Bonjour,
Mon PC est infecte depuis quelques jours apres avoir malheureusement clique sur un fichier downloade en P2P.
J'ai lu plusieurs messages sur le forum et ai applique plusieurs recommandations:
CCleaner, Ewido, smitfraudfix, spybots, ad-aware en mode sans echec.
La situation s'est amelioree, j'ai recupere les icones de la barre de taches mais je continu a avoir des signes deplaisants:
Pub porno qui apparraissent, explorer.exe buffer over run, et mon bon vieux Norton qui me signale (sans rien pouvoir y faire) les attaques de Trojan . zlob/ Vundo / spy sheriff / dowloader...
Je poste le log de HijackThis en attendant de l'aide.
Merci d'avance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:24 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HSMC] C:\Program Files\True\hi-Speed Navigator\cab\CreateShortCut.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Exbrayat\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [60418d09] rundll32.exe "C:\WINDOWS\system32\scbkxwko.dll",b
O4 - HKLM\..\Run: [BM6372be95] Rundll32.exe "C:\WINDOWS\system32\gwysuotd.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 7180588185
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/s [...] Plugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12519 bytes

Salut et merci pour la prise en charge!
Pas moyen de downloader combofix.exe. Jai essaye sur tous les liens presents 1 dans ton email et trois dans le Tuto. Le systeme me dit: Internet explorer cannot download combofix.ex from download.bleepingcomputer.com
Qu'est-ce que je peux faire?

OK c'est fait,
Voici le rapport
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 13:26:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.425 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM6372be95.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\derpvupw.ini
C:\WINDOWS\system32\FMVGffii.ini
C:\WINDOWS\system32\FMVGffii.ini2
C:\WINDOWS\system32\gwysuotd.dll
C:\WINDOWS\system32\kbikxhpd.dll
C:\WINDOWS\system32\kSDdLRqr.ini
C:\WINDOWS\system32\kSDdLRqr.ini2
C:\WINDOWS\system32\okwxkbcs.ini
C:\WINDOWS\system32\opnmKCUN.dll
C:\WINDOWS\system32\rgwvjymn.dll
C:\WINDOWS\system32\rqRLdDSk.dll
C:\WINDOWS\system32\scbkxwko.dll
C:\WINDOWS\system32\wpuvpred.dll
C:\WINDOWS\Tasks.\At1.job
C:\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zvtgrxky
-------\Legacy_zvtgrxky
-------\zvtgrxky


((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat
2008-04-02 16:10 . 2008-04-02 16:10 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 10:48 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21B4EF12-1DBA-4F4A-9E71-7D4FF1E85F45}]
C:\WINDOWS\system32\iiffGVMF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2cac086-8fbf-41e7-8382-a69c01fc0627}]
C:\WINDOWS\system32\fwaslhfw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-05-10 21:52 249856]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"HSMC"="C:\Program Files\True\hi-Speed Navigator\cab\CreateShortCut.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Host Process"="C:\Documents and Settings\Exbrayat\svchost.exe" [ ]
"60418d09"="C:\WINDOWS\system32\scbkxwko.dll" [ ]
"BM6372be95"="C:\WINDOWS\system32\gwysuotd.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hqachmoz]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 13:36:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-04-06 13:43:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 11:43:21
Pre-Run: 23,875,997,696 bytes free
Post-Run: 24,326,176,768 bytes free
.
2008-03-13 14:29:31 --- E O F ---

C'est fait, il y a eu redemarrage voila le rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 15:32:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.486 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ :#:
C:\Documents and Settings\Exbrayat :#:
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\taskkill.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 13:35 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 15:35:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 15:36:06
ComboFix-quarantined-files.txt 2008-04-06 13:35:49
ComboFix2.txt 2008-04-06 11:43:27
Pre-Run: 24,368,467,968 bytes free
Post-Run: 24,357,191,680 bytes free
.
2008-03-13 14:29:31 --- E O F ---

voila c'est fait. C'est l'icone de racourcis de combofix que j'ai sur le bureau. J'espere que c'est ok...
Voici le rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 16:40:19.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.449 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ :#:
.

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 13:36 . 2008-04-05 13:36 109,312 --a------ C:\WINDOWS\system32\oobnfvix.dat
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 15:55 . 2008-04-04 17:49 1,374 --ahs---- C:\WINDOWS\system32\mncehskl.ini
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:02 . 2008-04-04 15:53 1,194 --ahs---- C:\WINDOWS\system32\bjabtxch.ini
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 14:42 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 16:42:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 16:43:09
ComboFix-quarantined-files.txt 2008-04-06 14:42:58
ComboFix2.txt 2008-04-06 13:36:07
ComboFix3.txt 2008-04-06 11:43:27
Pre-Run: 24,349,614,080 bytes free
Post-Run: 24,339,320,832 bytes free
.
2008-03-13 14:29:31 --- E O F ---

Voila c'est fait. La rapport:
ComboFix 08-04-04.1 - Exbrayat 2008-04-06 17:35:41.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.466 [GMT 2:00]
Running from: C:\Documents and Settings\Exbrayat\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Exbrayat\Desktop\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\bjabtxch.ini
C:\WINDOWS\system32\fwaslhfw.dll
C:\WINDOWS\system32\iiffGVMF.dll
C:\WINDOWS\system32\mncehskl.ini
C:\WINDOWS\system32\oobnfvix.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
C:\WINDOWS\system32\bjabtxch.ini
C:\WINDOWS\system32\mncehskl.ini
C:\WINDOWS\system32\oobnfvix.dat

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-06 13:21 . 2008-04-06 13:21 <DIR> d-------- C:\Program Files\Opera
2008-04-06 05:40 . 2008-04-06 05:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-05 07:12 . 2008-04-05 07:12 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-04-05 04:28 . 2008-04-05 04:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 04:28 . 2008-04-05 04:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 19:09 . 2008-04-04 19:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:09 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 18:20 . 2008-04-04 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 18:20 . 2008-04-05 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 13:49 . 2008-04-05 06:30 4,896 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 17:17 . 2008-04-03 17:17 <DIR> d-------- C:\Program Files\CCleaner
2008-04-03 17:13 . 2008-04-03 17:13 <DIR> d-------- C:\Documents and Settings\Exbrayat\Application Data\Grisoft
2008-04-03 17:13 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 17:12 . 2008-04-03 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 14:59 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-03 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 14:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 18:05 . 2008-04-02 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-02 16:10 . 2008-04-02 16:54 <DIR> d--hs---- C:\Documents and Settings\Exbrayat\!
2008-04-02 16:10 . 2008-04-04 13:34 60,301 --------- C:\Documents and Settings\Exbrayat\zz.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-06 14:50 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\Skype
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Exbrayat\Application Data\uTorrent
2008-04-04 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 13:59 --------- d-----w C:\Program Files\LimeWire
2008-04-04 01:35 560 ----a-w C:\Documents and Settings\Exbrayat\Application Data\ViewerApp.dat
2008-04-03 13:00 --------- d-----w C:\Program Files\Java
2008-03-25 02:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2006-04-27 07:09 22,216 ----a-w C:\Documents and Settings\Exbrayat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CEBD20-AAD1-41AF-89E3-6A746EAC6EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8A12F4-DD9F-4604-9682-23D45E217FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCEB02A6-56CB-4AAD-A9BA-4E0D0A039D57}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 13:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 23:42 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 23:48 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 18:27 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 09:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 09:26 688218]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 08:37 88363 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-13 03:57 73728]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 11:05 122939]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-16 01:03 135168]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 00:03 1077301]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-15 02:45 352256]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-14 02:36 5525504]
"nwiz"="nwiz.exe" [2005-01-14 02:36 1490944 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-25 06:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-12-03 11:16:03 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-12-03 11:15:54 106496]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 23:35:49 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmKCUN]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.LEAD"= LCODCCMP.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 09:18]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 08:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-25 14:56:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Exbrayat.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 17:37:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-06 17:38:23
ComboFix-quarantined-files.txt 2008-04-06 15:38:07
ComboFix2.txt 2008-04-06 14:43:11
ComboFix3.txt 2008-04-06 13:36:07
ComboFix4.txt 2008-04-06 11:43:27
Pre-Run: 24,327,593,984 bytes free
Post-Run: 24,317,235,200 bytes free
.
2008-03-13 14:29:31 --- E O F ---

Le jour se leve plein de promesses!
J'ai efface zz.dat mais je n'arrive pas a mettre la main sur Exbrayat\! comment je dois faire pour me debarasser de ce fichier (la boucle serait bouclee - c'etait l'autre question poste sur le forum). Gestionnaire de fichier ou avec HijackThis?
En ce qui concerne les symptomes.... Plus rien, tout est calme! Merci, merci, merci!
J'ai reactive mon Norton pour l'instant, qu'est-il recommende de mettre en place pour etre mieux proteger qu'avec Norton?

Il est caché et système, voilà pourquoi tu ne le vois pas ^^

• Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK

• Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

• Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

Tu recoches ces options après !

Pour Norton, si tu peux, ce serait de mieux de changer.

Re,

Il n'y a pas besoin de payer pour être bien protégé.

Nous n'allons pas prendre une suite si ça ne te dérange pas ..
Mais puisque tu veux quelque chose de complet, je peux te proposer plusieurs choses.

Relance HiJackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked!

Je te conseille d'enlever msn et Skype au démarrage, pour optimiser ton démarrage.
Pour ceci, fixe également ces deux lignes -tu n'es pas obligé- :

********

Désinstalle via Ajout/Suppression de Programmes:

• LiveUpdate
• Norton
• Symantec
• Ad-Aware 2007

Puis supprime les dossiers correspondants :

• Dans Programfiles
• Dans Programfiles\Fichiers communs
• Dans Application Data (%userprofile%)
• Etc ... (tu dois pouvoir les trouver via une recherche Windows (prends soin d'afficher les fichiers cachés/systèmes avant.

Pour Norton, tu peux utiliser cet outil :
http://service1.symantec.com/SUPPO [...] 4110429924

Puis .....

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Antivirus:

Télécharge et installe Antivir. (tuto)
Vérifie qu%u2019il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).

Anti-Spywares:
Télécharge AVG Anti-Spyware Installes-le.
Si le lien ne fonctionne pas : >Clique ici<
Lance AVG et fais une mise à jour.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglet comment réagir, clique sur Actions recommandées. Choisis Quarantaine.

Ou bien Spybot

Parefeu:

Je t'en propose plusieurs (à toi de choisir!) :
Sygate, Oupost, Kerio, ou encore Zone Alarm, etc ....
Désactive le parefeu de Windows après avoir installé un nouveau parefeu
Tuto.

Voila tout est en place, pour le parefeu je m'y suis pris a deux fois. La premiere j'ai installe sygate en suivant le lien.... en allemand... J'ai des notions mais je n'etais pas a l'aise. J'ai desinstalle puis installe Kerio. Tout est calme et semble bien se passer. Quand la periode des 30 jours d'essais avec Kerio est au bout, et que certaine fonctions sont enlevees, c'est encore satisfaisant comme protection?
Deux questions: 1 la mise a jour de la base de donnee virus est elle automatique pour antivir et AVG ou je dois pousser sur le bouton chaque mois?
2 Certaines videos ne fonctionnent plus. Media player demarre et j'entends le son uniquement pour certaines, rien ne se passe pour d'autres, tout est normal pour d'autres.

Merci pour tes commentaires.

Re,

Pour Antivir, scan beaucoup trop court .

Pour AntiVir, oui elle est automatique.

Pour avg, au bout de 30 jours, tu perds la protection résidente (on s'en fout) et les MAJ automatiques, tu as juste à faire un click..

Pour les vidéos, je ne peux t'en dire plus .. Essaie de réinstaller ou bien avec un autre lecteur.

Pour LimeWire, tu dois l'autoriser via le parefeu.

Pour Kerio, je n'ai jamais eu l'occasion de l'utiliser, tu verras

D'autres questions ?

Où habites-tu ?

Quelques dernières vérifications et bientôt fini

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

Reposte un HijackThis