virus win32.tiny Résolu/Fermé

Question

Bonjour,

j'ai été infecté un virus win32.tiny, par un ocntact msn. avast ne l'a pas detecté, mais spybot oui, mais malgré cela, je n'arrive pas à m'en debarrasser...
au début, seuls mes contacts étaient embetés, car ils recevaient des dossiers infectés. maitenant, lorsque je me connecte, des fenetres msn souvrent et se ferment, et je ne peux plus parler à mes contacts.
j'ai seinstaller et reinstaller msn, mais rien. ensuite, j'ai fait restauré mon systeme à une date antérieur à la contamination par le cheval de troie. mais toujours rien...

j'ai suivi les conseils que j'ai trouvé sur ce forum, à savoir télécharger hijackthis, et voici le rapport: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:29, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svcdllhst.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\44.exe
C:\WINDOWS\system32\aynwc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\38.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\80.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\44.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\60.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft DLL Host Service] svcdllhst.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvGraphicsInterface] C:\DOCUME~1\ADELINE\LOCALS~1\Temp\60.exe
O4 - HKLM\..\Run: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\Run: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\Run: [Remote Service Manager] C:\WINDOWS\mnrsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (gyeymiouo) - Unknown owner - C:\WINDOWS\system32\pisqdash.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

green day · Answer

Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

ade94 · Answer

Meci pour ta réponse, je ne peux pas le faire maintenant, mais des que j'ai téléchager ComboFix, je mets en ligne le rapport!
merci pour ton aide, en esperant que cela fonctionne! 
+++

ade94 · Answer

bonjour, j'ai fait ce que tu m'as dit, voici le rapport. peux tu m'aider a nouveau stp??? ComboFix 08-02.01.1 - ADELINE 2008-01-31 19:54:34.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.429 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Local Settings\Temporary Internet Files\Content.IE5\8PQJ41QV\ComboFix[1].exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-01 to 2008-02.01 )))))))))))))))))))))))))))))))))))) . 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-17 19:43 . 2008-01-17 19:43 131,072 --a------ C:\WINDOWS\system32\AYNWC.EXE 2008-01-17 18:52 . 2008-01-22 18:18 131,072 --a------ C:\WINDOWS\system32\pisqdash.exe 2008-01-17 18:52 . 2008-01-17 18:52 131,072 --a------ C:\WINDOWS\system32\opwmetea.exe 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 21:30 . 2008-01-11 21:30 d--hs---- C:\FOUND.008 2008-01-11 20:18 . 2008-01-11 20:18 d--hs---- C:\FOUND.007 2008-01-11 20:10 . 2008-01-11 20:10 d--hs---- C:\FOUND.006 2008-01-11 20:05 . 2008-01-11 20:05 d--hs---- C:\FOUND.005 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-11 19:59 . 2008-01-11 19:59 d--hs---- C:\FOUND.004 2008-01-10 21:15 . 2008-01-10 20:14 73,216 -r-hs---- C:\WINDOWS\system32\svcdllhst.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 19:44 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\DivX 2007-12-02 21:04 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\LG Electronics 2007-12-02 21:01 --------- d-----w C:\Program Files\LG Electronics 2007-12-02 21:00 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-02 20:59 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\InstallShield 2007-12-01 16:41 --------- d-----w C:\Program Files\Audacity 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "Microsoft DLL Host Service"="svcdllhst.exe" [2008-01-10 20:14 73216 C:\WINDOWS\system32\svcdllhst.exe] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [2008-01-17 18:52 131072] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [2008-01-17 19:43 131072] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [2008-01-22 18:18 131072] "Remote Service Manager"="C:\WINDOWS\mnrsvc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S2 gyeymiouo;Print Spooler Service;C:\WINDOWS\system32\pisqdash.exe [2008-01-22 18:18] S3 Aho53;Aho53;C:\WINDOWS\System32\drivers\Aho53.sys [] S3 Bip75;Bip75;C:\WINDOWS\System32\drivers\Bip75.sys [] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] S3 Ipw31;Ipw31;C:\WINDOWS\System32\drivers\Ipw31.sys [] S3 Sye30;Sye30;C:\WINDOWS\System32\drivers\Sye30.sys [] S3 Tbi86;Tbi86;C:\WINDOWS\System32\drivers\Tbi86.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-01 18:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-01 19:55:51 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-01 19:56:10 . 2008-01-30 20:27:28 --- E O F ---

green day · Answer

ok,

Télécharge MSNFix.zip (de !aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau. 
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau. 
Exécute l'option R. 
Si l'infection est détectée, un message apparaitra 
Pour lancer le nettoyage, il suffit d'appuyer sur n'importe quelle lettre du clavier puis valider par Entrée 
Sauvegarde ce rapport sur ton bureau. 

Poste moi ce rapport dans ta prochaine réponse ainsi qu'un nouveau log hijackthis 

++

ade94 · Answer

voici le rapport de msnfix: 

MSNFix 1.649  
 
C:\Documents and Settings\ADELINE\Bureau\MSNFix\MSNFix 
Fix exécuté le 01/02/2008 - 21:08:00,95 By ADELINE 
mode normal    
    
************************ Recherche les fichiers présents      
    
... $$ Service Found $$ ... gyeymiouo
... C:\DOCUME~1\ADELINE\LOCALS~1\Temp\??.exe 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
... $$ Service gyeymiouo deleted  ... gyeymiouo
.. OK ... C:\WINDOWS\system32\aynwc.exe  
.. OK ... C:\WINDOWS\system32\aynwc.exe  
.. OK ... C:\DOCUME~1\ADELINE\LOCALS~1\Temp\??.exe  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\DOCUME~1\ADELINE\LOCALS~1\Temp\foto.zip] A6F32F64E54913052203CE05C3C9616F 

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier  [b] C:\DOCUME~1\ADELINE\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01022008_21112528.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 
 



et voici celui de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:34, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\opwmetea.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\Run: [Remote Service Manager] C:\WINDOWS\mnrsvc.exe
O4 - HKLM\..\Run: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKLM\..\RunServices: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\RunServices: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\RunServices: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (gyeymiouo) - Unknown owner - C:\WINDOWS\system32\pisqdash.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

green day · Answer

ok,

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 


++

ade94 · Answer

alors, voila le rapport de SDFix : 



SDFix: Version 1.135

Run by ADELINE on 31/01/2008 at 22:01

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\ADELINE\Bureau\SDFix

Safe Mode:
Checking Services: 

Name:
gyeymiouo

Path:
C:\WINDOWS\system32\pisqdash.exe /service

gyeymiouo - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\svcdllhst.exe  - Deleted





Removing Temp Files...

ADS Check:

 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:08:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\DOCUME~1\ADELINE\LOCALS~1\Temp\53.exe"="C:\DOCUME~1\ADELINE\LOCALS~1\Temp\53.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\DOCUME~1\ADELINE\LOCALS~1\Temp\72.exe"="C:\DOCUME~1\ADELINE\LOCALS~1\Temp\72.exe:*:Enabled:@xpsp2res.dll,-22005"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\ADELINE\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu  8 Feb 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue  7 Feb 2006       299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 25 Apr 2005        61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Thu  4 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT2.tmp"
Sun 20 Jan 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT3.tmp"
Sat 27 Jan 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished! 




et celui de log Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:51, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\opwmetea.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\Run: [Remote Service Manager] C:\WINDOWS\mnrsvc.exe
O4 - HKLM\..\Run: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKLM\..\RunServices: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\RunServices: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\RunServices: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (gyeymiouo) - Unknown owner - C:\WINDOWS\system32\pisqdash.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

green day · Answer

ok, fais ce qui est indiqué ici stp :

 http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

ade94 · Answer

bon, j'ai lancé ce que tu m'as dit, mais visiblement, ça peut prendre pas mal de temps, donc je ne suis pas sure de poster ce soir les rapport! au pire, je les mets demain matin.

en tout cas merci beaucoup d'avoir pris le temps de m'aider!

+++

green day · Answer

oula ! oui pas besoin de faire tout ce soir ! :)

 @demain

ade94 · Answer

voici le rapport de AVG : 

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	06:46:30 01/02/2008

 + Résultat de l'analyse:	



HKLM\SYSTEM\ControlSet001\Control\Video\{034B0BCC-EE82-4BE5-ACA8-7DDD2EE1DF35}\0000\_simcity 4.exe:D3DOGL_67207556 -> Adware.RXToolbar : Ignoré.
C:\FOUND.006\FILE0002.CHK -> Downloader.Agent.hbs : Ignoré.
C:\FOUND.007\FILE0000.CHK -> Downloader.Agent.hbs : Ignoré.
C:\FOUND.004\FILE0001.CHK -> Dropper.Agent.dnu : Ignoré.
C:\FOUND.005\FILE0004.CHK -> Dropper.Agent.dnu : Ignoré.
C:\FOUND.006\FILE0000.CHK -> Dropper.Agent.dnu : Ignoré.
C:\Documents and Settings\ADELINE\Cookies\adeline@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.


Fin du rapport



celui de bitdefender

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	06:46:30 01/02/2008

 + Résultat de l'analyse:	



HKLM\SYSTEM\ControlSet001\Control\Video\{034B0BCC-EE82-4BE5-ACA8-7DDD2EE1DF35}\0000\_simcity 4.exe:D3DOGL_67207556 -> Adware.RXToolbar : Ignoré.
C:\FOUND.006\FILE0002.CHK -> Downloader.Agent.hbs : Ignoré.
C:\FOUND.007\FILE0000.CHK -> Downloader.Agent.hbs : Ignoré.
C:\FOUND.004\FILE0001.CHK -> Dropper.Agent.dnu : Ignoré.
C:\FOUND.005\FILE0004.CHK -> Dropper.Agent.dnu : Ignoré.
C:\FOUND.006\FILE0000.CHK -> Dropper.Agent.dnu : Ignoré.
C:\Documents and Settings\ADELINE\Cookies\adeline@advertising[1].txt -> TrackingCookie.Advertising : Ignoré.


Fin du rapport




et enfin, celui de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:17, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\RunServices: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\RunServices: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (gyeymiouo) - Unknown owner - C:\WINDOWS\system32\pisqdash.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

green day · Answer

as tu supprimé ce qu'avg a trouvé ??

 tu as mis deux fois celui d'avg ! :)

++

ade94 · Answer

oups désolée!

BitDefender Online Scanner
  
  
 
Scan report generated at: Fri, Feb 01, 2008 - 07:45:48
 
 
  
  
 
Scan path: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 00:52:26
 
Files
 157773
 
Folders
 4616
 
Boot Sectors
 4
 
Archives
 7582
 
Packed Files
 11276
 
  
  
 
Results
 
Identified Viruses 
 4
 
Infected Files 
 24
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 24
 
  
  
 
Engines Info
 
Virus Definitions
 978494
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 16
 
Archive plugins
 41
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 5
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\FOUND.004\FILE0001.CHK
 Infected with: Trojan.Downloader.Agent.YZD
 
C:\FOUND.004\FILE0001.CHK
 Deleted
 
C:\FOUND.005\FILE0004.CHK
 Infected with: Trojan.Downloader.Agent.YZD
 
C:\FOUND.005\FILE0004.CHK
 Deleted
 
C:\FOUND.006\FILE0000.CHK
 Infected with: Trojan.Downloader.Agent.YZD
 
C:\FOUND.006\FILE0000.CHK
 Deleted
 
C:\FOUND.006\FILE0002.CHK
 Infected with: Trojan.Downloader.Agent.YZD
 
C:\FOUND.006\FILE0002.CHK
 Deleted
 
C:\FOUND.007\FILE0000.CHK
 Infected with: Trojan.Downloader.Agent.YZD
 
C:\FOUND.007\FILE0000.CHK
 Deleted
 
C:\WINDOWS\system32\opwmetea.exe
 Infected with: Backdoor.Oderoor.F
 
C:\WINDOWS\system32\opwmetea.exe
 Deleted
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\incl\service.zip=>incl/service/AYNWC.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\incl\service.zip=>incl/service/AYNWC.EXE
 Deleted
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\incl\service.zip
 Updated
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\01022008_21112528.zip=>backup/AYNWC.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\01022008_21112528.zip=>backup/AYNWC.EXE
 Deleted
 
C:\Documents and Settings\ADELINE\Bureau\virus\MSNFix\MSNFix\01022008_21112528.zip
 Updated
 
C:\Documents and Settings\ADELINE\Bureau\virus\Upload_Me.zip=>DOCUME~1/ADELINE/Bureau/Upload_Me/AYNWC.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\Documents and Settings\ADELINE\Bureau\virus\Upload_Me.zip=>DOCUME~1/ADELINE/Bureau/Upload_Me/AYNWC.EXE
 Deleted
 
C:\Documents and Settings\ADELINE\Bureau\virus\Upload_Me.zip
 Updated
 
C:\Documents and Settings\ADELINE\Bureau\virus\SDFix\backups\backups.zip=>backups/svcdllhst.exe
 Infected with: Trojan.Agent.AGMD
 
C:\Documents and Settings\ADELINE\Bureau\virus\SDFix\backups\backups.zip=>backups/svcdllhst.exe
 Deleted
 
C:\Documents and Settings\ADELINE\Bureau\virus\SDFix\backups\backups.zip
 Updated
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0052570.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0052570.EXE
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0053002.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0053002.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0053003.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP202\A0053003.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053362.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053362.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053771.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053771.EXE
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053772.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP203\A0053772.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055034.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055034.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055045.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055045.EXE
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055046.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055046.EXE
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055176.exe
 Infected with: Trojan.Agent.AGMD
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055176.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055186.exe
 Infected with: Trojan.Agent.AGMD
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055186.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055534.exe
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055534.exe
 Deleted
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055535.EXE
 Infected with: Backdoor.Oderoor.F
 
C:\System Volume Information\_restore{894F5171-B6A3-4D78-865D-C5CA36A69F86}\RP205\A0055535.EXE
 Deleted
 
D:\logiciel\ProShow Gold 3.2 + Serial	mg-psg2.exe
 Infected with: Packer.FSG.A
 
D:\logiciel\ProShow Gold 3.2 + Serial	mg-psg2.exe
 Disinfection failed
 
D:\logiciel\ProShow Gold 3.2 + Serial	mg-psg2.exe
 Deleted
 
  
 
 
j'ai tellement de rapports.... je pense que c'est celui la que tu veux

green day · Answer

oui c'est bien celui-ci !

 as tu supprimé tout ce qu'avg a trouvé ??

++

ade94 · Answer

j'ai rien supprimé , mais je ne sais pas ou ça a été enregistré...

green day · Answer

à refaire ! :p

 et supprime tout !

ade94 · Answer

est ce que je dois relancer le scan de AVG uniquement, ou tout les scans?

green day · Answer

seulement avg !

++

ade94 · Answer

heu... j'ai un soucis! j'ai relancé l'analyse avec AVG et j'ai fait supprimer et appliquer toutes les actions, et pourtant ca met : 

Adware.RXToolbar    ok     moyen
TrackingCookie.Advertising    ignoré    moyen
TrackingCookie.Netflame    ignoré    moyen
TrackingCookie.Atdmt   ignoré    moyen


et je sais pas ou est le rapport

désolée, je suis pas tres douée...

green day · Answer

ok,

Télécharge BTFix de bibi26 
http://cluster1.easy-hebergement.net/ 
Dézippe l'archive sur ton Bureau (clic droit/extraire…) 
Ouvre le dossier BTFix 
Double clique sur BTFix.exe 
Clique sur Rechercher 
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse 

++

ade94 · Answer

ca met qu'il n'y a pas dinfection détectée et le rapport est le suivant : 
BTFix 1.072 (par bibi26) - 01/02/2008 21:02:33 - Analyse
Lancé depuis C:\Documents and Settings\ADELINE\Bureau\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée

green day · Answer

très bien

poste un nouveau hijack et précise l'évolution de la situation 

++

ade94 · Answer

qu'entends tu par préciser ll'évolution de la situation ?

rapport de Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:32, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack	osBtProc.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADELINE\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [pisqdash] C:\WINDOWS\system32\pisqdash.exe
O4 - HKLM\..\RunServices: [opwmetea] C:\WINDOWS\system32\opwmetea.exe
O4 - HKLM\..\RunServices: [aynwc] C:\WINDOWS\system32\aynwc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Print Spooler Service (gyeymiouo) - Unknown owner - C:\WINDOWS\system32\pisqdash.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

green day · Answer

où en sont tes soucis de troyens ??

@demain

ade94 · Answer

pour le moment, quand j'ouvre msn, je n'ai plus le soucis des fenetres qui s'ouvrent. et je peux parler a mes contacts sans probleme!
par contre je ne sais pas si ils recoivent toujours des virus venant de mon pseudo! je me renseigne et je posterai demain!
merci
bonne soirée

ade94 · Answer

bon, j'envoi toujours des fichiers infectés à mes contacts msn....

green day · Answer

Salut

alors ça ! c'est vraiment pas bien !! :)

 j'ai loupé ceci :

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ADELINE\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr


rends toi sur cette adresse : clic sur parcourir :

C:\DOCUME~1\ADELINE\Bureau\Upload_Me.zip et envoie le dossier en gras qui ce situe sur ton bureau !

et poste un nouveau rapport combo stp

++

ade94 · Answer

ComboFix 08-02.02.5 - ADELINE 2008-02-02 13:22:22.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.397 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))))))) . 2008-02-01 20:43 . 2008-02-01 20:43 d--hs---- C:\FOUND.009 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 21:30 . 2008-01-11 21:30 d--hs---- C:\FOUND.008 2008-01-11 20:18 . 2008-01-11 20:18 d--hs---- C:\FOUND.007 2008-01-11 20:10 . 2008-01-11 20:10 d--hs---- C:\FOUND.006 2008-01-11 20:05 . 2008-01-11 20:05 d--hs---- C:\FOUND.005 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-11 19:59 . 2008-01-11 19:59 d--hs---- C:\FOUND.004 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 19:44 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\DivX 2007-12-02 21:04 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\LG Electronics 2007-12-02 21:01 --------- d-----w C:\Program Files\LG Electronics 2007-12-02 21:00 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-02 20:59 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\InstallShield 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S2 gyeymiouo;Print Spooler Service;C:\WINDOWS\system32\pisqdash.exe [] S3 Aho53;Aho53;C:\WINDOWS\System32\drivers\Aho53.sys [] S3 Bip75;Bip75;C:\WINDOWS\System32\drivers\Bip75.sys [] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] S3 Ipw31;Ipw31;C:\WINDOWS\System32\drivers\Ipw31.sys [] S3 Sye30;Sye30;C:\WINDOWS\System32\drivers\Sye30.sys [] S3 Tbi86;Tbi86;C:\WINDOWS\System32\drivers\Tbi86.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - ASLM75 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-02 11:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 13:23:33 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-02 13:24:03 ComboFix2.txt 2008-02-01 18:56:12 . 2008-02-01 22:06:52 --- E O F ---

ade94 · Answer

oups, j'ai oublié de le fair een mode sans echec, donc je l'ai refait, ca donne : ComboFix 08-02.02.5 - ADELINE 2008-02-02 13:30:25.4 - [color=red][b]FAT32[/b][/color]x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.799 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))))))) . 2008-02-01 20:43 . 2008-02-01 20:43 d--hs---- C:\FOUND.009 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 21:30 . 2008-01-11 21:30 d--hs---- C:\FOUND.008 2008-01-11 20:18 . 2008-01-11 20:18 d--hs---- C:\FOUND.007 2008-01-11 20:10 . 2008-01-11 20:10 d--hs---- C:\FOUND.006 2008-01-11 20:05 . 2008-01-11 20:05 d--hs---- C:\FOUND.005 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-11 19:59 . 2008-01-11 19:59 d--hs---- C:\FOUND.004 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 19:44 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\DivX 2007-12-02 21:04 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\LG Electronics 2007-12-02 21:01 --------- d-----w C:\Program Files\LG Electronics 2007-12-02 21:00 --------- d-----w C:\Program Files\LG PC Suite 2 2007-12-02 20:59 --------- d-----w C:\Documents and Settings\ADELINE\Application Data\InstallShield 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00 160768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S2 gyeymiouo;Print Spooler Service;C:\WINDOWS\system32\pisqdash.exe [] S3 Aho53;Aho53;C:\WINDOWS\System32\drivers\Aho53.sys [] S3 Bip75;Bip75;C:\WINDOWS\System32\drivers\Bip75.sys [] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] S3 Ipw31;Ipw31;C:\WINDOWS\System32\drivers\Ipw31.sys [] S3 Sye30;Sye30;C:\WINDOWS\System32\drivers\Sye30.sys [] S3 Tbi86;Tbi86;C:\WINDOWS\System32\drivers\Tbi86.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-02 11:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-02 13:32:32 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-02 13:33:02 ComboFix3.txt 2008-02-01 18:56:12 ComboFix2.txt 2008-02-02 12:24:06 . 2008-02-01 22:06:52 --- E O F ---

green day · Answer

ak, as tu envoyé le dossier Upload_Me.zip comme indiqué ??

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras : 

File:: 

C:\FOUND.009 
C:\FOUND.008
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004 
C:\WINDOWS\system32\pisqdash.exe
C:\WINDOWS\system32\opwmetea.exe
C:\WINDOWS\system32\aynwc.exe
C:\WINDOWS\system32\pisqdash.exe
C:\WINDOWS\System32\drivers\Aho53.sys 
C:\WINDOWS\System32\drivers\Bip75.sys 
C:\WINDOWS\System32\drivers\Ipw31.sys 
C:\WINDOWS\System32\drivers\Sye30.sys 
C:\WINDOWS\System32\drivers\Tbi86.sys 

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"pisqdash"="-
"opwmetea"="-
"aynwc"="-

driver::

gyeymiouo
Aho53
 Bip75
Ipw31
Sye30
Tbi86

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : 
http://img.bleepingcomputer.com/combofix/usage/rc.gif


Dans la fenêtre qui suit, choisie l'option 1 puis valide 
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal ! 
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt ) 

++

ade94 · Answer

oui c'est bien ca!

green day · Answer

??

ade94 · Answer

Salut, désolée de mon absence sur le forum ses derneris jours! le dernier message que j'ai posté était incomplet... voici le rapport : ComboFix 08-02.02.5 - ADELINE 2008-02-06 21:13:06.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.363 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe Command switches used :: C:\Documents and Settings\ADELINE\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE C:\FOUND.004 C:\FOUND.005 C:\FOUND.006 C:\FOUND.007 C:\FOUND.008 C:\FOUND.009 C:\WINDOWS\system32\aynwc.exe C:\WINDOWS\System32\drivers\Aho53.sys C:\WINDOWS\System32\drivers\Bip75.sys C:\WINDOWS\System32\drivers\Ipw31.sys C:\WINDOWS\System32\drivers\Sye30.sys C:\WINDOWS\System32\drivers\Tbi86.sys C:\WINDOWS\system32\opwmetea.exe C:\WINDOWS\system32\pisqdash.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))))))) . 2008-02-03 20:10 . 2008-02-03 20:10 d--hs---- C:\FOUND.010 2008-02-01 20:43 . 2008-02-01 20:43 d--hs---- C:\FOUND.009 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 21:30 . 2008-01-11 21:30 d--hs---- C:\FOUND.008 2008-01-11 20:18 . 2008-01-11 20:18 d--hs---- C:\FOUND.007 2008-01-11 20:10 . 2008-01-11 20:10 d--hs---- C:\FOUND.006 2008-01-11 20:05 . 2008-01-11 20:05 d--hs---- C:\FOUND.005 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-11 19:59 . 2008-01-11 19:59 d--hs---- C:\FOUND.004 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - ASLM75 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-05 20:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" sinon, je n'envoie plus de virus a mes contacts. cela veut peut etre dire que je n'en ai plus? bonne soirée

green day · Answer

Salut

 ça ne semble pas avoir fonctionner ...peut être bien parce que je n'ai pas mis l'attribue driver ...

télécharge OTMoveIt (de Old_Timer) sur ton Bureau : 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 


C:\FOUND.004
C:\FOUND.005
C:\FOUND.006
C:\FOUND.007
C:\FOUND.008
C:\FOUND.009
C:\WINDOWS\system32\aynwc.exe
C:\WINDOWS\System32\drivers\Aho53.sys
C:\WINDOWS\System32\drivers\Bip75.sys
C:\WINDOWS\System32\drivers\Ipw31.sys
C:\WINDOWS\System32\drivers\Sye30.sys
C:\WINDOWS\System32\drivers\Tbi86.sys
C:\WINDOWS\system32\opwmetea.exe
C:\WINDOWS\system32\pisqdash.exe

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre Results. 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 
il te sera peut-être demander de redémarrer le pc pour achever la suppression. 
si c'est le cas accepte par Yes.


ensuite : 

télécharge clean.zip (de Malekal_morte) : http://www.malekal.com/download/clean.zip 

* Décompressez le fichier sur le bureau (clic droit / extraire tout), afin d’obtenir un dossier nommé clean. 
* Ouvrez le dossier Clean qui se trouve sur votre bureau et faire un double-cliquez sur clean.cmd. 
* Une fenêtre noire va apparaître, choisissez l'option 1, un rapport sera crée sous la racine : C:\rapport_clean.txt, poste le stp 


++

ade94 · Answer

alors : 

C:\FOUND.004 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.009 moved successfully.
File/Folder C:\WINDOWS\system32\aynwc.exe not found.
File/Folder C:\WINDOWS\System32\drivers\Aho53.sys not found.
File/Folder C:\WINDOWS\System32\drivers\Bip75.sys not found.
File/Folder C:\WINDOWS\System32\drivers\Ipw31.sys not found.
File/Folder C:\WINDOWS\System32\drivers\Sye30.sys not found.
File/Folder C:\WINDOWS\System32\drivers\Tbi86.sys not found.
File/Folder C:\WINDOWS\system32\opwmetea.exe not found.
File/Folder C:\WINDOWS\system32\pisqdash.exe not found.
 
OTMoveIt2 v1.0.17 log created on 02062008_213437


et : 


 2008-02-06 a 21:36:56.29 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32

green day · Answer

le 2ème n'est pas complet ! est-ce qu'il t'a trouvé quelque chose ??

 poste un nouveau combo stp

++

ade94 · Answer

voila : ComboFix 08-02.02.5 - ADELINE 2008-02-07 19:25:59.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.378 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))))))) . 2008-02-06 21:34 . 2008-02-06 21:34 d-------- C:\_OTMoveIt 2008-02-03 20:10 . 2008-02-03 20:10 d--hs---- C:\FOUND.010 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - ASLM75 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-05 20:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 19:27:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-07 19:27:38 ComboFix4.txt 2008-02-01 18:56:12 ComboFix3.txt 2008-02-02 12:24:06 ComboFix2.txt 2008-02-02 12:33:06 ComboFix-quarantined-files.txt 2008-02-07 18:27:38 . 2008-02-01 22:06:52 --- E O F ---

green day · Answer

Salut


Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras : 


file::

C:\FOUND.010 
C:\WINDOWS\system32\aynwc.exe" [ ]
C:\WINDOWS\system32\opwmetea.exe" [ ]
C:\WINDOWS\system32\pisqdash.exe" [ ]

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"pisqdash"="-
"opwmetea"="-
"aynwc"="-


ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : 
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide 
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal ! 
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt ) 

++

ade94 · Answer

salut, voici le rapport ComboFix 08-02.02.5 - ADELINE 2008-02-08 21:28:42.7 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.406 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe Command switches used :: C:\Documents and Settings\ADELINE\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))))))) . 2008-02-06 21:34 . 2008-02-06 21:34 d-------- C:\_OTMoveIt 2008-02-03 20:10 . 2008-02-03 20:10 d--hs---- C:\FOUND.010 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\drivers\Ip6Fw.sys 2008-01-11 20:02 . 2004-08-05 14:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys 2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe 2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-08 19:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 21:30:03 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-08 21:30:20 ComboFix5.txt 2008-02-01 18:56:12 ComboFix4.txt 2008-02-02 12:24:06 ComboFix3.txt 2008-02-02 12:33:06 ComboFix-quarantined-files.txt 2008-02-08 20:30:18 ComboFix2.txt 2008-02-07 18:27:40 . 2008-02-01 22:06:52 --- E O F ---

green day · Answer

Salut

 ça n'a pas bien fonctionné ! :/

mais je pense avoir fais une erreur dans le script !

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :


file::

C:\FOUND.010
C:\WINDOWS\system32\aynwc.exe
C:\WINDOWS\system32\opwmetea.exe
C:\WINDOWS\system32\pisqdash.exe

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"pisqdash"="-
"opwmetea"="-
"aynwc"="-


ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation :
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

++

ade94 · Answer

bonsoir, voici le rapport : ComboFix 08-02-13.2 - ADELINE 2008-02-13 19:17:54.8 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.323 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe Command switches used :: C:\Documents and Settings\ADELINE\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE C:\FOUND.010 C:\WINDOWS\system32\aynwc.exe C:\WINDOWS\system32\opwmetea.exe C:\WINDOWS\system32\pisqdash.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))))))) . 2008-02-13 19:14 . 2008-02-13 19:15 d-------- C:\WINDOWS\LastGood 2008-02-06 21:34 . 2008-02-06 21:34 d-------- C:\_OTMoveIt 2008-02-03 20:10 . 2008-02-03 20:10 d--hs---- C:\FOUND.010 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-12 20:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 19:19:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-13 19:19:25 ComboFix5.txt 2008-02-02 12:24:06 ComboFix4.txt 2008-02-02 12:33:06 ComboFix-quarantined-files.txt 2008-02-13 18:19:22 ComboFix3.txt 2008-02-07 18:27:40 ComboFix2.txt 2008-02-08 20:30:22 . 2008-02-01 22:06:52 --- E O F ---

green day · Answer

Salut

 non, toujours pas ! :/

télécharge OTMoveIt (de Old_Timer) sur ton Bureau : 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 



C:\FOUND.010
C:\WINDOWS\system32\aynwc.exe
C:\WINDOWS\system32\opwmetea.exe
C:\WINDOWS\system32\pisqdash.exe


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre Results. 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 
il te sera peut-être demander de redémarrer le pc pour achever la suppression. 
si c'est le cas accepte par Yes.

++

ade94 · Answer

voila, c'est fait : 

C:\FOUND.010 moved successfully.
File/Folder C:\WINDOWS\system32\aynwc.exe not found.
File/Folder C:\WINDOWS\system32\opwmetea.exe not found.
File/Folder C:\WINDOWS\system32\pisqdash.exe not found.
 
OTMoveIt2 v1.0.20 log created on 02132008_210115



il y a que ça

green day · Answer

ok, poste un nouveau combo stp

++

ade94 · Answer

ca donne : ComboFix 08-02-13.2 - ADELINE 2008-02-13 21:08:57.9 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.421 [GMT 1:00] Endroit: C:\Documents and Settings\ADELINE\Bureau\virus\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))))))) . 2008-02-06 21:34 . 2008-02-06 21:34 d-------- C:\_OTMoveIt 2008-02-01 06:48 . 2008-02-01 06:48 d-------- C:\WINDOWS\BDOSCAN8 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-31 22:36 . 2008-01-31 22:36 d-------- C:\Documents and Settings\ADELINE\Application Data\Grisoft 2008-01-31 22:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-31 22:24 . 2008-01-31 22:24 d-------- C:\Program Files\CCleaner 2008-01-31 21:59 . 2008-01-31 21:59 d-------- C:\WINDOWS\ERUNT 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-23 20:58 . 2008-01-23 20:58 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-21 18:55 . 2008-01-21 18:55 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-01-20 21:37 . 2008-01-20 21:37 d-------- C:\Program Files\Windows Live Safety Center 2008-01-20 21:04 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-20 21:04 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-20 21:04 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-20 21:04 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-20 21:04 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-20 21:04 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-20 21:04 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-20 21:04 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-20 19:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\MUCLTUI.DLL 2008-01-20 19:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-01-20 19:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-19 21:58 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-19 21:57 . 2008-01-19 21:58 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Program Files\Windows Live 2008-01-19 21:44 . 2008-01-19 21:44 d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-01-19 21:44 . 2008-01-19 21:44 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-15 21:20 . 2008-01-15 21:20 d-------- C:\divx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe 2007-11-27 10:33 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT 2007-11-27 10:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-01-23 19:55 17,144 ----a-w C:\Documents and Settings\ADELINE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 11:23 68856] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-10-10 11:22 376912] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 23:40 106496] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216] "nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38 49152] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-12-07 10:22 17920] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440] "SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "pisqdash"="C:\WINDOWS\system32\pisqdash.exe" [ ] "opwmetea"="C:\WINDOWS\system32\opwmetea.exe" [ ] "aynwc"="C:\WINDOWS\system32\aynwc.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\ADELINE\Menu D‚marrer\Programmes\D‚marrage\ MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-27 20:51:26 4571136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 22:05:26 29696] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-17 18:54:17 124912] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-11-25 02:31:38 118784] S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12591255-1603-11dc-a306-0017310a365a}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - ASLM75 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-16 19:30:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-13 18:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 21:10:26 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-13 21:10:58 ComboFix5.txt 2008-02-02 12:33:06 ComboFix-quarantined-files.txt 2008-02-13 20:10:56 ComboFix4.txt 2008-02-07 18:27:40 ComboFix3.txt 2008-02-08 20:30:22 ComboFix2.txt 2008-02-13 18:19:26 . 2008-02-01 22:06:52 --- E O F ---

green day · Answer

ça ne fonctionne toujours pas ! :/

 je vais me renseigner !

@+

green day · Answer

Salut

 c'est bon, erreur d'interprétation !

 où en sont tes soucis ??

++

ade94 · Answer

ecoute, ça a l'air d'aller, je n'envoie plus de virus via msn apparement!
merci pour ton aide!

si mes problemes sont réglés, est ce que je peux desinstaller tout ce que tu 'as fait installé?

green day · Answer

oui, c'est bon, tu peux tout supprimer !

==> à lire : http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

@+

ade94 · Answer

ok, bah en tout cas, merci beaucoup pour ton aide!!!!!!!!!!!!

bonne soirée

green day · Answer

;-))

Virus win32.tiny

51 réponses

Discussions similaires