Votre question

[Resolu] Fenetres intespestives, pc lent... Virus, Spyware d'où...

Tags :
  • Spyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Avril 2008 13:24:23

Bonjour à toutes et à tous,

Il y a quelques jours j'ai téléchargé un soit disant crack sur un site.

Depuis j'ai des fenêtre qui s'ouvrent me disant qu'il y a des erreurs dans Windows, que je suis infecté par un spyware ou un trojan, et me demandant d'acheter ou de télécharger un logiciel anti spyware ou anti virus. Biensur je ferme les fenêtres quand elles apparaissent.

J'ai utilisé tous ces logiciel sans succès : CCleaner, Spybot, Ad-Aware, a-squared, AVG Anti-Spyware, Windows Defender et bien évidemment un anti virus : Avast.
En vain, ça n'a rien changé.

Voici les fenêtres qui s'ouvrent de temps en temps et qui sont bien gênantes :






En espérant que vous pourrez m'aider, je vous souhaite une bonne journée.

Merci, à bientôt. :hello: 

PS : je suis sous XP.

Autres pages sur : resolu fenetres intespestives lent virus spyware

7 Avril 2008 14:16:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\All Users\Application Data\jchefsxm\hwnmnkjg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\yjudynif.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX02.579\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mskoscdf] C:\WINDOWS\system32\nefudubm.exe
O4 - HKCU\..\Run: [apbrpfst] C:\WINDOWS\system32\yjudynif.exe
O4 - HKLM\..\Policies\Explorer\Run: [BAl0jVsFBP] C:\Documents and Settings\All Users\Application Data\jchefsxm\hwnmnkjg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 10753 bytes
Contenus similaires
a b 8 Sécurité
7 Avril 2008 14:25:31

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    7 Avril 2008 15:38:27

    Re, ça ne marche pas.
    Rien ne s'écrit je vois toujours la fenêtre bleu...
    a b 8 Sécurité
    7 Avril 2008 17:54:39

    Bizarre...

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    8 Avril 2008 11:39:17

    Bonjour,

    Voici le rapport mbam


    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 598

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 95981
    Temps écoulé: 1 hour(s), 51 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Softomate) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\nefudubm.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\yjudynif.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\knsjmtqv.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\All Users\Application Data\jchefsxm\hwnmnkjg.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\utilisateur\Local Settings\Temp\nyps4.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
    C:\Program Files\Fichiers communs\System\aux (Trojan.Agent) -> No action taken.
    a b 8 Sécurité
    8 Avril 2008 12:25:19

    Tu as bien supprimé les infections ?
    8 Avril 2008 12:28:28

    Oui j'ai bien mis supprimé les infections mais elles sont toujours là .... J'ai toujours ces fenêtres qui s'ouvrent.
    a b 8 Sécurité
    8 Avril 2008 18:16:29

    Reposte un rapport Hijackthis.
    8 Avril 2008 20:23:02

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:22:09, on 08/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\jchefsxm\hwnmnkjg.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\nefudubm.exe
    c:\WINDOWS\system32\SgLogPlayer.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Valve\Steam\Steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
    O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
    O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [mskoscdf] C:\WINDOWS\system32\nefudubm.exe
    O4 - HKCU\..\Run: [apbrpfst] C:\WINDOWS\system32\yjudynif.exe
    O4 - HKCU\..\Run: [ibtfvejs] C:\WINDOWS\system32\knsjmtqv.exe
    O4 - HKLM\..\Policies\Explorer\Run: [BAl0jVsFBP] C:\Documents and Settings\All Users\Application Data\jchefsxm\hwnmnkjg.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
    O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
    O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

    --
    End of file - 10406 bytes



    PS : Merci beaucoup poour ton aide Angeldark
    a b 8 Sécurité
    8 Avril 2008 21:09:26

    On continue.

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    11 Avril 2008 00:27:06

    Salut, désolé pour le retard : Combofix a enfin voulu marcher !
    Voici le rapport (par contre j'ai oublié de désactiver mon antivirus :pfff:  )

    ComboFix 08-04-06.1 - utilisateur 2008-04-11 0:09:14.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.161 [GMT 2:00]
    Endroit: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\utilisateur\Bureaublackbird.jpg
    C:\Documents and Settings\utilisateur\BureauEditorFKWP1.5.exe
    C:\Documents and Settings\utilisateur\BureauEditorFKWP2.0.exe
    C:\Documents and Settings\utilisateur\Bureaufilemanagerclient.exe
    C:\Documents and Settings\utilisateur\Bureaufkwp1.5.exe
    C:\Documents and Settings\utilisateur\Bureaufkwp2.0.exe
    C:\Documents and Settings\utilisateur\Bureaufwebd.exe
    C:\Documents and Settings\utilisateur\BureauFWebdEditor.exe
    C:\Documents and Settings\utilisateur\BureauTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\utilisateur\Bureauvirii
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\system32h@tkeysh@@k.dll
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32smp
    C:\WINDOWS\system32smp\msrc.exe
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32VBIEWER.OCX
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\Web\def.htm
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-09 17:04 . 2008-04-09 17:04 206 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-09 17:02 . 2008-04-09 17:06 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 22:13 . 2008-04-07 22:13 110,592 --a------ C:\WINDOWS\system32\knsjmtqv.exe
    2008-04-07 12:18 . 2008-04-07 12:18 <REP> d-------- C:\Documents and Settings\utilisateur\.housecall6.6
    2008-04-06 20:10 . 2008-04-06 20:10 110,592 --a------ C:\WINDOWS\system32\yjudynif.exe
    2008-04-06 11:18 . 2008-04-09 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\jchefsxm
    2008-04-04 09:21 . 2008-04-04 13:19 <REP> d-------- C:\Program Files\VirtualDJ
    2008-04-03 23:14 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-03 23:14 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 17:50 --------- d-----w C:\Program Files\eMule
    2008-04-10 12:19 --------- d-----w C:\Program Files\DivX
    2008-04-10 09:11 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Azureus
    2008-04-09 21:26 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\LimeWire
    2008-04-09 00:31 --------- d-----w C:\Program Files\Azureus
    2008-04-07 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 23:17 --------- d-----w C:\Program Files\a-squared Free
    2008-04-03 21:41 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 15:48 --------- d-----w C:\Program Files\Java
    2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-08 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-08 00:02 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DivX
    2008-03-02 11:44 --------- d-----w C:\Program Files\eBay
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-21 20:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 11:31 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
    2008-02-20 11:31 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-13 23:45 --------- d-----w C:\Program Files\LimeWire
    2008-02-13 09:20 --------- d-----w C:\Program Files\Windows Live
    2008-02-12 16:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-11 11:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-11 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-11 11:05 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-01-20 17:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
    @={ba930330-a721-11d3-a7b9-00500464ee16}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
    @={2030D939-54A7-4fea-9B06-49EA77EFC87F}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
    "apbrpfst"="C:\WINDOWS\system32\yjudynif.exe" [2008-04-06 20:10 110592]
    "ibtfvejs"="C:\WINDOWS\system32\knsjmtqv.exe" [2008-04-07 22:13 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 22:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
    "TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
    "TFncKy"="TFncKy.exe" []
    "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-29 18:23 180269]
    "Startup"="C:\windows\startup.vbs" [2006-08-01 12:20 1032]
    "SgeEcView"="c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48 24576]
    "EdWizard"="c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28 245760]
    "UERLKUP"="c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 14:14 36864]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-29 18:26 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
    SGLogEx.dll 2002-01-22 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
    SGLogNotification.dll 2005-03-31 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
    uercltn.dll 2006-03-29 14:14 77824 C:\WINDOWS\system32\uercltn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "msacm.ac3acm"= ac3acm.acm
    "VIDC.wmv3"= wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Valve\\Steam\\steamapps\\ritch888\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Valve\\Steam\\Steam.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\condition zero\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14654:TCP"= 14654:TCP:Azureus

    R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 18:47]
    R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 18:48]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    S3 bfastfao;bfastfao;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys []
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-10 10:05:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:53 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 00:12:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\uercltn.dll
    -> C:\WINDOWS\system32\USWERRLN.dll
    .
    Temps d'accomplissement: 2008-04-11 0:13:24
    ComboFix-quarantined-files.txt 2008-04-10 22:13:10
    Pre-Run: 15,318,581,248 octets libres
    Post-Run: 15,307,472,896 octets libres
    .
    2008-04-09 23:36:17 --- E O F ---
    a b 8 Sécurité
    11 Avril 2008 12:43:23

    Re,

    Il reste encore des infections.

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\knsjmtqv.exe
    C:\WINDOWS\system32\yjudynif.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "apbrpfst"=-
    "ibtfvejs"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    11 Avril 2008 13:47:04

    Re, dois-je désactiver le pare-feu windows ?
    11 Avril 2008 14:03:46

    Re, voici le log ComboFix

    ComboFix 08-04-06.1 - utilisateur 2008-04-11 13:58:05.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.117 [GMT 2:00]
    Endroit: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\utilisateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\knsjmtqv.exe
    C:\WINDOWS\system32\yjudynif.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\knsjmtqv.exe
    C:\WINDOWS\system32\yjudynif.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-09 17:04 . 2008-04-09 17:04 206 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-09 17:02 . 2008-04-09 17:06 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 12:18 . 2008-04-07 12:18 <REP> d-------- C:\Documents and Settings\utilisateur\.housecall6.6
    2008-04-06 11:18 . 2008-04-09 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\jchefsxm
    2008-04-04 09:21 . 2008-04-04 13:19 <REP> d-------- C:\Program Files\VirtualDJ
    2008-04-03 23:14 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-03 23:14 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-10 17:50 --------- d-----w C:\Program Files\eMule
    2008-04-10 12:19 --------- d-----w C:\Program Files\DivX
    2008-04-10 09:11 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Azureus
    2008-04-09 21:26 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\LimeWire
    2008-04-09 00:31 --------- d-----w C:\Program Files\Azureus
    2008-04-07 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 23:17 --------- d-----w C:\Program Files\a-squared Free
    2008-04-03 21:41 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 15:48 --------- d-----w C:\Program Files\Java
    2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-08 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-08 00:02 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DivX
    2008-03-02 11:44 --------- d-----w C:\Program Files\eBay
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-21 20:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 11:31 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
    2008-02-20 11:31 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-13 23:45 --------- d-----w C:\Program Files\LimeWire
    2008-02-13 09:20 --------- d-----w C:\Program Files\Windows Live
    2008-02-12 16:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-11 11:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-11 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-11 11:05 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-01-20 17:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
    @={ba930330-a721-11d3-a7b9-00500464ee16}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
    @={2030D939-54A7-4fea-9B06-49EA77EFC87F}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 22:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
    "TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
    "TFncKy"="TFncKy.exe" []
    "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-29 18:23 180269]
    "Startup"="C:\windows\startup.vbs" [2006-08-01 12:20 1032]
    "SgeEcView"="c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48 24576]
    "EdWizard"="c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28 245760]
    "UERLKUP"="c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 14:14 36864]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-29 18:26 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
    SGLogEx.dll 2002-01-22 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
    SGLogNotification.dll 2005-03-31 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
    uercltn.dll 2006-03-29 14:14 77824 C:\WINDOWS\system32\uercltn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "msacm.ac3acm"= ac3acm.acm
    "VIDC.wmv3"= wmv9vcm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Valve\\Steam\\steamapps\\ritch888\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Valve\\Steam\\Steam.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\condition zero\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14654:TCP"= 14654:TCP:Azureus

    R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 18:47]
    R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 18:48]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    S3 bfastfao;bfastfao;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys []
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-10 10:05:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:53 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 14:00:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\uercltn.dll
    -> C:\WINDOWS\system32\USWERRLN.dll
    .
    Temps d'accomplissement: 2008-04-11 14:01:22
    ComboFix-quarantined-files.txt 2008-04-11 12:01:13
    ComboFix2.txt 2008-04-10 22:13:25
    Pre-Run: 15,412,932,608 octets libres
    Post-Run: 15,402,221,568 octets libres
    .
    2008-04-09 23:36:17 --- E O F ---
    11 Avril 2008 14:05:23

    Et voici le raport Hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:04, on 11/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    c:\WINDOWS\system32\SgLogPlayer.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.766\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
    O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
    O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
    O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
    O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

    --
    End of file - 9737 bytes
    12 Avril 2008 08:08:27

    Salut,

    Voila le rapport AntiVir


    AntiVir PersonalEdition Classic
    Report file date: vendredi 11 avril 2008 20:59

    Scanning for 1198942 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: utilisateur
    Computer name: CRC_86248674Q

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:21:51
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:21:51
    ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 18:21:51
    AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 18:21:52
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 18:21:52
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 11 avril 2008 20:59

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '49' files ).


    Starting the file scan:

    Begin scan in 'C:\' <WINXP>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\WINDOWS\system32\knsjmtqv.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\yjudynif.exe.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '4874e0c4.qua'!
    C:\System Volume Information\_restore{996C70E0-A140-4C7E-8366-3FEF2D2989EA}\RP403\A0038788.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '482fe21a.qua'!
    C:\System Volume Information\_restore{996C70E0-A140-4C7E-8366-3FEF2D2989EA}\RP403\A0038867.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '482fe229.qua'!
    C:\System Volume Information\_restore{996C70E0-A140-4C7E-8366-3FEF2D2989EA}\RP406\A0039248.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '482fe255.qua'!
    C:\System Volume Information\_restore{996C70E0-A140-4C7E-8366-3FEF2D2989EA}\RP406\A0039249.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '482fe256.qua'!
    C:\WINDOWS\system32\drivers\dtscsi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd2397.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <BOOT>
    Begin scan in 'E:\' <DONNEES>
    E:\Mes Documents\Logiciels\Style XP v3.13 crack p35-2005-04-26.rar
    [0] Archive type: RAR
    --> eclsxp30.exe
    [DETECTION] Contains detection pattern of a probably damaged sample CC/0023
    [INFO] The file was moved to '4878eee2.qua'!


    End of the scan: samedi 12 avril 2008 01:08
    Used time: 4:09:12 min

    The scan has been done completely.

    7095 Scanning directories
    425479 Files were scanned
    7 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    6 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    425472 Files not concerned
    9851 Archives were scanned
    4 Warnings
    3 Notes

    a b 8 Sécurité
    12 Avril 2008 12:22:48

    Reposte un rapport Hijackthis.
    12 Avril 2008 20:56:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:55:31, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    c:\WINDOWS\system32\SgLogPlayer.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
    O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
    O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
    O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
    O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

    --
    End of file - 9710 bytes
    a b 8 Sécurité
    13 Avril 2008 11:17:59

    Refais un scan Combofix.
    14 Avril 2008 10:24:38

    ComboFix 08-04-12.7 - utilisateur 2008-04-14 10:05:12.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.125 [GMT 2:00]
    Endroit: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\systeminfo.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-12 16:48 . 2008-04-12 16:48 <REP> d-------- C:\Program Files\BlazeVideo
    2008-04-12 16:48 . 2008-04-12 16:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BlazeVideo
    2008-04-12 16:48 . 2004-08-04 00:54 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
    2008-04-12 16:48 . 2004-08-04 00:54 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
    2008-04-12 16:48 . 2004-08-04 00:55 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
    2008-04-12 16:48 . 2004-08-04 00:55 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
    2008-04-12 16:48 . 2004-08-04 00:55 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
    2008-04-12 16:48 . 2004-08-04 00:55 33,280 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax
    2008-04-11 20:15 . 2008-04-11 20:15 <REP> d-------- C:\Program Files\Avira
    2008-04-11 20:15 . 2008-04-11 20:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-04-09 17:04 . 2008-04-09 17:04 206 --a------ C:\WINDOWS\system32\MRT.INI
    2008-04-09 17:02 . 2008-04-09 17:06 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
    2008-04-07 23:56 . 2008-04-07 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 12:18 . 2008-04-07 12:18 <REP> d-------- C:\Documents and Settings\utilisateur\.housecall6.6
    2008-04-06 11:18 . 2008-04-09 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\jchefsxm
    2008-04-04 09:21 . 2008-04-04 13:19 <REP> d-------- C:\Program Files\VirtualDJ
    2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
    2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
    2008-03-21 22:30 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 22:30 . 2008-03-21 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 22:30 . 2008-03-21 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 22:30 . 2008-03-21 22:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2008-03-21 22:30 . 2008-03-21 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-14 07:53 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\Azureus
    2008-04-11 17:05 --------- d-----w C:\Program Files\Alwil Software
    2008-04-10 17:50 --------- d-----w C:\Program Files\eMule
    2008-04-10 12:19 --------- d-----w C:\Program Files\DivX
    2008-04-09 21:26 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\LimeWire
    2008-04-09 00:31 --------- d-----w C:\Program Files\Azureus
    2008-04-07 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-06 23:17 --------- d-----w C:\Program Files\a-squared Free
    2008-04-03 21:41 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-02 15:48 --------- d-----w C:\Program Files\Java
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-08 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-08 00:02 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\DivX
    2008-03-02 11:44 --------- d-----w C:\Program Files\eBay
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-21 20:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-20 11:31 49,152 ----a-r C:\WINDOWS\system32\inetwh32.dll
    2008-02-20 11:31 1,044,480 ----a-r C:\WINDOWS\system32\roboex32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-01-20 17:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-04-13_16.10.13,98 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-13 13:58:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-14 08:03:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
    @={ba930330-a721-11d3-a7b9-00500464ee16}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
    @={2030D939-54A7-4fea-9B06-49EA77EFC87F}

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 22:55 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 22:52 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 22:55 118784]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]
    "RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
    "TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
    "TFncKy"="TFncKy.exe" []
    "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-29 18:23 180269]
    "Startup"="C:\windows\startup.vbs" [2006-08-01 12:20 1032]
    "SgeEcView"="c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 18:48 24576]
    "EdWizard"="c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 18:28 245760]
    "UERLKUP"="c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 14:14 36864]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-29 18:26 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-11 20:21 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
    SGLogEx.dll 2002-01-22 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
    SGLogNotification.dll 2005-03-31 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
    uercltn.dll 2006-03-29 14:14 77824 C:\WINDOWS\system32\uercltn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Valve\\Steam\\steamapps\\ritch888\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Valve\\Steam\\Steam.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Valve\\Steam\\steamapps\\tyrix_36\\condition zero\\hl.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "14654:TCP"= 14654:TCP:Azureus

    R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 18:47]
    R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 18:48]
    S3 bfastfao;bfastfao;C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\bfastfao.sys []
    S3 ce6230;Intel CE6230 Standalone USB Driver;C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys [2007-04-27 11:13]
    S3 ce6230BDACAP;Realfine CE6230 BDA Driver;C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys [2007-04-27 05:29]
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8492a4c0-2622-11dc-8169-0018de00b8cf}]
    \Shell\AutoRun\command - H:\nideiect.com
    \Shell\explore\Command - H:\nideiect.com
    \Shell\open\Command - H:\nideiect.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-14 08:06:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:52 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    "2006-08-29 15:52:53 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 10:08:07
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\uercltn.dll
    -> C:\WINDOWS\system32\USWERRLN.dll
    .
    Temps d'accomplissement: 2008-04-14 10:08:36
    ComboFix-quarantined-files.txt 2008-04-14 08:08:30
    ComboFix2.txt 2008-04-11 12:01:23
    ComboFix3.txt 2008-04-10 22:13:25
    Pre-Run: 15,407,132,672 octets libres
    Post-Run: 15,394,541,568 octets libres
    .
    2008-04-12 06:25:20 --- E O F ---
    a b 8 Sécurité
    14 Avril 2008 18:38:47

    Reposte un rapport Hijackthis.
    14 Avril 2008 20:02:27

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:01:30, on 14/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    c:\WINDOWS\system32\SgLogPlayer.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Valve\Steam\Steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Rar$EX00.781\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/?v=msgrv75
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {9620B51A-BAB2-4FF5-8BB7-45C2C5510777} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
    O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
    O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
    O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
    O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

    --
    End of file - 9715 bytes
    a b 8 Sécurité
    14 Avril 2008 20:08:12

    C'est mieux ?
    14 Avril 2008 21:08:37

    Je n'ai plus aucune fenêtre qui s'ouvre, le PC tourne mieux, j'en suis très reconnaissant ! Merci beaucoup Angeldark !

    Maintenant que le problème est résolu peux-tu me donner quelques conseils pour prévenir l'arrivé de ces virus, spywares ou autres problèmes qui polluent le PC. Est-ce nécessaire d'avoir comme moi autant de logiciel ( Windows Defender, AVG, a-squared, Ad-Aware, Spybot, Ccleaner, ComboFix, Malwarebytes' Anti-Malware). Les quelles me conseil tu ?

    Encore Merci !
    a b 8 Sécurité
    15 Avril 2008 12:32:44

    Tout est indiqué ci-dessous :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :


    15 Avril 2008 19:18:46

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\utilisateur\Local Settings\Temp\Rar$EX00.781\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\utilisateur\Local Settings\Temp\Rar$EX00.781\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    15 Avril 2008 19:21:38

    Tout est finalisé encore merci et à bientôt, enfin pas pour ça j'espère !
    a b 8 Sécurité
    15 Avril 2008 20:20:32

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS