Virus Cheval de troie, insuprimable...

Voici mon rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:05, on 2009-01-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Starttext.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.csmv.qc.ca/EduGroupe/Anonym/Accueil.fr.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cmvic-pro.csmv.qc.ca:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DeskSpace] D:\Program Files\DeskSpace\deskspace.exe
O4 - HKCU\..\Run: [QUAD Scheduler] D:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] D:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: RocketDock.lnk = D:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.ca/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PED.CSMV.QC.CA
O17 - HKLM\Software\..\Telephony: DomainName = PED.CSMV.QC.CA
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PED.CSMV.QC.CA
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Voici mon rapport combofix:

ComboFix 09-01-05.02 - Maxime 2009-01-05 14:15:03.4 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.502.317 [GMT -5:00]
Lancé depuis: c:\documents and settings\Maison\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-03 16:32 . 2009-01-03 16:32 244 --ah----- C:\sqmnoopt06.sqm
2009-01-03 16:32 . 2009-01-03 16:32 232 --ah----- C:\sqmdata06.sqm
2009-01-03 15:06 . 2009-01-03 15:06 244 --ah----- C:\sqmnoopt05.sqm
2009-01-03 15:06 . 2009-01-03 15:06 232 --ah----- C:\sqmdata05.sqm
2009-01-03 14:33 . 2009-01-03 16:33 <REP> d-------- c:\windows\LastGood
2009-01-03 14:33 . 2009-01-03 14:40 <REP> d-------- c:\windows\BDOSCAN8
2009-01-03 14:28 . 2009-01-03 14:28 <REP> d-------- c:\documents and settings\Maison\Application Data\Yahoo!
2009-01-03 13:50 . 2009-01-03 13:50 <REP> d-------- c:\documents and settings\Maison\Application Data\Malwarebytes
2009-01-03 13:50 . 2009-01-03 13:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 13:50 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 13:50 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 11:08 . 2008-12-23 11:08 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-23 11:08 . 2008-12-23 11:08 1,409 --a------ c:\windows\QTFont.for
2008-12-17 17:25 . 2009-01-03 15:26 22 --a------ c:\windows\system32\Nouveau Archive WinRAR ZIP.zip
2008-12-17 08:21 . 2008-12-17 16:58 <REP> d-------- c:\program files\The Cleaner Demo
2008-12-17 08:18 . 2008-12-17 08:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Webroot
2008-12-16 22:09 . 2009-01-05 11:24 4 --a------ c:\windows\vfzlqkka
2008-12-16 20:48 . 2008-12-16 20:48 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-16 19:12 . 2008-12-16 19:12 <REP> d-------- c:\windows\LastGood.Tmp
2008-12-12 20:04 . 2008-12-12 20:04 <REP> d-------- c:\documents and settings\Maison\Application Data\OtakuSoftware
2008-12-05 20:33 . 2008-12-16 19:05 1,940 --a------ c:\windows\huyhngwn
2008-12-05 20:31 . 2008-12-05 20:31 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 19:53 . 2008-12-05 19:53 <REP> d-------- c:\documents and settings\Maison\Application Data\Thinking Minds Budiling Bytes
2008-12-05 18:49 . 2008-12-05 18:49 <REP> d-------- c:\program files\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 19:10 --------- d-----w c:\documents and settings\Maison\Application Data\Azureus
2009-01-04 01:51 --------- d-----w c:\program files\Yahoo!
2008-12-17 00:04 --------- d-----w c:\documents and settings\Maison\Application Data\DNA
2008-12-06 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-25 13:34 --------- d-----w c:\program files\Hop! Écrire
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-02-26 16:52 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-02-26 16:52 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-26 16:52 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-02-26 16:52 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-02-26 16:52 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-02-03 01:31 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-09-06 21:31 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-08-30 22:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat
2007-08-31 20:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083120070901\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-03_14.21.37,26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 19:33:32 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-01-03 19:33:33 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2009-01-03 19:33:33 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2009-01-03 19:33:35 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-01-03 19:33:36 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2009-01-03 19:33:34 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2008-01-09 20:01:48 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2007-10-22 08:31:06 76,808 ----a-w c:\windows\LastGood\system32\directx\websetup\dsetup.dll
+ 2007-10-22 08:31:06 1,673,224 ----a-w c:\windows\LastGood\system32\directx\websetup\dsetup32.dll
- 2008-04-30 15:25:34 345,016 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-04 15:18:40 344,216 ----a-w c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-08 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - d:\program files\RocketDock\RocketDock.exe [2008-01-31 495616]

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0/u\[u]0/u]
"Script"=ajouterAuGroupeAdministrateurs.Vbs

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Maison^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Maison\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-23 22:40 196608 c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
--a------ 2005-01-21 21:48 675840 c:\program files\TOSHIBA\E-KEY\CeEKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 12:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2004-12-23 18:07 28672 c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-01-24 16:15 473600 c:\program files\TOSHIBA\Reminder\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2004-12-21 09:48 118784 c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2004-12-27 10:26 61440 c:\program files\TOSHIBA\Windows Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
--a------ 2004-12-17 11:48 86016 c:\program files\TOSHIBA\TME3\TMERzCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
--a------ 2004-11-22 15:02 126976 c:\program files\TOSHIBA\TME3\TMESRV31.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
--a------ 2005-01-14 13:40 24576 c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
--a------ 2004-11-29 21:06 53248 c:\program files\TOSHIBA\TouchPad\TPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-10-28 14:37 88363 c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
--a------ 2005-01-24 13:51 28672 c:\windows\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2004-12-17 14:23 266240 c:\windows\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
--a------ 2004-07-14 16:07 24576 c:\windows\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Robolab 2.5.4\\Robolab254.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-12-06 58464]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-11-24 270888]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2008-11-24 65576]
S0 vfzlqkka;vfzlqkka;c:\windows\system32\drivers\bcxdpsho.sys []
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2005-03-04 5888]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2003-06-24 17920]
S3 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);c:\windows\system32\drivers\PSSensor.sys [2004-07-27 15744]
S4 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-04-23 107102]
S4 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-04-18 36463]
S4 SbPF.Launcher;SbPF.Launcher;d:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S4 SPF4;Sunbelt Personal Firewall 4;d:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S4 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.EXE [2005-03-04 126976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dbc9bdc-99f0-11dc-a72a-0012f0619836}]
\Shell\AutoRun\command - PortableApps\RocketDock USB\RocketDock.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3154e5-5cd1-11da-8ba8-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-24 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2005-11-24 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]

2005-11-24 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]

2005-11-24 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://portail.csmv.qc.ca/EduGroupe/Anonym/Accueil.fr.aspx
uInternet Settings,ProxyServer = cmvic-pro.csmv.qc.ca:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Maison\Application Data\Mozilla\Firefox\Profiles\[u]0/u3kddmgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 14:15:46
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\bcxdpsho.sys 25088 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
Heure de fin: 2009-01-05 14:16:40
ComboFix-quarantined-files.txt 2009-01-05 19:16:25
ComboFix2.txt 2009-01-05 19:13:51
ComboFix3.txt 2009-01-03 19:22:21

Avant-CF: 7 085 404 160 octets libres
Après-CF: 7,034,572,800 octets libres

220



Et mon rapport hijack this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:41, on 2009-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.csmv.qc.ca/EduGroupe/Anonym/Accueil.fr.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cmvic-pro.csmv.qc.ca:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: RocketDock.lnk = D:\Program Files\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://toshibatec.ca/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PED.CSMV.QC.CA
O17 - HKLM\Software\..\Telephony: DomainName = PED.CSMV.QC.CA
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PED.CSMV.QC.CA
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

j'ai fermé mon ordinateur et j'ai laisser ouvrir windows xp normalement et il y a toujours un écran bleu, mon ordi ne marche qu'en mode sans échec...

Quoi faire?!?

merci

ca ne fonctionne toujours pas...

Je démare window, ensuite il y a le logo windows abituel avec le chargement en-dessous et
il y a toujours le meme écran bleu avec un long texte,il dit quelque chose comme sa:

''vidage le la mémoire physique sur le disque''

et apres on voit le poucentage de l'opperration en bas et mon ordi se ferme, et sa recommence
ainsi de suite lorsque je l'ouvre.

merci A+

salut, j'ai nettoyer le disque, et ensuite lorsque je lai redémarer, jai peser sur F8 et jai regarder les differentes options et jai vu: Dernière bonne configuration connue (Vos dernier paramètres fonctionnels). Ensuite mon ordi a demare normalement et lorsque je l'ouvre il ny a plus décran bleu.

Alors je crois qu'il n'y a plus de problèmes...

appart le fait que lorsque j'écrit, meme après l'avoir redemarrer, tout apparait vraiment en retard... Ca prend toujours quelques secondes avant d'apparaitre... Avant le virus, ca ne faisait pas sa...

Y a t-il quelque chose a faire?

Et je voulais savoir: Quel en tivirus est le meilleur entre Kaspersky Antivirus 2009 et la version gratuite de McAfee, car kaspersky ne peut pas fonctionner avec un autre antivirus, ou si tu a un autre antivirus gratuit meilleur, peut tu me le dire...

Merci !!!

Merci Beaucoup de m'avoir aider, je t'en remercie!!!

Oh oui, j'oubliais...

lorsque j'ouvre ma session sur mon pc, tout ce que j'écrit apparait en retard, quelque seconde après l'avoir taper, y a t'il quelque chose a faire?

mais lorsque j'entre mon nom d'utilisateur et mon mot de passe, j'écrit normalement sans ralentissement.

Merci A+