virus album photo MSN (comment l'enlever) (RÉSOLUE)

Voici le premier rapport que j'ai eu. Après çà, je ne sais plus quoi faire ^^

MSNFix 1.673

C:\Documents and Settings\Utilisateur\Bureau\MSNFix\MSNFix
Fix exécuté le 2008-02-29 - 18:42:44,48 By Utilisateur
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\?.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Utilisateur\??????.exe
... C:\Documents and Settings\Utilisateur\????????.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\?.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Utilisateur\??????.exe
.. OK ... C:\Documents and Settings\Utilisateur\????????.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

/!\ ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Binaries1.zip] 4A0E612A439382018AE3F3ACC35B92DD
[C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Binaries2.zip] B252B2EC53E62FB1F10C677022665AE2
[C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Binaries3.zip] 80061E88323D4D5E1873F259461B6D19
[C:\famwssg.exe] 969F5D8B64172ED48E79EB5C534015A0
[C:\HijackThis.exe] C4CA7416A6DF6D95075F81D9E3B41AD1
[C:\nnpnvxjy.exe] 6D334EB74B11FC1967F6A0341085BC8C
[C:\qklxwxtc.exe] 2F0D9C37AE9F08C305E42BEA2A09A8FF

==> SVP merci d'envoyer le fichier C:\DOCUME~1\UTILIS~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-02-29_19341351.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Bonjour,

[#ff0000]CECI EST UNE ETAPE IMPORTANTE A REALISER ![/#f]
Upload l'archive Upload_Me.zip contenant les fichiers suspects afin de développer l'outil MSNFix.
AIDE : Upload des fichiers supects pour MSNFix

C'est fait, puis-je avoir la suite?

merci ^^

Re,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Désolé mais je suis partie travailler, je suis maintenant de retour et voici le rapport. Puis-je avoir la suite svp? ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:21, on 2008-03-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinReanimator\WinReanimator.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8848 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Voilà, que dois-je faire ensuite?

ComboFix 08-03-01.3 - Utilisateur 2008-03-02 7:00:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1152 [GMT -5:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Bureau\WinReanimator.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinReanimator
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinReanimator\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinReanimator\WinReanimator.lnk
C:\Program Files\WinReanimator
C:\Program Files\WinReanimator\data\daily.cvd
C:\Program Files\WinReanimator\htmlayout.dll
C:\Program Files\WinReanimator\install.exe
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\WinReanimator\pthreadVC2.dll
C:\Program Files\WinReanimator\un.ico
C:\Program Files\WinReanimator\unzip32.dll
C:\Program Files\WinReanimator\WinReanimator.cfg
C:\Program Files\WinReanimator\WinReanimator.dll
C:\Program Files\WinReanimator\WinReanimator.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\cru629.dat
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\cru629.dat
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\winivstr.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\nm


((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 06:03 . 2008-03-02 06:03 9,296 --a------ C:\Documents and Settings\Utilisateur\xvewpv.exe
2008-02-29 22:10 . 2008-03-02 06:56 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-29 22:10 . 2008-03-02 07:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 20:45 . 2008-02-29 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 20:36 . 2008-02-29 20:36 <REP> d-------- C:\Program Files\Yahoo!
2008-02-29 20:36 . 2008-02-29 20:36 <REP> d-------- C:\Program Files\CCleaner
2008-02-29 20:13 . 2008-02-29 20:18 3,274 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-29 20:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-29 20:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-29 20:12 . 2008-02-28 11:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-29 20:12 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-29 20:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-29 20:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-29 20:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-29 18:43 . 2008-02-29 18:43 244 --ah----- C:\sqmnoopt12.sqm
2008-02-29 18:43 . 2008-02-29 18:43 232 --ah----- C:\sqmdata12.sqm
2008-02-29 05:28 . 2008-03-02 06:57 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 05:17 . 2008-02-29 05:17 396,288 --a------ C:\HijackThis.exe
2008-02-29 05:08 . 2008-02-29 05:08 <REP> d-------- C:\Program Files\Trend Micro
2008-02-28 15:21 . 2008-02-29 04:35 92 --a------ C:\Documents and Settings\Utilisateur\delself.bat
2008-02-28 15:14 . 2008-02-29 04:35 50,688 --a------ C:\qklxwxtc.exe
2008-02-28 15:14 . 2008-02-29 04:35 3,584 --a------ C:\nnpnvxjy.exe
2008-02-28 15:14 . 2008-02-29 04:35 2 --a------ C:\-462228298
2008-02-28 15:03 . 2008-02-28 15:03 19,989 --a------ C:\Program Files\Fichiers communs\dykadaga.vbs
2008-02-28 15:03 . 2008-02-28 15:03 19,710 --a------ C:\Documents and Settings\All Users\Application Data\iqyve.exe
2008-02-28 15:03 . 2008-02-28 15:03 18,355 --a------ C:\Documents and Settings\All Users\Application Data\dofevojize.sys
2008-02-28 15:03 . 2008-02-28 15:03 18,238 --a------ C:\Documents and Settings\Utilisateur\Application Data\ysohyvy.reg
2008-02-28 15:03 . 2008-02-28 15:03 17,781 --a------ C:\Documents and Settings\Utilisateur\Application Data\vifo.com
2008-02-28 15:03 . 2008-02-28 15:03 17,721 --a------ C:\WINDOWS\iqawosug.dl
2008-02-28 15:03 . 2008-02-28 15:03 17,093 --a------ C:\WINDOWS\ekyc.pif
2008-02-28 15:03 . 2008-02-28 15:03 16,503 --a------ C:\WINDOWS\vyto.sys
2008-02-28 15:03 . 2008-02-28 15:03 16,295 --a------ C:\WINDOWS\kyxyg._dl
2008-02-28 15:03 . 2008-02-28 15:03 14,899 --a------ C:\Documents and Settings\Utilisateur\Application Data\tohibamopi.com
2008-02-28 15:03 . 2008-02-28 15:03 12,487 --a------ C:\WINDOWS\ulufyheqa.db
2008-02-28 15:03 . 2008-02-28 15:03 11,994 --a------ C:\WINDOWS\ewyxega.scr
2008-02-28 15:03 . 2008-02-28 15:03 11,969 --a------ C:\WINDOWS\wogeq.pif
2008-02-28 15:03 . 2008-02-28 15:03 11,649 --a------ C:\Documents and Settings\Utilisateur\Application Data\qukuk.reg
2008-02-28 15:03 . 2008-02-28 15:03 10,733 --a------ C:\WINDOWS\vakoro._sy
2008-02-28 15:03 . 2008-02-28 15:03 10,229 --a------ C:\Documents and Settings\All Users\Application Data\unygykavoj.dll
2008-02-28 13:55 . 2008-02-29 04:35 58,368 --a------ C:\famwssg.exe
2008-02-28 13:55 . 2008-02-28 13:55 54,764 --a------ C:\WINDOWS\system\userinfo32.ggt
2008-02-28 09:14 . 2008-02-28 09:14 244 --ah----- C:\sqmnoopt11.sqm
2008-02-28 09:14 . 2008-02-28 09:14 232 --ah----- C:\sqmdata11.sqm
2008-02-23 16:33 . 2008-02-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-02-23 16:33 . 2008-02-23 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-23 16:12 . 2008-02-23 16:13 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-23 16:12 . 2008-02-29 22:42 <REP> d-------- C:\Program Files\AdVantage
2008-02-23 16:12 . 2008-02-23 16:12 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-02-23 16:07 . 2008-02-23 16:07 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-23 16:04 . 2008-02-28 20:25 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-22 20:23 . 2008-02-22 20:23 <REP> d-------- C:\videodvdmaker
2008-02-22 20:23 . 2008-02-22 20:23 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Video DVD Maker FREE
2008-02-22 20:20 . 2008-02-22 20:20 <REP> d-------- C:\Program Files\Video DVD Maker
2008-02-14 07:36 . 2008-02-14 07:36 244 --ah----- C:\sqmnoopt10.sqm
2008-02-14 07:36 . 2008-02-14 07:36 232 --ah----- C:\sqmdata10.sqm
2008-02-12 17:00 . 2008-02-12 17:00 <REP> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 03:48 --------- d-----w C:\Program Files\Dofus
2008-02-29 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-28 20:03 16,413 ----a-w C:\Program Files\Fichiers communs\lowozog._sy
2008-02-26 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 21:08 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\ZoomBrowser EX
2008-02-23 21:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 22:01 --------- d-----w C:\Program Files\iTunes
2008-02-12 21:59 --------- d-----w C:\Program Files\QuickTime
2008-01-26 10:48 --------- d-----w C:\Program Files\World of Warcraft
2008-01-20 02:24 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-01-07 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 15:50 --------- d-----w C:\Program Files\Mindscape
2008-01-03 15:37 --------- d-----w C:\Program Files\Canon
2008-01-03 15:35 --------- d-----w C:\Program Files\Fichiers communs\Canon
2008-01-02 04:59 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-10-25 19:29 457,172 ----a-w C:\Program Files\Patch01.GS1
2002-10-24 21:40 3,349,971 ----a-w C:\Program Files\dmcr.exe
2002-10-18 18:07 180,224 ----a-w C:\Program Files\VOPL.EXE
2002-10-17 22:13 356,419 ----a-w C:\Program Files\DipServer.dll
2002-10-16 22:30 1,854 ----a-w C:\Program Files\sb.dat
2002-10-16 22:08 245,827 ----a-w C:\Program Files\LF_Server.dll
2002-10-16 22:07 294,983 ----a-w C:\Program Files\intExplorer.dll
2002-10-16 20:18 307,259 ----a-w C:\Program Files\iChat.dll
2002-10-15 23:33 698,138,183 ----a-w C:\Program Files\ALL.GSC
2002-10-15 21:26 27 ----a-w C:\Program Files\mode.dat
2002-10-15 21:26 20 ----a-w C:\Program Files\multi.opt
2002-10-15 21:26 13 ----a-w C:\Program Files\MuliExOpt.dat
2002-10-15 21:26 12 ----a-w C:\Program Files\comp.opt
2002-10-15 21:26 1 ----a-w C:\Program Files\smiss.opt
2002-10-15 21:25 768 ----a-w C:\Program Files\agew_1.pal
2002-10-09 21:57 4,843,061 ----a-w C:\Program Files\Battle.m3d
2002-09-26 15:20 73,728 ----a-w C:\Program Files\sendbug.exe
2002-05-15 16:25 335,937 ----a-w C:\Program Files\gw_server.dll
2002-05-13 20:54 3,951,061 ----a-w C:\Program Files\Singledemo.m3d
2002-01-04 22:25 371,712 ----a-w C:\Program Files\httpc.exe
2001-11-12 12:42 98,304 ----a-w C:\Program Files\Wintab32.dll
2001-11-07 14:48 335,872 ----a-w C:\Program Files\cew.dll
2000-09-12 04:09 291,840 ----a-w C:\Program Files\binkw32.dll
1997-01-03 09:50 53,248 ----a-w C:\Program Files\unrar.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 05:30 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 05:02 482760]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 08:08 143360]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 04:58 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"QuickTime Task"="C:\program files\quicktime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"braviax"="braviax.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"=

R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 00:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 23:45:43 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 07:06:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 7:08:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 12:08:39
.
2008-02-13 01:00:39 --- E O F ---

eee t'es toujours la mec? lol jcrois que ça doit être le décalage horaire...

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voici celui de combofix!!!

ComboFix 08-03-01.3 - Utilisateur 2008-03-02 14:52:59.2 - NTFSx86
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Documents and Settings\All Users\Application Data\dofevojize.sys
C:\Documents and Settings\All Users\Application Data\iqyve.exe
C:\Documents and Settings\All Users\Application Data\unygykavoj.dll
C:\Documents and Settings\Utilisateur\Application Data\qukuk.reg
C:\Documents and Settings\Utilisateur\Application Data\tohibamopi.com
C:\Documents and Settings\Utilisateur\Application Data\vifo.com
C:\Documents and Settings\Utilisateur\Application Data\ysohyvy.reg
C:\Documents and Settings\Utilisateur\xvewpv.exe
C:\famwssg.exe
C:\nnpnvxjy.exe
C:\Program Files\Fichiers communs\dykadaga.vbs
C:\Program Files\Fichiers communs\lowozog._sy
C:\qklxwxtc.exe
C:\WINDOWS\ekyc.pif
C:\WINDOWS\ewyxega.scr
C:\WINDOWS\iqawosug.dl
C:\WINDOWS\kyxyg._dl
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\ulufyheqa.db
C:\WINDOWS\vakoro._sy
C:\WINDOWS\vyto.sys
C:\WINDOWS\wogeq.pif
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dofevojize.sys
C:\Documents and Settings\All Users\Application Data\iqyve.exe
C:\Documents and Settings\All Users\Application Data\unygykavoj.dll
C:\Documents and Settings\Utilisateur\Application Data\qukuk.reg
C:\Documents and Settings\Utilisateur\Application Data\tohibamopi.com
C:\Documents and Settings\Utilisateur\Application Data\vifo.com
C:\Documents and Settings\Utilisateur\Application Data\ysohyvy.reg
C:\Documents and Settings\Utilisateur\xvewpv.exe
C:\famwssg.exe
C:\nnpnvxjy.exe
C:\Program Files\Fichiers communs\dykadaga.vbs
C:\Program Files\Fichiers communs\lowozog._sy
C:\qklxwxtc.exe
C:\WINDOWS\ekyc.pif
C:\WINDOWS\ewyxega.scr
C:\WINDOWS\iqawosug.dl
C:\WINDOWS\kyxyg._dl
C:\WINDOWS\ulufyheqa.db
C:\WINDOWS\vakoro._sy
C:\WINDOWS\vyto.sys
C:\WINDOWS\wogeq.pif

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-02-29 22:10 . 2008-03-02 06:56 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-29 22:10 . 2008-03-02 07:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 20:45 . 2008-02-29 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 20:36 . 2008-02-29 20:36 <REP> d-------- C:\Program Files\Yahoo!
2008-02-29 20:36 . 2008-02-29 20:36 <REP> d-------- C:\Program Files\CCleaner
2008-02-29 20:13 . 2008-02-29 20:18 3,274 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-29 20:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-29 20:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-29 20:12 . 2008-02-28 11:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-29 20:12 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-29 20:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-29 20:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-29 20:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-29 18:43 . 2008-02-29 18:43 244 --ah----- C:\sqmnoopt12.sqm
2008-02-29 18:43 . 2008-02-29 18:43 232 --ah----- C:\sqmdata12.sqm
2008-02-29 05:28 . 2008-03-02 06:57 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 05:17 . 2008-02-29 05:17 396,288 --a------ C:\HijackThis.exe
2008-02-29 05:08 . 2008-02-29 05:08 <REP> d-------- C:\Program Files\Trend Micro
2008-02-28 15:21 . 2008-02-29 04:35 92 --a------ C:\Documents and Settings\Utilisateur\delself.bat
2008-02-28 15:14 . 2008-02-29 04:35 2 --a------ C:\-462228298
2008-02-28 13:55 . 2008-02-28 13:55 54,764 --a------ C:\WINDOWS\system\userinfo32.ggt
2008-02-28 09:14 . 2008-02-28 09:14 244 --ah----- C:\sqmnoopt11.sqm
2008-02-28 09:14 . 2008-02-28 09:14 232 --ah----- C:\sqmdata11.sqm
2008-02-23 16:33 . 2008-02-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-02-23 16:33 . 2008-02-23 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-23 16:12 . 2008-02-23 16:13 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-23 16:12 . 2008-02-29 22:42 <REP> d-------- C:\Program Files\AdVantage
2008-02-23 16:12 . 2008-02-23 16:12 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-02-23 16:07 . 2008-02-23 16:07 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-23 16:04 . 2008-02-28 20:25 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-22 20:23 . 2008-02-22 20:23 <REP> d-------- C:\videodvdmaker
2008-02-22 20:23 . 2008-02-22 20:23 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Video DVD Maker FREE
2008-02-22 20:20 . 2008-02-22 20:20 <REP> d-------- C:\Program Files\Video DVD Maker
2008-02-14 07:36 . 2008-02-14 07:36 244 --ah----- C:\sqmnoopt10.sqm
2008-02-14 07:36 . 2008-02-14 07:36 232 --ah----- C:\sqmdata10.sqm
2008-02-12 17:00 . 2008-02-12 17:00 <REP> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 03:48 --------- d-----w C:\Program Files\Dofus
2008-02-29 20:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-26 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 21:08 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\ZoomBrowser EX
2008-02-23 21:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-12 22:01 --------- d-----w C:\Program Files\iTunes
2008-02-12 21:59 --------- d-----w C:\Program Files\QuickTime
2008-01-26 10:48 --------- d-----w C:\Program Files\World of Warcraft
2008-01-20 02:24 --------- d-----w C:\Program Files\Free iPod Video Converter
2008-01-07 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 15:50 --------- d-----w C:\Program Files\Mindscape
2008-01-03 15:37 --------- d-----w C:\Program Files\Canon
2008-01-03 15:35 --------- d-----w C:\Program Files\Fichiers communs\Canon
2008-01-02 04:59 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Apple Computer
2007-12-27 09:58 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-27 09:58 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-27 09:58 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2002-10-25 19:29 457,172 ----a-w C:\Program Files\Patch01.GS1
2002-10-24 21:40 3,349,971 ----a-w C:\Program Files\dmcr.exe
2002-10-18 18:07 180,224 ----a-w C:\Program Files\VOPL.EXE
2002-10-17 22:13 356,419 ----a-w C:\Program Files\DipServer.dll
2002-10-16 22:30 1,854 ----a-w C:\Program Files\sb.dat
2002-10-16 22:08 245,827 ----a-w C:\Program Files\LF_Server.dll
2002-10-16 22:07 294,983 ----a-w C:\Program Files\intExplorer.dll
2002-10-16 20:18 307,259 ----a-w C:\Program Files\iChat.dll
2002-10-15 23:33 698,138,183 ----a-w C:\Program Files\ALL.GSC
2002-10-15 21:26 27 ----a-w C:\Program Files\mode.dat
2002-10-15 21:26 20 ----a-w C:\Program Files\multi.opt
2002-10-15 21:26 13 ----a-w C:\Program Files\MuliExOpt.dat
2002-10-15 21:26 12 ----a-w C:\Program Files\comp.opt
2002-10-15 21:26 1 ----a-w C:\Program Files\smiss.opt
2002-10-15 21:25 768 ----a-w C:\Program Files\agew_1.pal
2002-10-09 21:57 4,843,061 ----a-w C:\Program Files\Battle.m3d
2002-09-26 15:20 73,728 ----a-w C:\Program Files\sendbug.exe
2002-05-15 16:25 335,937 ----a-w C:\Program Files\gw_server.dll
2002-05-13 20:54 3,951,061 ----a-w C:\Program Files\Singledemo.m3d
2002-01-04 22:25 371,712 ----a-w C:\Program Files\httpc.exe
2001-11-12 12:42 98,304 ----a-w C:\Program Files\Wintab32.dll
2001-11-07 14:48 335,872 ----a-w C:\Program Files\cew.dll
2000-09-12 04:09 291,840 ----a-w C:\Program Files\binkw32.dll
1997-01-03 09:50 53,248 ----a-w C:\Program Files\unrar.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-14 05:30 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 05:02 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 08:08 143360]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 23:43 81920]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 04:58 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"QuickTime Task"="C:\program files\quicktime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffae84a6-e253-11dc-9c33-001321c731cb}]
\Shell\AutoRun\command - G:\Setup.exe -auto


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-01 00:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 23:45:43 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 14:56:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-02 14:57:29
ComboFix-quarantined-files.txt 2008-03-02 19:57:14
ComboFix2.txt 2008-03-02 12:08:44
.
2008-02-13 01:00:39 --- E O F ---

Et voici le rapport HijackThis, Y a-t-il autres choses à faire?

merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:17, on 2008-03-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8100 bytes

C'est déjà mieux ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Un scan complet c'est comme je vien de faire avec les 2 affaires?

Tu as regardé le tuto ?  

Voilà, que dois-je faire ensuite?

AntiVir PersonalEdition Classic
Report file date: 2 mars 2008 15:47

Scanning for 1130387 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Utilisateur
Computer name: PC-UTILISATEUR

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 20:34:21
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 2008-02-24 20:34:21
ANTIVIR3.VDF : 7.0.2.216 135168 Bytes 2008-03-02 20:34:21
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 2008-03-02 20:34:22
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-03-02 20:34:22
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 15:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2 mars 2008 15:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Utilisateur\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.51
[INFO] The file was moved to '4834134a.qua'!
C:\Documents and Settings\Utilisateur\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/d.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alm Backdoor server programs
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/famwssg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/mhyqck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/nnpnvxjy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/pyqvmf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/UTILIS~1/Bureau/Upload_Me/qklxwxtc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48371356.qua'!
C:\Documents and Settings\Utilisateur\Bureau\DOCUME~1\UTILIS~1\Bureau\Upload_Me\famwssg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48381349.qua'!
C:\Documents and Settings\Utilisateur\Bureau\DOCUME~1\UTILIS~1\Bureau\Upload_Me\nnpnvxjy.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '483b1356.qua'!
C:\Documents and Settings\Utilisateur\Bureau\DOCUME~1\UTILIS~1\Bureau\Upload_Me\qklxwxtc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48371353.qua'!
C:\Documents and Settings\Utilisateur\Bureau\MSNFix\MSNFix\2008-02-28_20370081.zip
[0] Archive type: ZIP
--> backup/d.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alm Backdoor server programs
--> backup/mhyqck.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pyqvmf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47fb1319.qua'!
C:\QooBox\Quarantine\C\famwssg.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48382075.qua'!
C:\QooBox\Quarantine\C\nnpnvxjy.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '483b2082.qua'!
C:\QooBox\Quarantine\C\qklxwxtc.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4837207f.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\Utilisateur\xvewpv.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4830208a.qua'!
C:\QooBox\Quarantine\C\Program Files\WinReanimator\install.exe.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '483e2083.qua'!
C:\QooBox\Quarantine\C\WINDOWS\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '482c2088.qua'!
C:\QooBox\Quarantine\C\WINDOWS\cru629.dat.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48402088.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\braviax.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '482c2089.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cru629.dat.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48402089.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '48392080.qua'!
C:\WINDOWS\system\userinfo32.ggt
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '483022c1.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Restore>


End of the scan: 2 mars 2008 16:59
Used time: 1:12:05 min

The scan has been done completely.

8375 Scanning directories
288864 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
17 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
288840 Files not concerned
1598 Archives were scanned
2 Warnings
0 Notes

j'ai le même problème: img091307-www.photoshop.com!!! dois je faire les memes manip?!? aidez moi svp!!!

créer toi un autre topic ou attend qu'il ait finit avec moi si possible ^^. dsl mais je veux me debarasser de ce virus au plus vite ^^

je comprends désolée bon courage

Effectivement, chacun son sujet.
Reposte un rapport Hijackthis  

Voilà, y a-t-il autres choses à faire? Je commence a voir du changement, mon ordi va à la même vitesse qu'avant et je ne recois plus gros message d'erreur^^. Y a-t-il une autre étapes?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:16, on 2008-03-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7895 bytes

C'est ok pour moi. Tu as des questions ?

Hum, est ce que j'ai des truc a réinstaller et des truc a supprimer qui sont maintenant inutiles? Si oui, lesquelles...

Encore un gros merci pour ton aide. Tu fais de la bonne job, continue comme çà mec ^^.

Rien à faire mis à part ça  

Télécharge ToolsCleaner sur ton Bureau.

Clique sur Recherche et laisse le scan se terminer.

Clique sur Suppression pour finaliser.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

Désactive puis réactive la restauration du système : Voir aide

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

Un très gros merci de ton aide. T'es vraiment fort mec. A+. Si j'ai d'autre problemes, je peux revenir?


-->- Recherche:

C:\HijackThis.exe: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\MsnFix: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\MSNFix\MsnFix: trouvé !
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Messenger\mick14456@hotmail.com\Sharing Folders\aphrodite24ans@hotmail.com\MsnFix: trouvé !
C:\Documents and Settings\Utilisateur\Recent\MSNFix.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !

---------------------------------
-->- Suppression:

C:\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Utilisateur\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\MsnFix: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Messenger\mick14456@hotmail.com\Sharing Folders\aphrodite24ans@hotmail.com\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

De rien