bonjour
je suis une petite nouvelle sur le forum
j'ai récupéré l'ordi d'un petit cousin
bien malade (l'ordi pas lui)
son antivirus était périmé depuis 6 mois
j'ai installé avast qui a détecté un nombre impressionnant de virus
ci dessous le rapport d'avast
13/02/2008 21:20:49 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00F2745.dat" file.
13/02/2008 21:20:56 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\SYSTEM32\__C0084FE6.DAT" file.
13/02/2008 21:22:07 SYSTEM 1280 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\SYSTEM32\JKHFE.DLL" file.
13/02/2008 21:22:28 SYSTEM 1280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BSDHYYVS.DLL" file.
13/02/2008 21:24:36 SYSTEM 1280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BANWMMFW.DLL" file.
13/02/2008 21:27:22 Admin 2176 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
13/02/2008 21:54:10 SYSTEM 1280 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
13/02/2008 21:55:18 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00F2745.dat" file.
13/02/2008 21:55:40 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\SYSTEM32\__C0084FE6.DAT" file.
13/02/2008 22:00:43 SYSTEM 1608 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:03:13 SYSTEM 1600 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:06:52 Admin 1712 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "c:\windows\system32\jkhfe.dll" file.
14/02/2008 08:07:08 Admin 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "c:\windows\system32\mlljg.dll" file.
14/02/2008 08:07:17 Admin 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "c:\windows\system32\vtsqp.dll" file.
14/02/2008 08:07:41 SYSTEM 1600 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:10:17 Admin 3380 Sign of "VBS:Malware-gen" has been found in "C:\Documents and Settings\Admin\Bureau\AUTORUN.INF" file.
14/02/2008 08:41:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\aavtgtmr.dll.vir" file.
14/02/2008 09:00:53 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041545.dll" file.
14/02/2008 09:01:10 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041559.dll" file.
14/02/2008 09:01:24 Admin 3380 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP241\A0041666.INF" file.
14/02/2008 09:07:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\adgqfglj.dll" file.
14/02/2008 09:07:36 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\aihpqmkb.dll" file.
14/02/2008 09:07:40 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\aprnpsba.dll" file.
14/02/2008 09:07:43 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\bbwshmef.dll" file.
14/02/2008 09:07:45 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\bsdhyyvs.dll" file.
14/02/2008 09:07:49 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\ccwiymgy.dll" file.
14/02/2008 09:08:19 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\dlpjspjv.dll" file.
14/02/2008 09:08:32 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\dmyccplv.dll" file.
14/02/2008 09:08:44 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ejkbguqx.dll" file.
14/02/2008 09:08:45 Admin 3380 Sign of "Win32:BHO-JG [Trj]" has been found in "C:\WINDOWS\system32\eniaorxe.dll" file.
14/02/2008 09:08:46 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ewysghvc.dll" file.
14/02/2008 09:08:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fakkkjhr.dll" file.
14/02/2008 09:08:48 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fbnuuqyw.dll" file.
14/02/2008 09:08:49 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fevhuexq.dll" file.
14/02/2008 09:08:52 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ghdrrfoa.dll" file.
14/02/2008 09:08:54 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\gkbnnbmt.dll" file.
14/02/2008 09:08:55 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\gmglxpal.dll" file.
14/02/2008 09:08:55 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\gpvxiear.dll" file.
14/02/2008 09:09:03 Admin 3380 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\ihbjxvxt.dll" file.
14/02/2008 09:09:13 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\itxwfchc.dll" file.
14/02/2008 09:09:14 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\jghaowoe.dll" file.
14/02/2008 09:09:15 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\jiaasiue.dll" file.
14/02/2008 09:09:16 Admin 3380 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 09:09:18 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\kgwtngce.dll" file.
14/02/2008 09:09:20 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\kurvxogg.dll" file.
14/02/2008 09:09:20 Admin 3380 Sign of "Win32:BHO-JF [Trj]" has been found in "C:\WINDOWS\system32\kvteuqle.dll" file.
14/02/2008 09:09:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\lsionlbu.dll" file.
14/02/2008 09:09:25 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\lwfgtdmy.dll" file.
14/02/2008 09:09:26 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\lybvgbfw.dll" file.
14/02/2008 09:09:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\mbkhogri.dll" file.
14/02/2008 09:09:28 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\menacspj.dll" file.
14/02/2008 09:09:30 Admin 3380 Sign of "Win32:BHO-JL [Trj]" has been found in "C:\WINDOWS\system32\mfvqsptx.dll" file.
14/02/2008 09:09:31 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\mlljg.dll" file.
14/02/2008 09:09:44 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\mxxsrerx.dll" file.
14/02/2008 09:09:45 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\nbnaahfe.dll" file.
14/02/2008 09:09:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\nobmvfri.dll" file.
14/02/2008 09:09:50 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\oalbsqcf.dll" file.
14/02/2008 09:09:55 Admin 3380 Sign of "Win32:BHO-JG [Trj]" has been found in "C:\WINDOWS\system32\ovugwfwb.dll" file.
14/02/2008 09:09:57 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\paxgdmej.dll" file.
14/02/2008 09:10:00 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\puteappe.dll" file.
14/02/2008 09:10:01 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\puvedajl.dll" file.
14/02/2008 09:10:04 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\rdrmrjyf.dll" file.
14/02/2008 09:10:06 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\rnxayebd.dll" file.
14/02/2008 09:10:07 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\ropnjque.dll" file.
14/02/2008 09:10:11 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\rvfwojdm.dll" file.
14/02/2008 09:10:13 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\sduralfr.dll" file.
14/02/2008 09:10:33 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\tgcjbfwm.dll" file.
14/02/2008 09:10:35 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\tqwbsptb.dll" file.
14/02/2008 09:10:36 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\trefncwf.dll" file.
14/02/2008 09:10:39 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ttohixpq.dll" file.
14/02/2008 09:10:41 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\udqoynsf.dll" file.
14/02/2008 09:10:42 Admin 3380 Sign of "Win32:BHO-JX [Trj]" has been found in "C:\WINDOWS\system32\ukqgfioo.dll" file.
14/02/2008 09:10:43 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\uoegvlct.dll" file.
14/02/2008 09:10:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vfwjdfxc.dll" file.
14/02/2008 09:10:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vkqgsqch.dll" file.
14/02/2008 09:10:48 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vqmjiatj.dll" file.
14/02/2008 09:10:49 Admin 3380 Sign of "Win32:BHO-JX [Trj]" has been found in "C:\WINDOWS\system32\vraqiwjo.dll" file.
14/02/2008 09:10:49 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vsilkcrj.dll" file.
14/02/2008 09:10:50 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\vtsqp.dll" file.
14/02/2008 09:10:51 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\vuqjiedg.dll" file.
14/02/2008 09:10:59 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\wfwvblxl.dll" file.
14/02/2008 09:11:08 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\wslkbknn.dll" file.
14/02/2008 09:11:13 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xgdkxsbc.dll" file.
14/02/2008 09:11:13 Admin 3380 Sign of "Win32:BHO-JM [Trj]" has been found in "C:\WINDOWS\system32\xhlxdugo.dll" file.
14/02/2008 09:11:14 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xhnrcfqd.dll" file.
14/02/2008 09:11:15 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\xkpbrghn.dll" file.
14/02/2008 09:11:16 Admin 3380 Sign of "Win32:BHO-JC [Trj]" has been found in "C:\WINDOWS\system32\xublrtcp.dll" file.
14/02/2008 09:11:17 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xwvgwcma.dll" file.
14/02/2008 09:11:18 Admin 3380 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\yltnmkvs.dll" file.
14/02/2008 09:11:18 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c001998E.dat" file.
14/02/2008 09:11:19 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c001DD10.dat" file.
14/02/2008 09:11:20 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0022E10.dat" file.
14/02/2008 09:11:20 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0035A90.dat" file.
14/02/2008 09:11:21 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0038CD8.dat" file.
14/02/2008 09:11:21 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c004DB46.dat" file.
14/02/2008 09:11:22 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c005180E.dat" file.
14/02/2008 09:11:22 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c005872C.dat" file.
14/02/2008 09:11:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c006693C.dat" file.
14/02/2008 09:11:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c006BF7C.dat" file.
14/02/2008 09:11:24 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c007BD62.dat" file.
14/02/2008 09:11:24 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c009AC40.dat" file.
14/02/2008 09:11:25 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00A7D4D.dat" file.
14/02/2008 09:11:26 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00BE73.dat" file.
14/02/2008 09:11:26 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00C5B60.dat" file.
14/02/2008 09:11:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00D821C.dat" file.
14/02/2008 09:11:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00DF8C9.dat" file.
14/02/2008 09:11:28 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c

j'ai fait également un scan avec hijack
Logfile of HijackThis v1.99.1
Scan saved at 09:33:07, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {945DB755-2EF7-42B7-BA33-2A0D16DAA0F6} - C:\WINDOWS\system32\jkhfe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF0C7B39-0517-47D6-832C-EC091C3A6861} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {06b89d96-c557-f2ca-dd74-7243fabaaece} - {eceaabaf-3427-47dd-ac2f-755c69d98b60} - C:\WINDOWS\system32\lixgsbgr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\gxafjssx.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 3213498609
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C8AEB8-1D2B-47FB-8E12-288682574BEE}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F2745.dat
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

je remercie à l'avance la personne qui veut bien m'envoyer une bouée de sauvetage voir un canot de survi.

Salut,

Bonne infection Vundo

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

merci de t'occuper de mon cas !

le rapport combo :
ComboFix 08-02-14.2 - Admin 2008-02-14 10:25:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.536 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhfe.dll
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\L9TD2FBF\iforex.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\L9TD2FBF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Admin\Application Data\ShoppingReport
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\__c001998E.dat
C:\WINDOWS\system32\__c001DD10.dat
C:\WINDOWS\system32\__c0022E10.dat
C:\WINDOWS\system32\__c0035A90.dat
C:\WINDOWS\system32\__c0038CD8.dat
C:\WINDOWS\system32\__c004DB46.dat
C:\WINDOWS\system32\__c005180E.dat
C:\WINDOWS\system32\__c005872C.dat
C:\WINDOWS\system32\__c006693C.dat
C:\WINDOWS\system32\__c006BF7C.dat
C:\WINDOWS\system32\__c007BD62.dat
C:\WINDOWS\system32\__C0084FE6.DAT
C:\WINDOWS\system32\__c009AC40.dat
C:\WINDOWS\system32\__c00A7D4D.dat
C:\WINDOWS\system32\__c00BE73.dat
C:\WINDOWS\system32\__c00C5B60.dat
C:\WINDOWS\system32\__c00D821C.dat
C:\WINDOWS\system32\__c00DF8C9.dat
C:\WINDOWS\system32\__c00E2B70.dat
C:\WINDOWS\system32\adgqfglj.dll
C:\WINDOWS\system32\aihpqmkb.dll
C:\WINDOWS\system32\aprnpsba.dll
C:\WINDOWS\system32\bsdhyyvs.dll
C:\WINDOWS\system32\ceuqqgkp.dll
C:\WINDOWS\system32\daibfhio.ini
C:\WINDOWS\system32\dlpjspjv.dll
C:\WINDOWS\system32\dmyccplv.dll
C:\WINDOWS\system32\dxqcajpu.ini
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\ejkbguqx.dll
C:\WINDOWS\system32\ewysghvc.dll
C:\WINDOWS\system32\fakkkjhr.dll
C:\WINDOWS\system32\fbnuuqyw.dll
C:\WINDOWS\system32\fevhuexq.dll
C:\WINDOWS\system32\ghdrrfoa.dll
C:\WINDOWS\system32\gkbnnbmt.dll
C:\WINDOWS\system32\gpvxiear.dll
C:\WINDOWS\system32\gxafjssx.dll
C:\WINDOWS\system32\ihbjxvxt.dll
C:\WINDOWS\system32\iisyxtek.ini
C:\WINDOWS\system32\itxwfchc.dll
C:\WINDOWS\system32\jghaowoe.dll
C:\WINDOWS\system32\jiaasiue.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\ketxysii.dll
C:\WINDOWS\system32\kgwtngce.dll
C:\WINDOWS\system32\kurvxogg.dll
C:\WINDOWS\system32\lixgsbgr.dll
C:\WINDOWS\system32\lsionlbu.dll
C:\WINDOWS\system32\lwfgtdmy.dll
C:\WINDOWS\system32\lybvgbfw.dll
C:\WINDOWS\system32\mbkhogri.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\menacspj.dll
C:\WINDOWS\system32\mfvqsptx.dll
c:\WINDOWS\system32\mkfitppms.dat
C:\WINDOWS\system32\mkfitppms.exe
c:\WINDOWS\system32\mkfitppms_nav.dat
c:\WINDOWS\system32\mkfitppms_navps.dat
C:\WINDOWS\system32\mxxsrerx.dll
C:\WINDOWS\system32\nbnaahfe.dll
C:\WINDOWS\system32\nobmvfri.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oalbsqcf.dll
C:\WINDOWS\system32\paxgdmej.dll
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\puteappe.dll
C:\WINDOWS\system32\puvedajl.dll
C:\WINDOWS\system32\pvgcxpmf.ini
C:\WINDOWS\system32\rdrmrjyf.dll
C:\WINDOWS\system32\sduralfr.dll
C:\WINDOWS\system32\svyyhdsb.ini
C:\WINDOWS\system32\tqwbsptb.dll
C:\WINDOWS\system32\trefncwf.dll
C:\WINDOWS\system32\ttohixpq.dll
C:\WINDOWS\system32\udqoynsf.dll
C:\WINDOWS\system32\ukqgfioo.dll
C:\WINDOWS\system32\uoegvlct.dll
C:\WINDOWS\system32\vfwjdfxc.dll
C:\WINDOWS\system32\vkqgsqch.dll
C:\WINDOWS\system32\vqmjiatj.dll
C:\WINDOWS\system32\vraqiwjo.dll
C:\WINDOWS\system32\vsilkcrj.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vuqjiedg.dll
C:\WINDOWS\system32\wfwvblxl.dll
C:\WINDOWS\system32\wslkbknn.dll
C:\WINDOWS\system32\xgdkxsbc.dll
C:\WINDOWS\system32\xhlxdugo.dll
C:\WINDOWS\system32\xhnrcfqd.dll
C:\WINDOWS\system32\xssjfaxg.ini
C:\WINDOWS\system32\xublrtcp.dll
C:\WINDOWS\system32\xwvgwcma.dll
C:\WINDOWS\system32\yltnmkvs.dll
C:\WINDOWS\system32\yqmlhwie.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.

2008-02-14 09:12 . 2008-02-14 09:12 78,912 --a------ C:\WINDOWS\system32\BANWMMFW.DLL
2008-02-13 22:19 . 2008-02-13 22:19 <REP> d-------- C:\VundoFix Backups
2008-02-13 22:18 . 2008-02-13 22:18 132,608 --a------ C:\VundoFix.exe
2008-02-13 22:09 . 2008-02-14 09:32 <REP> d-------- C:\hijack
2008-02-13 22:08 . 2008-02-13 22:08 212,849 --a------ C:\antivirus sonia.zip
2008-02-13 20:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 20:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 20:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 20:49 . 2008-02-13 20:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-13 20:49 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 20:49 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 20:49 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 20:49 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 20:49 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 14:34 . 2008-02-13 14:35 <REP> d-------- C:\Program Files\Google
2008-02-13 14:34 . 2008-02-13 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 13:44 . 2008-02-13 13:44 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-02-03 20:36 . 2008-02-03 20:36 268 --ah----- C:\sqmdata06.sqm
2008-02-03 20:36 . 2008-02-03 20:36 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 16:24 . 2008-02-03 16:24 268 --ah----- C:\sqmdata05.sqm
2008-02-03 16:24 . 2008-02-03 16:24 244 --ah----- C:\sqmnoopt05.sqm
2008-01-27 18:01 . 2008-01-27 18:01 <REP> d-------- C:\Program Files\Ubi Soft
2008-01-26 16:06 . 2008-02-08 18:26 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-14 16:45 . 2008-01-27 16:06 29,080 ---hs---- C:\WINDOWS\system32\otqtyili.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-27 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 12:44 --------- d-----w C:\Program Files\EA GAMES
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-06-29 11:47 461 ----a-w C:\Program Files\INSTALL.LOG
2007-10-11 13:34 144,346 --sh--w C:\WINDOWS\system32\abeeg.bak1
2007-10-15 13:21 163,146 --sh--w C:\WINDOWS\system32\abeeg.bak2
2007-09-20 13:39 6,729 --sh--w C:\WINDOWS\system32\gjllm.bak1
2007-09-27 18:17 14,915 --sh--w C:\WINDOWS\system32\gjllm.bak2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF0C7B39-0517-47D6-832C-EC091C3A6861}]
C:\WINDOWS\system32\geeba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 19:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 19:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 19:10 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 18:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 13:04 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 18:11 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 15:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 11:31 1077328]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37 57344]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
C:\WINDOWS\system32\mlljg.dll 2007-09-16 15:10 283232 C:\WINDOWS\system32\mlljg.dll

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 18:49]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Admin\LOCALS~1\Temp\DMSKSSRh.sys []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70256860-f0dd-11db-b3eb-000fb0e29385}]
\Shell\AutoRun\command - Scooter07.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 10:33:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-14 10:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 09:35:08
.
2008-02-13 20:59:21 --- E O F ---

Re,

Copie le texte se situant dans le cadre ci-dessous :

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

voici la suite :

rapport combo

ComboFix 08-02-14.2 - Admin 2008-02-15 13:28:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.647 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Bureau\CFSCRIPT.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE
C:\DOCUME~1\Admin\LOCALS~1\Temp\DMSKSSRh.sys
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\BANWMMFW.DLL
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\otqtyili.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\BANWMMFW.DLL
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\otqtyili.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DMSKSSRH
-------\DMSKSSRh


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
.

2008-02-13 22:18 . 2008-02-13 22:18 132,608 --a------ C:\VundoFix.exe
2008-02-13 22:09 . 2008-02-14 09:32 <REP> d-------- C:\hijack
2008-02-13 22:08 . 2008-02-13 22:08 212,849 --a------ C:\antivirus sonia.zip
2008-02-13 20:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 20:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 20:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 20:49 . 2008-02-13 20:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-13 20:49 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 20:49 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 20:49 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 20:49 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 20:49 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 14:34 . 2008-02-13 14:35 <REP> d-------- C:\Program Files\Google
2008-02-13 14:34 . 2008-02-13 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 13:44 . 2008-02-13 13:44 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-02-03 20:36 . 2008-02-03 20:36 268 --ah----- C:\sqmdata06.sqm
2008-02-03 20:36 . 2008-02-03 20:36 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 16:24 . 2008-02-03 16:24 268 --ah----- C:\sqmdata05.sqm
2008-02-03 16:24 . 2008-02-03 16:24 244 --ah----- C:\sqmnoopt05.sqm
2008-01-27 18:01 . 2008-01-27 18:01 <REP> d-------- C:\Program Files\Ubi Soft
2008-01-26 16:06 . 2008-02-08 18:26 <REP> d-------- C:\WINDOWS\system32\fr-fr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-27 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 12:44 --------- d-----w C:\Program Files\EA GAMES
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-06-29 11:47 461 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 19:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 19:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 19:10 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 18:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 13:04 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 18:11 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 15:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 11:31 1077328]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37 57344]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 18:49]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70256860-f0dd-11db-b3eb-000fb0e29385}]
\Shell\AutoRun\command - Scooter07.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 13:32:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-15 13:35:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 12:34:56
ComboFix2.txt 2008-02-14 09:35:12
.
2008-02-13 20:59:21 --- E O F ---

rapport hijack :
Logfile of HijackThis v1.99.1
Scan saved at 13:47:54, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 3213498609
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C8AEB8-1D2B-47FB-8E12-288682574BEE}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Re,

C'est quoi ça ? --> C:\antivirus sonia.zip

*****************

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

**************

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.