Bonjour,
Je vois que je ne suis pas la seule à avoir ce genre de prob.
Voici la fenêtre qui s'est ouverte à 2/3 reprises :

Il s'agit d'une fenêtre Java script ?????????????????????

Voici donc mon Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:56, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.labanquepostale.fr/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareup [...] TSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2921061091
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCD [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 10036 bytes

Pouvez-vous m'aider s'il vous plaît en me dissant ce que je dois fire.
Merci par avance.
alph'

Merci Angeldark pour ces informations. Je le fais de suite et reviendrais pour la suite.
Merci également pour ton tuto qui est clair, net et précis et qui va m'aider énormément.

alph'

On continue les recherches

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Voici le rappport comboFix :
ComboFix 08-05-12.1 - Utilisateur 2008-05-13 13:37:34.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.542 [GMT 2:00]
Endroit: E:\Combofix\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ATHPRXY(2).DLL

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.

2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 17:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 17:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-04-29 17:56 . 2008-04-29 17:56 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-04-27 18:46 . 2008-05-11 10:19 <REP> d-------- C:\Program Files\EzScrollBars
2008-04-22 19:14 . 2008-04-22 19:14 <REP> d-------- C:\Program Files\Scrollbar Skinner
2008-04-21 22:19 . 2008-04-21 22:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\GlobalSCAPE
2008-04-21 22:17 . 2008-04-21 22:17 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-04-21 00:21 . 2008-04-21 00:21 <REP> d-------- C:\Program Files\IVCsoft
2008-04-19 12:03 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-19 11:58 . 2008-04-19 11:58 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-19 10:51 . 2008-04-19 10:51 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\vlc
2008-04-19 10:40 . 2008-04-20 22:28 <REP> d-------- C:\Program Files\VideoLAN
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-18 17:18 . 2008-04-18 17:18 <REP> d-------- C:\Program Files\Real
2008-04-18 17:18 . 2008-04-18 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-15 14:00 . 2008-05-08 10:00 <REP> d-------- C:\Program Files\Spyware Terminator
2008-04-15 14:00 . 2008-05-13 09:00 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2008-04-15 14:00 . 2008-05-07 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-15 14:00 . 2008-04-15 14:00 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-14 15:33 . 2008-04-14 15:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 11:03 . 2008-04-14 11:02 36,683,501 --a------ C:\WINDOWS\LPT$VPN.213
2008-04-14 11:02 . 2008-04-14 11:03 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-14 11:02 . 2008-04-14 11:02 36,683,501 --a------ C:\WINDOWS\VPTNFILE.213

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 11:25 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\MailWasherPro
2008-05-11 08:26 --------- d-----r C:\Program Files\eFAVORIS
2008-05-07 22:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-29 15:56 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Canon
2008-04-28 21:04 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Acronis
2008-04-21 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 10:03 --------- d-----r C:\Program Files\Windows Media Connect 2
2008-04-18 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 18:49 --------- d-----w C:\Program Files\ESET
2008-04-15 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 09:03 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-14 09:03 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-14 09:03 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-14 09:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-09 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 13:47 --------- d-----w C:\Program Files\Symantec
2008-04-09 13:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-07 12:38 --------- d-----r C:\Program Files\Opera
2008-04-07 11:59 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 07:00 --------- d-----r C:\Program Files\PhoneDeck
2008-04-06 06:40 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-04-06 06:35 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\URSoft
2008-04-04 20:05 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 20:05 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-04 17:07 --------- d-----r C:\Program Files\Avira
2008-03-25 07:50 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\ma-config.com
2008-03-25 07:49 --------- d-----r C:\Program Files\ma-config.com
2008-03-22 14:53 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-03-21 18:33 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-03-17 15:44 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-17 15:44 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-17 15:44 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-16 15:59 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-03-16 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-03-15 16:43 --------- d-----w C:\Program Files\Java
2008-03-15 16:42 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-14 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 23:31 141 --sh--w C:\Program Files\Fichiers communs\Desktop.ini
2008-02-24 23:28 135 --sh--w C:\Program Files\Desktop.ini
2008-02-16 22:26 160,569 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2008-03-20 19:41 19456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 18:36 904880]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 18:08 140568]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 22:05 950664]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-15 14:00 2957824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 17:18 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TCASUTIEXE"=TCAUDIAG.exe -off
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
"CTHelper"=CTHELPER.EXE
"CTxfiHlp"=CTXFIHLP.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-08-02 17:04]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-02-26 14:26]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 17:23]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-15 14:00]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 20:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 13:22]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-08 12:19]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 11:53]
S3 gwiopm;gwiopm;C:\Program Files\My Drivers\gwiopm.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-05 07:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 13:43:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 13:46:31 - machine was rebooted [Utilisateur]
ComboFix-quarantined-files.txt 2008-05-13 11:46:27

Pre-Run: 61,576,613,888 octets libres
Post-Run: 62,797,127,680 octets libres

188 --- E O F --- 2008-04-20 23:07:34

Qu'en penses-tu ?
alph'

Voici donc le second rapport ComboFix après avoir désactivé antivirus etc...

ComboFix 08-05-12.1 - Utilisateur 2008-05-13 15:57:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.497 [GMT 2:00]
Endroit: E:\Combofix\ComboFix.exe
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.

2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-05-12 17:38 . 2008-05-12 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 17:38 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 17:38 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-04-29 17:56 . 2008-04-29 17:56 25,713 --a------ C:\WINDOWS\CSTBox.INI
2008-04-27 18:46 . 2008-05-11 10:19 <REP> d-------- C:\Program Files\EzScrollBars
2008-04-22 19:14 . 2008-04-22 19:14 <REP> d-------- C:\Program Files\Scrollbar Skinner
2008-04-21 22:19 . 2008-04-21 22:19 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\GlobalSCAPE
2008-04-21 22:17 . 2008-04-21 22:17 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-04-21 00:21 . 2008-04-21 00:21 <REP> d-------- C:\Program Files\IVCsoft
2008-04-19 12:03 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-19 11:58 . 2008-04-19 11:58 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-19 10:51 . 2008-04-19 10:51 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\vlc
2008-04-19 10:40 . 2008-04-20 22:28 <REP> d-------- C:\Program Files\VideoLAN
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-18 17:18 . 2008-04-18 17:18 <REP> d-------- C:\Program Files\Real
2008-04-18 17:18 . 2008-04-18 17:19 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-04-15 14:00 . 2008-05-08 10:00 <REP> d-------- C:\Program Files\Spyware Terminator
2008-04-15 14:00 . 2008-05-13 15:43 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Spyware Terminator
2008-04-15 14:00 . 2008-05-07 09:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-15 14:00 . 2008-04-15 14:00 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-14 15:33 . 2008-04-14 15:33 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-14 11:03 . 2008-04-14 11:02 36,683,501 --a------ C:\WINDOWS\LPT$VPN.213
2008-04-14 11:02 . 2008-04-14 11:03 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-14 11:02 . 2008-04-14 11:02 36,683,501 --a------ C:\WINDOWS\VPTNFILE.213

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 11:49 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\MailWasherPro
2008-05-11 08:26 --------- d-----r C:\Program Files\eFAVORIS
2008-05-07 22:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-29 15:56 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Canon
2008-04-28 21:04 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Acronis
2008-04-21 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-19 10:03 --------- d-----r C:\Program Files\Windows Media Connect 2
2008-04-18 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 18:49 --------- d-----w C:\Program Files\ESET
2008-04-15 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 09:03 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-04-14 09:03 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-04-14 09:03 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-04-14 09:02 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-04-09 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 13:47 --------- d-----w C:\Program Files\Symantec
2008-04-09 13:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-07 12:38 --------- d-----r C:\Program Files\Opera
2008-04-07 11:59 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 07:00 --------- d-----r C:\Program Files\PhoneDeck
2008-04-06 06:40 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-04-06 06:35 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\URSoft
2008-04-04 20:05 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-04 20:05 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-04 17:07 --------- d-----r C:\Program Files\Avira
2008-03-25 07:50 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\ma-config.com
2008-03-25 07:49 --------- d-----r C:\Program Files\ma-config.com
2008-03-22 14:53 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-03-21 18:33 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-03-17 15:44 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-17 15:44 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-17 15:44 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-16 15:59 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-03-16 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-03-15 16:43 --------- d-----w C:\Program Files\Java
2008-03-15 16:42 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-14 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 23:31 141 --sh--w C:\Program Files\Fichiers communs\Desktop.ini
2008-02-24 23:28 135 --sh--w C:\Program Files\Desktop.ini
2008-02-16 22:26 160,569 ----a-w C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-13_13.46.10.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 11:42:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 14:01:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 14:01:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2008-03-20 19:41 19456]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38 49152]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 18:36 904880]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 18:08 140568]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-04 22:05 950664]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-15 14:00 2957824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-18 17:18 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TCASUTIEXE"=TCAUDIAG.exe -off
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
"CTHelper"=CTHELPER.EXE
"CTxfiHlp"=CTXFIHLP.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-08-02 17:04]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-02-26 14:26]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 17:23]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-15 14:00]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 20:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 13:22]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-08 12:19]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 11:53]
S3 gwiopm;gwiopm;C:\Program Files\My Drivers\gwiopm.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/T&#402;ches planifi‚es'
"2008-05-09 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-05 07:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 16:03:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succ&#352;s
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 16:06:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 14:05:59
ComboFix2.txt 2008-05-13 11:46:32

Pre-Run: 62,802,571,264 octets libres
Post-Run: 62,789,165,056 octets libres

190 --- E O F --- 2008-04-20 23:07:34

J'attends ton avis. Est-ce que je dois faire autre chose maintenant ?
Gros merci et excellente journée.
alph'

Que veux-tu dire "même alerte" ????

alph'

Qu'est-ce que je dois faire ? je comprends pas trop ce que tu dis Je ne suis pas une pro en informatique mais je pense que tu l'avais compris.


alph'

Ce message n'est pas revenu depuis que je l'ai signalé hier.

Est-ce qu'il faut continuer les investigations ???

As-tu vu quelque chose d'anormal dans le rapport de comboFix ?

alph'

Je te remercie beaucoup pour ton aide. J'espère que maintenant tout est rentré dans l'ordre.

alph'

D'accord Angeldark, je n'y manquerai pas. J'ai énormément apprécié ton aide.

Bonne soirée.
alph'

Coucou Angeldark.

Un souci ne venant jamais seul, voici ce que j'ai eu ce matin :


J'ai donc passé, en mode sans échec :
* Malwarebytes' Anti-Malware. Il m'a trouvé un trojan dans le système volume information sur ma partition E.
* hijackthis
* ad-aware
* CCleaner
* spybot
Après le nettoyage avec Malwarebytes,
voici le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:56, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.labanquepostale.fr/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareup [...] TSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2921061091
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_12.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCD [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8028 bytes

Quel est ton avis ??
alph'

Bonjour,

Depuis mon nettoyage en profondeur il n'est pas revenu. J'espère que c'est bon signe

Je surveille quand même de très près.

Bonne journée et merci de m'avoir répondu.

alph'

Je te tiendrais au courant, avec plaisir.

alph'