virus TR/Vundo.Gen : impossible de le supprimer ! help-me!!

Bonjour,

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix

------------------------------------ rapport combotfix ----------------------------------

ComboFix 08-07-02.3 - Morgane 2008-07-03 11:16:59.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1776 [GMT 2:00]
Endroit: C:\Documents and Settings\Morgane\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bhblvago.dll
C:\WINDOWS\system32\hgGyyvsP.dll
C:\WINDOWS\system32\iifeCtuu.dll
C:\WINDOWS\system32\ogavlbhb.ini
C:\WINDOWS\system32\PsvyyGgh.ini
C:\WINDOWS\system32\PsvyyGgh.ini2
C:\WINDOWS\system32\ssqQgFvV.dll
C:\WINDOWS\system32\yayATKbX.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
.

2008-07-03 10:57 . 2008-07-03 11:21 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-03 09:48 . 2008-07-03 09:48 <REP> d-------- C:\Program Files\Lavasoft
2008-07-03 09:48 . 2008-07-03 09:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 09:16 . 2007-06-03 18:31 352,768 --a------ C:\regsearch.exe
2008-07-03 08:56 . 2008-07-03 08:56 <REP> d-------- C:\VundoFix Backups
2008-07-03 08:51 . 2008-07-03 08:51 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 17:36 . 2008-07-01 17:36 <REP> d-------- C:\Documents and Settings\Morgane\Application Data\Icone
2008-07-01 08:53 . 2008-07-01 08:53 <REP> d--h----- C:\WINDOWS\PIF
2008-06-30 09:27 . 2008-06-30 09:27 <REP> d-------- C:\Program Files\SAGEM
2008-06-30 09:27 . 2008-06-30 09:27 <REP> d-------- C:\Documents and Settings\Morgane\Application Data\InstallShield
2008-06-30 09:26 . 2008-06-30 09:26 <REP> d-------- C:\Program Files\Securitoo
2008-06-26 12:50 . 2008-06-26 12:50 <REP> d-------- C:\Program Files\Ontrack
2008-06-25 08:18 . 2008-06-25 08:43 <REP> d-------- C:\Program Files\FreeUndelete
2008-06-23 10:51 . 2008-06-23 10:51 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-23 10:51 . 2008-06-23 10:51 7,168 --ahs---- C:\Thumbs.db
2008-06-23 09:36 . 2008-07-03 11:21 <REP> d-------- C:\Program Files\Steam
2008-06-20 10:15 . 2008-06-20 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\legallais_2008
2008-06-20 10:13 . 2008-06-24 08:51 <REP> d-------- C:\Program Files\legallais_2008
2008-06-17 08:06 . 2008-06-17 08:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-16 13:05 . 2008-06-16 13:05 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-06-16 08:36 . 2008-06-16 10:14 <REP> d-------- C:\Documents and Settings\Morgane\Application Data\AdobeUM
2008-06-16 08:31 . 2006-12-20 11:55 3,066,968 --a------ C:\WINDOWS\system32\hinstd.dll
2008-06-16 08:31 . 2006-12-20 10:00 671,112 --a------ C:\WINDOWS\system32\hdinst_windows.dll
2008-06-16 08:31 . 2002-07-26 17:02 153,088 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-06-16 08:31 . 2006-11-30 11:06 69,632 --a------ C:\WINDOWS\system32\hasp_inst_help1.dll
2008-06-16 08:31 . 2005-09-06 17:07 24,576 --a------ C:\WINDOWS\system32\hdduinst.exe
2008-06-12 13:54 . 2008-06-12 13:54 <REP> d-------- C:\Program Files\Tmp
2008-06-12 13:54 . 2008-06-12 13:55 <REP> d-------- C:\Program Files\itech
2008-06-12 10:56 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-06-11 08:26 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:26 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 08:51 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-03 07:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-03 06:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-02 13:36 --------- d-----w C:\Program Files\CADSOFT Build 7.2
2008-06-30 07:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 10:44 --------- d-----w C:\Program Files\AutoCAD LT 98
2008-06-12 10:42 --------- d-----w C:\Program Files\Cadsoft
2008-06-12 10:39 --------- d-----w C:\Program Files\Fichiers communs\Itech
2008-06-10 14:47 --------- d-----w C:\Program Files\Microsoft Works
2008-05-26 08:31 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-05-26 08:31 --------- d-----w C:\Program Files\AutoCAD LT 2008
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 11:41 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-06-23 09:37 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-17 08:21 262401]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-10-30 14:44 1953792]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"vspdfprsrv.exe"="C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 07:58 998912]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-06-03 12:37 2131600]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\meiyanmj\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8df5a74a-f64c-11dc-ae2a-001bfcbde081}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c40192df - C:\WINDOWS\system32\bhblvago.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 11:21:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Morgane\LOCALS~1\Temp\mc23.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Itech\Bin\ACORD-Bat Office.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-03 11:25:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 09:25:07

Pre-Run: 75,782,209,536 octets libres
Post-Run: 168,345,903,104 octets libres

162 --- E O F --- 2008-06-20 15:05:30


--------------------------Rapport Hijackthis------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:14, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\itech\bin\ACORD-Bat Office.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ACORD-Bat Office.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7553 bytes

je croyais que ça l'avais viré car mon antivirus ne rallé plus. Puis je viens de relancer un scan et il me la encore detecté.   que faire!

antivir m'a détecté TR/Trash.GEN, TR/Vundo.Gen, TR/Spy.Gen

Re,

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )



=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

*********

Redémarre en mode sans échec.
Fais un scan complet avec AntiVir.
Une fois ton ordinateur redémarré en mode normal, poste moi le rapport  

Re,

Supprime C:\programfiles\tmp

Pour le scan avec AntiVir, tu peux de préférence, avant de le faire, supprimer C:\Qoobox

comment ça je supprime? dans l'analyse, ou je supprime carrément le dossier?

voici le rapport d'antivir en mode ss echec:



Avira AntiVir Personal
Report file date: vendredi 4 juillet 2008 12:03

Scanning for 1376973 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Morgane
Computer name: PCHAUT

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 06:21:50
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 06:21:50
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 06:21:50
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 06:21:50
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 07:25:19
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 06:29:37
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:44:28
ANTIVIR3.VDF : 7.0.5.46 119296 Bytes 04/07/2008 06:44:23
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 06:21:50
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 06:44:23
AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 06:17:55
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 11:09:57
AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 06:17:54
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 06:17:53
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 06:44:23
AEHELP.DLL : 8.1.0.15 115063 Bytes 02/06/2008 06:15:34
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 06:17:50
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/05/2008 06:15:46
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 06:44:22
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 06:21:50
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 06:21:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 06:21:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 06:21:50
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 06:21:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 06:21:50
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 06:21:50
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 06:21:50
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 06:21:47
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 06:21:47

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 4 juillet 2008 12:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 4 juillet 2008 12:32
Used time: 28:10 min

The scan has been done completely.

5058 Scanning directories
361328 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
361328 Files not concerned
2789 Archives were scanned
2 Warnings
0 Notes

Toujours des soucis ?
poste un nouveau rapport HijackThis