Se connecter / S'enregistrer
Votre question

problèmes de chevaux de troie [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mars 2008 12:12:55

bonjour, avast m'annonce la présence de chevaux de troie sur mon p.c depuis que j'ai branché une clef usb dessus. je sais pas si ils sont présents sur mon p.c et si c'est le cas je ne sais pas comment m'en débarrasser...merci d'avance...

Autres pages sur : problemes chevaux troie resolu

22 Mars 2008 12:18:20

Salut,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

*****

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
22 Mars 2008 12:29:20

voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:36, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\hkcmd.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Startup] C:\windows\startup.vbs
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O20 - Winlogon Notify: uerclt - C:\WINDOWS\SYSTEM32\uercltn.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 11408 bytes
Contenus similaires
22 Mars 2008 12:38:15

Re,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
22 Mars 2008 14:03:41

voici le rapport de combofix

ComboFix 08-03-21.2 - Utilisateur 2008-03-22 13:55:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.192 [GMT 1:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-22 12:28 . 2008-03-22 12:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-17 18:32 . 2008-03-22 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 18:32 . 2008-03-17 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 18:31 . 2008-03-17 18:31 <REP> d-------- C:\Program Files\iTunes
2008-03-17 18:31 . 2008-03-17 18:31 <REP> d-------- C:\Program Files\iPod
2008-03-07 20:51 . 2008-03-19 19:27 <REP> dr------- C:\Mes images
2008-03-07 20:51 . 2008-03-22 13:57 12 --ah----- C:\cmsstorage.lst
2008-03-07 20:51 . 2008-03-22 13:57 0 --ah----- C:\WINDOWS\cmsstorage.lst
2008-03-07 20:47 . 2008-03-07 20:47 <REP> d-------- C:\Program Files\Media Manager
2008-03-07 20:46 . 2008-03-18 23:31 <REP> d-------- C:\Program Files\Microsoft Picture It!
2008-03-02 11:06 . 2008-03-02 11:06 <REP> d-------- C:\Program Files\MSBuild
2008-03-02 11:06 . 2008-03-02 11:06 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-02 11:04 . 2008-03-02 11:04 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-02 10:59 . 2008-03-02 10:59 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-02 10:56 . 2008-03-02 10:56 <REP> dr-h----- C:\MSOCache
2008-03-01 21:48 . 2008-03-01 21:48 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-02-28 14:04 . 2008-02-28 14:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 14:58 . 2008-02-27 14:58 68,872 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-27 14:18 . 2008-02-27 14:18 172 ---hs---- C:\WINDOWS\system32\bootrun.reg
2008-02-27 14:18 . 2008-02-27 14:18 5 --a------ C:\WINDOWS\system32\scvhost.ini
2008-02-27 14:17 . 2008-02-27 14:18 <REP> d-------- C:\WINDOWS\system32\scvhost
2008-02-27 14:17 . 2008-02-27 14:17 457 ---hs---- C:\WINDOWS\system32\boothide.reg
2008-02-22 13:14 . 2008-02-22 13:14 385 --a------ C:\WINDOWS\ODBC.INI
2008-02-22 13:12 . 2008-03-07 20:46 <REP> d-------- C:\WINDOWS\ShellNew
2008-02-22 00:53 . 2008-02-22 00:53 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 17:33 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-03-20 17:06 --------- d-----w C:\Program Files\eMule
2008-03-18 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 13:19 --------- d-----w C:\Program Files\Windows Live
2008-02-22 12:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-09 10:43 --------- d-----w C:\Program Files\QuickTime
2008-02-06 20:06 90,112 ----a-w C:\WINDOWS\DUMP378a.tmp
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 21:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users\Application Data\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Application Data\LPCFilter.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
@={ba930330-a721-11d3-a7b9-00500464ee16}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
@={2030D939-54A7-4fea-9B06-49EA77EFC87F}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 22:23 191552]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 22:49 16377344 C:\WINDOWS\RTHDCPL.exe]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 10:17 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 04:40 53248]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 07:18 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TDispVol"="TDispVol.exe" [2005-12-27 12:06 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 10:59 143360]
"NDSTray.exe"="NDSTray.exe" []
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 10:49 495616]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 13:40 196608]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 09:50 413696]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-05 19:46 185896]
"Startup"="C:\windows\startup.vbs" [2006-08-01 11:20 1032]
"SgeEcView"="c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 17:48 24576]
"EdWizard"="c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 17:28 245760]
"UERLKUP"="c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 13:14 36864]
"CFSServ.exe"="CFSServ.exe" []
"StandardInstall"="" []
"Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 17:46 543232]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 00:05 283888]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"mcafee"="C:\WINDOWS\WIN31.dll.vbs" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06 5484544]
Pr‚sentation de Media Manager.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-31 156672]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll 2002-01-22 14:28 110592 C:\WINDOWS\system32\SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll 2005-03-31 10:27 69632 C:\WINDOWS\system32\SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
uercltn.dll 2006-03-29 13:14 77824 C:\WINDOWS\system32\uercltn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 17:47]
R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 17:48]
R2 MMIndexer;Indexer de Media Manager;C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe [1997-07-31 00:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 11:22]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 11:15]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-22 14:10]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 09:19]
S3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
S3 TpChoice;Touch Pad Detection Filter driver;C:\WINDOWS\system32\DRIVERS\TpChoice.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b677ce-948a-11dc-b9a7-001b38185636}]
\shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cb5efef-e6d3-11dc-baa6-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9362c045-8981-11dc-b98a-001b38185636}]
\Shell\AutoRun\command - game666.exe
\Shell\open\command - game666.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4a0530-897f-11dc-b989-001b38185636}]
\Shell\AutoRun\command - G:\game666.exe
\Shell\open\command - G:\game666.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cefa79-c90e-11dc-ba4c-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd0bc7c-8e09-11dc-b994-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-17 17:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-03 13:00:16 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-08-17 12:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-08-03 13:00:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-22 11:39:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 13:57:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\uercltn.dll
-> C:\WINDOWS\system32\USWERRLN.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\TDispVol.dll
.
Temps d'accomplissement: 2008-03-22 13:57:40
ComboFix-quarantined-files.txt 2008-03-22 12:57:37
.
2008-03-12 17:20:11 --- E O F ---
22 Mars 2008 15:28:47

Re,

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\system32\TDispVol.dll
Clique maintenant sur envoyer le fichier.
Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Fais la même chose avec ces fichiers : C:\WINDOWS\system32\USWERRLN.dll , C:\WINDOWS\system32\uercltn.dll
22 Mars 2008 20:45:22

voici les rapports

Fichier TDispVol.dll reçu le 2008.03.10 10:23:17 (CET)
Situation actuelle: terminé

Résultat: 4/32 (12.50%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.4.0 2008.03.07 -
AntiVir 7.6.0.73 2008.03.10 -
Authentium 4.93.8 2008.03.07 -
Avast 4.7.1098.0 2008.03.09 -
AVG 7.5.0.516 2008.03.09 -
BitDefender 7.2 2008.03.10 -
CAT-QuickHeal 9.50 2008.03.08 -
ClamAV 0.92.1 2008.03.10 -
DrWeb 4.44.0.09170 2008.03.10 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5597 2008.03.07 -
Ewido 4.0 2008.03.09 Not-A-Virus.Monitor.Win32.AKL.25
FileAdvisor 1 2008.03.10 -
Fortinet 3.14.0.0 2008.03.10 -
F-Prot 4.4.2.54 2008.03.09 W32/Monitor.OA
F-Secure 6.70.13260.0 2008.03.10 -
Ikarus T3.1.1.20 2008.03.10 not-a-virus:Monitor.Win32.AKL.25
Kaspersky 7.0.0.125 2008.03.10 -
McAfee 5247 2008.03.07 -
Microsoft 1.3301 2008.03.07 -
NOD32v2 2933 2008.03.10 -
Norman 5.80.02 2008.03.07 -
Panda 9.0.0.4 2008.03.09 -
Prevx1 V2 2008.03.10 -
Rising 20.35.00.00 2008.03.10 -
Sophos 4.27.0 2008.03.10 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.10 -
TheHacker 6.2.92.239 2008.03.09 Aplicacion/AKL.25
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.09 -
Webwasher-Gateway 6.6.2 2008.03.10 -
Information additionnelle
File size: 45056 bytes
MD5: 442fde6efe79b2d251ffa4e8e1c7462a
SHA1: 2f02ca00fcb72f4afcc4c6a870bf98106ce2a08f
PEiD: Armadillo v1.xx - v2.xx

Fichier uswerrln.dll reçu le 2008.03.22 19:24:41 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 7.
L'heure estimée de démarrage est entre 58 et 84 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.22.1 2008.03.21 -
AntiVir 7.6.0.75 2008.03.21 -
Authentium 4.93.8 2008.03.22 -
Avast 4.7.1098.0 2008.03.22 -
AVG 7.5.0.516 2008.03.21 -
BitDefender 7.2 2008.03.22 -
CAT-QuickHeal 9.50 2008.03.21 -
ClamAV 0.92.1 2008.03.22 -
DrWeb 4.44.0.09170 2008.03.22 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5633 2008.03.21 -
Ewido 4.0 2008.03.22 -
F-Prot 4.4.2.54 2008.03.22 -
F-Secure 6.70.13260.0 2008.03.21 -
FileAdvisor 1 2008.03.22 -
Fortinet 3.14.0.0 2008.03.21 -
Ikarus T3.1.1.20 2008.03.22 -
Kaspersky 7.0.0.125 2008.03.22 -
McAfee 5257 2008.03.21 -
Microsoft 1.3301 2008.03.22 -
NOD32v2 2967 2008.03.21 -
Norman 5.80.02 2008.03.20 -
Panda 9.0.0.4 2008.03.22 -
Prevx1 V2 2008.03.22 -
Rising 20.36.42.00 2008.03.21 -
Sophos 4.27.0 2008.03.22 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.22 -
TheHacker 6.2.92.250 2008.03.19 -
VBA32 3.12.6.3 2008.03.21 -
VirusBuster 4.3.26:9 2008.03.21 -
Webwasher-Gateway 6.6.2 2008.03.22 -
Information additionnelle
File size: 32768 bytes
MD5: f93ea1047bce99b975a30ac5a1fc8d8c
SHA1: c42b86e6bb13344c95722eb031c2f64348b48b33
PEiD: Armadillo v1.xx - v2.xx

Fichier uercltn.dll reçu le 2008.03.22 20:38:52 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 55 et 78 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.3.22.1 2008.03.21 -
AntiVir 7.6.0.75 2008.03.22 -
Authentium 4.93.8 2008.03.22 -
Avast 4.7.1098.0 2008.03.22 -
AVG 7.5.0.516 2008.03.22 -
BitDefender 7.2 2008.03.22 -
CAT-QuickHeal 9.50 2008.03.21 -
ClamAV 0.92.1 2008.03.22 -
DrWeb 4.44.0.09170 2008.03.22 -
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5633 2008.03.21 -
Ewido 4.0 2008.03.22 -
F-Prot 4.4.2.54 2008.03.22 -
F-Secure 6.70.13260.0 2008.03.21 -
FileAdvisor 1 2008.03.22 -
Fortinet 3.14.0.0 2008.03.21 -
Ikarus T3.1.1.20 2008.03.22 -
Kaspersky 7.0.0.125 2008.03.22 -
McAfee 5257 2008.03.21 -
Microsoft 1.3301 2008.03.22 -
NOD32v2 2967 2008.03.21 -
Norman 5.80.02 2008.03.20 -
Panda 9.0.0.4 2008.03.22 -
Prevx1 V2 2008.03.22 -
Rising 20.36.42.00 2008.03.21 -
Sophos 4.27.0 2008.03.22 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.22 -
TheHacker 6.2.92.252 2008.03.22 -
VBA32 3.12.6.3 2008.03.21 -
VirusBuster 4.3.26:9 2008.03.22 -
Webwasher-Gateway 6.6.2 2008.03.22 -
Information additionnelle
File size: 77824 bytes
MD5: ae3676c33742477a03f075d387efcf2a
SHA1: fa0be9d4f65b036f20dc1da47d39694f66bbc471
PEiD: Armadillo v1.xx - v2.xx
23 Mars 2008 11:33:15

Re,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

*******

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\uercltn.dll
G:\game666.exe
G:\2ifetri.cmd
C:\windows\startup.vbs
C:\WINDOWS\WLXPGSS.SCR
C:\WINDOWS\DUMP378a.tmp
C:\WINDOWS\system32\bootrun.reg
C:\WINDOWS\system32\scvhost.ini
C:\WINDOWS\system32\boothide.reg

Folder::
C:\WINDOWS\system32\scvhost

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgeIconOvl2]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uerclt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-
"Camera Assistant Software"=-
"TkBellExe"=-
"Startup"=-
"CFSServ.exe"=-
"StandardInstall"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"VirtualCloneDrive"=-
"iTunesHelper"=-
"mcafee"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
23 Mars 2008 14:12:29

Re
voici le rapport de combofix
ComboFix 08-03-21.2 - Utilisateur 2008-03-23 14:07:07.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.178 [GMT 1:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\DUMP378a.tmp
C:\windows\startup.vbs
C:\WINDOWS\system32\boothide.reg
C:\WINDOWS\system32\bootrun.reg
C:\WINDOWS\system32\scvhost.ini
C:\WINDOWS\system32\uercltn.dll
C:\WINDOWS\WLXPGSS.SCR
G:\2ifetri.cmd
G:\game666.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\DUMP378a.tmp
C:\windows\startup.vbs
C:\WINDOWS\system32\boothide.reg
C:\WINDOWS\system32\bootrun.reg
C:\WINDOWS\system32\scvhost
C:\WINDOWS\system32\scvhost.ini
C:\WINDOWS\system32\uercltn.dll
C:\WINDOWS\WLXPGSS.SCR

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 12:45 . 2008-03-23 12:45 0 --a------ C:\WINDOWS\TPTray.INI
2008-03-22 12:28 . 2008-03-22 12:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-17 18:32 . 2008-03-23 12:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-17 18:32 . 2008-03-17 18:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-17 18:31 . 2008-03-17 18:31 <REP> d-------- C:\Program Files\iTunes
2008-03-17 18:31 . 2008-03-17 18:31 <REP> d-------- C:\Program Files\iPod
2008-03-07 20:51 . 2008-03-19 19:27 <REP> dr------- C:\Mes images
2008-03-07 20:51 . 2008-03-23 13:41 12 --ah----- C:\cmsstorage.lst
2008-03-07 20:51 . 2008-03-23 13:41 0 --ah----- C:\WINDOWS\cmsstorage.lst
2008-03-07 20:47 . 2008-03-07 20:47 <REP> d-------- C:\Program Files\Media Manager
2008-03-07 20:46 . 2008-03-18 23:31 <REP> d-------- C:\Program Files\Microsoft Picture It!
2008-03-02 11:06 . 2008-03-02 11:06 <REP> d-------- C:\Program Files\MSBuild
2008-03-02 11:06 . 2008-03-02 11:06 <REP> d-------- C:\Program Files\Microsoft Works
2008-03-02 11:04 . 2008-03-02 11:04 <REP> d-------- C:\Program Files\Microsoft.NET
2008-03-02 10:59 . 2008-03-02 10:59 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-02 10:56 . 2008-03-02 10:56 <REP> dr-h----- C:\MSOCache
2008-03-01 21:48 . 2008-03-01 21:48 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-02-28 14:04 . 2008-02-28 14:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 14:58 . 2008-02-27 14:58 68,872 --a------ C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 17:33 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2008-03-20 17:06 --------- d-----w C:\Program Files\eMule
2008-03-18 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 13:19 --------- d-----w C:\Program Files\Windows Live
2008-02-22 12:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-21 23:53 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-09 10:43 --------- d-----w C:\Program Files\QuickTime
2008-01-30 21:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users\Application Data\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Application Data\LPCFilter.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_13.57.30,50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 12:38:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 22:23 191552]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 16:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 16:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 16:40 118784]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 15:31 638976]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 10:17 65536]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 04:40 53248]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 07:18 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TDispVol"="TDispVol.exe" [2005-12-27 12:06 73728 C:\WINDOWS\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 10:59 143360]
"NDSTray.exe"="NDSTray.exe" []
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 10:49 495616]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 13:40 196608]
"SgeEcView"="c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe" [2005-06-08 17:48 24576]
"EdWizard"="c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" [2005-06-08 17:28 245760]
"UERLKUP"="c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe" [2006-03-29 13:14 36864]
"Club-Internet_McciTrayApp"="C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe" [2005-11-15 17:46 543232]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 00:05 283888]
"mcafee"="C:\WINDOWS\WIN31.dll.vbs" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

C:\Documents and Settings\Utilisateur\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06 5484544]
Pr‚sentation de Media Manager.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE [1997-07-31 156672]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 11:10:02 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog]
SGLogEx.dll 2002-01-22 14:28 110592 C:\WINDOWS\system32\SGLogEx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification]
SGLogNotification.dll 2005-03-31 10:27 69632 C:\WINDOWS\system32\SGLogNotification.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 AES-256;AES-256;C:\WINDOWS\system32\DRIVERS\AES256.SYS [2005-06-08 17:47]
R0 SgeFlt;SgeFlt;C:\WINDOWS\system32\DRIVERS\SGEFLT.SYS [2005-06-08 17:48]
R2 MMIndexer;Indexer de Media Manager;C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe [1997-07-31 00:00]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 11:22]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 11:15]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-22 14:10]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
R3 UVCFTR;UVCFTR;C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS [2007-04-16 09:19]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
S3 TpChoice;Touch Pad Detection Filter driver;C:\WINDOWS\system32\DRIVERS\TpChoice.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56b677ce-948a-11dc-b9a7-001b38185636}]
\shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cb5efef-e6d3-11dc-baa6-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9362c045-8981-11dc-b98a-001b38185636}]
\Shell\AutoRun\command - game666.exe
\Shell\open\command - game666.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4a0530-897f-11dc-b989-001b38185636}]
\Shell\AutoRun\command - G:\game666.exe
\Shell\open\command - G:\game666.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0cefa79-c90e-11dc-ba4c-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdd0bc7c-8e09-11dc-b994-001b38185636}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-17 17:24:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-03 13:00:16 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-08-17 12:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-08-03 13:00:17 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-23 12:39:34 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 14:08:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-23 14:09:00
ComboFix-quarantined-files.txt 2008-03-23 13:08:56
ComboFix2.txt 2008-03-22 12:57:41
.
2008-03-12 17:20:11 --- E O F ---

le rapport hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:51, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 8436 bytes
23 Mars 2008 15:33:37

Où en sont tes problèmes ..?

Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcafee] C:\WINDOWS\WIN31.dll.vbs
O4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

Puis Fix Checked !

*******

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

********

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
23 Mars 2008 16:21:48

23/03/2008 a 16:17:29,82

*** Recherche des fichiers dans C:
C:\autorun.inf FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
23 Mars 2008 16:29:36

Réponds à ma question et continue ;) 
23 Mars 2008 16:40:02

Je n'arrive pas à envoyer le fichier C:\upload_moi.zip au site malekal. Il considère que j'ai sélectionné aucun fichier...
23 Mars 2008 16:41:47

pardon...j'ai plus d'alerte d'avast et mon p.c n'a plus l'air de se couper de façon intenpestive...
23 Mars 2008 18:39:01


AntiVir PersonalEdition Classic
Report file date: dimanche 23 mars 2008 17:43

Scanning for 1161960 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Utilisateur
Computer name: CRC_87216792K

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:06:21
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 16:06:21
ANTIVIR3.VDF : 7.0.3.64 16384 Bytes 22/03/2008 16:06:21
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 23/03/2008 16:06:22
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/03/2008 16:06:23
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 23 mars 2008 17:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process '9wifi.exe' - '1' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'uerlkupn.exe' - '1' Module(s) have been scanned
Scan process 'ecview.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'DDWMon.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TDispVol.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'WksCfgSrv.exe' - '1' Module(s) have been scanned
Scan process 'TODDSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SgLogPlayer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SgeCtl.exe' - '1' Module(s) have been scanned
Scan process 'AIRSVCU.EXE' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <WinXP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <BOOT>
D:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067077.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f46.qua'!
D:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067110.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f48.qua'!
D:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067127.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f4a.qua'!
Begin scan in 'E:\' <DONNEES>
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0058993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f4f.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0059994.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f51.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0060993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f54.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0061993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f56.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0062993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f58.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0063993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f5b.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0064993.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f5d.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0065012.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f5f.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0065045.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f62.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0066045.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f65.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP59\A0066077.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f67.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0066105.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f69.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067079.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f6b.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067112.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f6c.qua'!
E:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP60\A0067129.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Autorun.J
[INFO] The file was moved to '48168f6e.qua'!
Begin scan in 'F:\' <Audio CD>
Begin scan in 'G:\' <IOMEGA HDD>
G:\desktop2.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.DZ.25
[INFO] The file was moved to '485990d7.qua'!
G:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP44\A0005887.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.DZ.24
[INFO] The file was moved to '481690a5.qua'!
G:\System Volume Information\_restore{BAADBF63-A8B9-4FD1-926A-BA71FFD5292A}\RP67\A0067806.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.DZ.25
[INFO] The file was moved to '481690a7.qua'!
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 23 mars 2008 18:17
Used time: 34:08 min

The scan has been done completely.

6285 Scanning directories
247851 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
247830 Files not concerned
7754 Archives were scanned
2 Warnings
4 Notes

rapport hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:16, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 8348 bytes
23 Mars 2008 19:37:35

Re,

Fixe ces lignes :

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
23 Mars 2008 21:55:16

Re
c'est bon j'ai fait ce que tu m'as dit de faire...je te poste un rapport Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:15, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\WINDOWS\system32\igfxpers.exe
c:\WINDOWS\system32\SgLogPlayer.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\TPSMain.exe
c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SgeEcView] c:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [EdWizard] c:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe as
O4 - HKLM\..\Run: [UERLKUP] c:\Program Files\Utimaco\SafeGuard Easy\uerlkupn.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2.1\McciTrayApp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - c:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - c:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

--
End of file - 8100 bytes
23 Mars 2008 23:07:20

Plus de problèmes ?
24 Mars 2008 12:53:13

re, non j'ai plus de problèmes merci...
24 Mars 2008 14:24:58

Télécharge ToolsCleaner2( de A.Rothstein)

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter],
Poste ce rapport ~>C:\TCleaner.txt<~

Garde ccleaner, avg et antivir si nous les avons installé..
Désactive-réactive la restauration système
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Ver USB
Si tu ne la trouves pas dans la liste, poste dans Autres infections,

Puis regarde ces dossiers :

Sécurité/Prévention
Conséquences de la multi-protection
Toolbars : Inutilité et ralentissements

Bonne journée/soirée :) 
24 Mars 2008 15:53:32

bonjour, stp xmichoux tu aurais une minute pour moi?
24 Mars 2008 18:14:37

Salut vince, crée ton propre sujet ;) 
29 Mars 2008 11:37:59

Re, voici le rapport Tcleaner :
-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\Clean.zip: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\tar.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\remove.reg: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\pskill.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\LFiles.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\gzip.exe: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\delsiri.cmd: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\delr.cmd: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\del3.cmd: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\del2.cmd: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\clean.cmd: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\clean\cherche.cmd: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\Clean.zip: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\tar.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\remove.reg: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\pskill.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\LFiles.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\gzip.exe: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\delsiri.cmd: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\delr.cmd: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\del3.cmd: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\del2.cmd: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\clean.cmd: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\clean\cherche.cmd: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
29 Mars 2008 11:40:15

C'est clean ;) 

++
29 Mars 2008 11:51:16

merci beaucoup...il faut faire quoi déjà pr dire que le sujet à été résolu??
29 Mars 2008 12:03:24

Editer ton premier message de ce sujet ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS