... bref, une grosse galère J'espère que quelqu'un pourra m'aider Je vous poste le rapport Hijackthis ! Non sans mal, il a fallut que je renomme l'application Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:22:26, on 15/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USBToolbox\Res.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: AGSatellite.lnk = ? (User 'SYSTEM') O4 - S-1-5-18 Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: AGSatellite.lnk = ? (User 'Default user') O4 - .DEFAULT Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE (User 'Default user') O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c2.cab O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/c...r/mmsPlayer.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} (MADanalCtrl Control) - http://www.csafer.net/ActiveX/MAStreamCtrl.cab O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7995 bytes Et le rapport FindyKill ci dessous merci à tous ----------------- FindyKill V4.709 ------------------ * User : Propri‚taire - NOM-JXZ6Q3Q4WHD * executed from : C:\Program Files\FindyKill * Update on 10/12/08 par Chiquitine29 * Start at 16:29:19 the 15/12/2008 * Windows XP - Internet Explorer 6.0.2900.5512 ((((((((((((((( *** deleting *** )))))))))))))))))) --------------- [ Active Processes ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\logonui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe --------------- [ Infected files / folders ] ---------------- »»»» Supression files in C: Deleted ! - C:\InfoSat.txt »»»» Supression files in C:\WINDOWS »»»» Supression files in C:\WINDOWS\Prefetch Deleted ! - C:\WINDOWS\prefetch\571671.EXE-05039BED.pf Deleted ! - C:\WINDOWS\prefetch\824187.EXE-039EF531.pf Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0625BCF7.pf Deleted ! - C:\WINDOWS\prefetch\MONKEY'S AUDIO.EXE-3B86D701.pf »»»» Supression files in C:\WINDOWS\system32 »»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming »»»» Supression files in C:\WINDOWS\system32\drivers »»»» Supression files in C:\Documents and Settings\Propri‚taire\Application Data Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers\winupgro.exe" Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers\downld" Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers" »»»» Supression files in C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp »»»» Supression files in C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5 Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DR7RHTO2\b64[1].jpg --------------- [ Registry / Infected keys ] ---------------- Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Deleted ! - HKEY_USERS\S-1-5-21-3322274812-3477723857-56604596-1003\Software\Local AppWizard-Generated Applications\winupgro --------------- [ States / Restarting of services ] ---------------- +- Safe boot mode restored ! +- Services : [ Auto=2 / Request=3 / Disable=4 ] Ndisuio - Type of startup = 3 EapHost - Type of startup = 2 Ip6Fw - Type of startup = 2 SharedAccess - Type of startup = 2 wuauserv - Type of startup = 2 wscsvc - Type of startup = 2 --------------- [ Cleaning removable drives ] ---------------- +- Informations : C: - Lecteur fixe +- deleting files : --------------- [ Registry / Mountpoint2 ] ---------------- -> Not found ! --------------- [ Searching Cracks / Keygen ] ---------------- ---------------- ! End of report ! ------------------