Ok ca marche c'est bien ce que j'ai fait!

Donc rien à signaler du côté des clés!

Si, il y avait quelques petites choses infectieuses, on va voir si c'est encore là.
J'aimerais un nouveau rapport ComboFix, mais la version que tu utilisés a été mise à jour depuis.
Télécharge-la à nouveau et écrase l'ancien fichier .exe de combofix qui se trouve sur ton bureau.

Je te remets les infos pour la procédure, le lien, etc :
Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Voila le rapport:

Y'a un nouveau virus qui s'est manifesté pendant l'analyse: Agent.3648.1 détecté par Antivir....


ComboFix 08-04-14.2 - Bernard Jabet 2008-04-15 22:24:45.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.273 [GMT 2:00]
Endroit: C:\Documents and Settings\Bernard Jabet\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 12:28 . 2008-04-14 12:28 8 --a------ C:\WINDOWS\system32\20625fb0
2008-04-13 22:36 . 2008-04-13 22:36 <REP> d-------- C:\VundoFix Backups
2008-04-13 18:10 . 2008-04-13 21:41 3,382 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-13 18:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 18:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 18:09 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 18:09 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 18:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 18:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 18:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 16:05 . 2008-04-13 16:05 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-04-13 15:43 . 2008-04-13 15:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 11:38 . 2008-04-13 11:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-11 09:29 . 2008-04-11 09:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\qlkfsvml
2008-04-10 22:59 . 2008-04-10 22:59 <REP> d-------- C:\Program Files\TOSHIBA
2008-04-10 22:34 . 2008-04-10 22:34 <REP> d-------- C:\Program Files\EzButton
2008-04-10 22:34 . 2008-04-10 22:34 77 --a------ C:\WINDOWS\EzButton.UNI
2008-04-10 22:33 . 2004-08-30 15:55 131,072 --a------ C:\WINDOWS\UNINST32.EXE
2008-04-10 22:33 . 2004-08-30 15:56 17,497 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-04-10 22:31 . 2008-04-10 22:31 <REP> d-------- C:\WINDOWS\Drivers
2008-04-08 22:58 . 2008-04-08 23:10 <REP> d-------- C:\ConvertTemp
2008-04-07 13:10 . 2008-04-07 13:10 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 21:38 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 21:38 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 20:31 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-26 20:31 . 2008-03-26 20:31 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-26 20:31 . 2008-03-26 20:31 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-20 19:03 . 2008-03-20 19:03 <REP> d-------- C:\Program Files\Logiciel Soliland
2008-03-20 19:03 . 2007-12-15 16:14 537,872 --a------ C:\WINDOWS\system32\msxml20.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 20:37 --------- d-----w C:\Program Files\Intel
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-21 22:49 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\SolidWorks
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:46 --------- d-----w C:\Program Files\Conquist
2008-03-07 15:28 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\DAEMON Tools
2008-03-06 12:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-06 12:41 --------- d--h--r C:\Documents and Settings\Bernard Jabet\Application Data\SecuROM
2008-03-06 10:08 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 00:05 --------- d-----w C:\Program Files\Windows Live
2008-02-24 16:05 --------- d-----w C:\Program Files\MSN Games
2008-02-24 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 16:03 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\iWin
2008-02-21 22:38 --------- d-----w C:\Program Files\QuickTime
2008-02-21 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 16:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 10:58 --------- d-----w C:\Program Files\VirginMega
2008-02-20 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-04-21 19:26 51,128 ----a-w C:\Documents and Settings\Bernard Jabet\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_13.25.50.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 11:16:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 17:54:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 00:36:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"soliland"="C:\Program Files\Logiciel Soliland\SolilandUpdate.exe" [2007-12-24 02:49 148992]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-08-30 15:55 712704]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 11:14 118784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:46 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\Deamon\daemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\age2_x1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\empires2.exe"=
"C:\\Anno 1701\\Anno1701.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15643:TCP"= 15643:TCP:NortonAV
"13436:TCP"= 13436:TCP:NortonAV
"15692:TCP"= 15692:TCP:NortonAV
"12082:TCP"= 12082:TCP:NortonAV
"17954:TCP"= 17954:TCP:NortonAV
"16708:TCP"= 16708:TCP:NortonAV
"14287:TCP"= 14287:TCP:NortonAV
"16133:TCP"= 16133:TCP:NortonAV
"13134:TCP"= 13134:TCP:NortonAV
"12149:TCP"= 12149:TCP:NortonAV
"15482:TCP"= 15482:TCP:NortonAV

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\3o.exe
\Shell\explore\Command - F:\3o.exe
\Shell\open\Command - F:\3o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47da60f8-d4f4-11dc-bcbc-000e35ed2a41}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48085ac4-bea8-11dc-bc81-000e35ed2a41}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d0eec80-6600-11dc-bbb2-000e35ed2a41}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ad04f6-321d-11dc-bb88-000e35ed2a41}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9518cc-c385-11dc-bc8a-000e35ed2a41}]
\Shell\AutoRun\command - u2.cmd
\Shell\explore\Command - u2.cmd
\Shell\open\Command - u2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3839ce3-f25e-11db-bb42-000e35ed2a41}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba401b99-6543-11dc-bbb0-000e35ed2a41}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caed68e9-db5b-11db-b06c-000fb05a6e2a}]
\Shell\AutoRun\command - E:\b.com
\Shell\explore\Command - E:\b.com
\Shell\open\Command - E:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b4-bd56-11dc-bc7b-000e35ed2a41}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b5-bd56-11dc-bc7b-000e35ed2a41}]
\Shell\AutoRun\command - wscript.exe .\`.vbs
\Shell\open\command - wscript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef036ee-ef43-11dc-bd1f-000e35ed2a41}]
\Shell\AutoRun\command - E:\b.com
\Shell\explore\Command - E:\b.com
\Shell\open\Command - E:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbb528-a663-11dc-bc39-000e35ed2a41}]
\Shell\AutoRun\command - x6.bat
\Shell\explore\Command - x6.bat
\Shell\open\Command - x6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46c6fd0-e9e3-11db-b06f-000fb05a6e2a}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-10 21:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 22:28:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-15 22:29:49
ComboFix-quarantined-files.txt 2008-04-15 20:29:41
ComboFix2.txt 2008-04-15 00:44:51
ComboFix3.txt 2008-04-14 11:27:53

Pre-Run: 48,955,969,536 octets libres
Post-Run: 48,946,683,904 octets libres
.
2008-04-08 18:17:38 --- E O F ---

Il y a encore des choses à faire, on s'occupe de ça "à la main".

Crée un fichier texte nommé CFScript.txt

Double clique pour l'ouvrir, et copie colle ceci dedans :

File::
C:\WINDOWS\system32\tmp.reg
C:\Users\ordi\AppData\Local\Temp\vwetcogc.dll
C:\Documents and Settings\Bernard Jabet\Application Data\GDIPFONTCACHEV1.DAT

Folder::
C:\Documents and Settings\All Users\Application Data\qlkfsvml

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47da60f8-d4f4-11dc-bcbc-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48085ac4-bea8-11dc-bc81-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d0eec80-6600-11dc-bbb2-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ad04f6-321d-11dc-bb88-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9518cc-c385-11dc-bc8a-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3839ce3-f25e-11db-bb42-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba401b99-6543-11dc-bbb0-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caed68e9-db5b-11db-b06c-000fb05a6e2a}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b4-bd56-11dc-bc7b-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b5-bd56-11dc-bc7b-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef036ee-ef43-11dc-bd1f-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbb528-a663-11dc-bc39-000e35ed2a41}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46c6fd0-e9e3-11db-b06f-000fb05a6e2a}]

DirLook::
C:\WINDOWS\system32\20625fb0

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Voila le dernier rapport de combofix.

ComboFix 08-04-14.2 - Bernard Jabet 2008-04-16 1:00:15.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.182 [GMT 2:00]
Endroit: C:\Documents and Settings\Bernard Jabet\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bernard Jabet\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Documents and Settings\Bernard Jabet\Application Data\GDIPFONTCACHEV1.DAT
C:\Users\ordi\AppData\Local\Temp\vwetcogc.dll
C:\WINDOWS\system32\tmp.reg
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\qlkfsvml
C:\Documents and Settings\All Users\Application Data\qlkfsvml\qvybqtkz.exe
C:\Documents and Settings\Bernard Jabet\Application Data\GDIPFONTCACHEV1.DAT
C:\WINDOWS\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 12:28 . 2008-04-14 12:28 8 --a------ C:\WINDOWS\system32\20625fb0
2008-04-13 22:36 . 2008-04-13 22:36 <REP> d-------- C:\VundoFix Backups
2008-04-13 18:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 18:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 18:09 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 18:09 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 18:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 18:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 18:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 16:05 . 2008-04-13 16:05 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-04-13 15:43 . 2008-04-13 15:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 11:38 . 2008-04-13 11:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 22:59 . 2008-04-10 22:59 <REP> d-------- C:\Program Files\TOSHIBA
2008-04-10 22:34 . 2008-04-10 22:34 <REP> d-------- C:\Program Files\EzButton
2008-04-10 22:34 . 2008-04-10 22:34 77 --a------ C:\WINDOWS\EzButton.UNI
2008-04-10 22:33 . 2004-08-30 15:55 131,072 --a------ C:\WINDOWS\UNINST32.EXE
2008-04-10 22:33 . 2004-08-30 15:56 17,497 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-04-10 22:31 . 2008-04-10 22:31 <REP> d-------- C:\WINDOWS\Drivers
2008-04-08 22:58 . 2008-04-08 23:10 <REP> d-------- C:\ConvertTemp
2008-04-07 13:10 . 2008-04-07 13:10 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 21:38 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 21:38 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 20:31 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-26 20:31 . 2008-03-26 20:31 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-26 20:31 . 2008-03-26 20:31 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-20 19:03 . 2008-03-20 19:03 <REP> d-------- C:\Program Files\Logiciel Soliland
2008-03-20 19:03 . 2007-12-15 16:14 537,872 --a------ C:\WINDOWS\system32\msxml20.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 20:37 --------- d-----w C:\Program Files\Intel
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-21 22:49 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\SolidWorks
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:46 --------- d-----w C:\Program Files\Conquist
2008-03-07 15:28 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\DAEMON Tools
2008-03-06 12:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-06 12:41 --------- d--h--r C:\Documents and Settings\Bernard Jabet\Application Data\SecuROM
2008-03-06 10:08 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 00:05 --------- d-----w C:\Program Files\Windows Live
2008-02-24 16:05 --------- d-----w C:\Program Files\MSN Games
2008-02-24 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 16:03 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\iWin
2008-02-21 22:38 --------- d-----w C:\Program Files\QuickTime
2008-02-21 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 16:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 10:58 --------- d-----w C:\Program Files\VirginMega
2008-02-20 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\20625fb0 ----

C:\WINDOWS\system32\20625fb0\


((((((((((((((((((((((((((((( snapshot@2008-04-14_13.25.50.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 11:16:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 22:53:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 22:53:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"soliland"="C:\Program Files\Logiciel Soliland\SolilandUpdate.exe" [2007-12-24 02:49 148992]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-08-30 15:55 712704]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 11:14 118784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:46 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\Deamon\daemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\age2_x1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\empires2.exe"=
"C:\\Anno 1701\\Anno1701.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15643:TCP"= 15643:TCP:NortonAV
"13436:TCP"= 13436:TCP:NortonAV
"15692:TCP"= 15692:TCP:NortonAV
"12082:TCP"= 12082:TCP:NortonAV
"17954:TCP"= 17954:TCP:NortonAV
"16708:TCP"= 16708:TCP:NortonAV
"14287:TCP"= 14287:TCP:NortonAV
"16133:TCP"= 16133:TCP:NortonAV
"13134:TCP"= 13134:TCP:NortonAV
"12149:TCP"= 12149:TCP:NortonAV
"15482:TCP"= 15482:TCP:NortonAV

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\3o.exe
\Shell\explore\Command - F:\3o.exe
\Shell\open\Command - F:\3o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47da60f8-d4f4-11dc-bcbc-000e35ed2a41}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48085ac4-bea8-11dc-bc81-000e35ed2a41}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d0eec80-6600-11dc-bbb2-000e35ed2a41}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ad04f6-321d-11dc-bb88-000e35ed2a41}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9518cc-c385-11dc-bc8a-000e35ed2a41}]
\Shell\AutoRun\command - u2.cmd
\Shell\explore\Command - u2.cmd
\Shell\open\Command - u2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3839ce3-f25e-11db-bb42-000e35ed2a41}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba401b99-6543-11dc-bbb0-000e35ed2a41}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caed68e9-db5b-11db-b06c-000fb05a6e2a}]
\Shell\AutoRun\command - E:\b.com
\Shell\explore\Command - E:\b.com
\Shell\open\Command - E:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b4-bd56-11dc-bc7b-000e35ed2a41}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b5-bd56-11dc-bc7b-000e35ed2a41}]
\Shell\AutoRun\command - wscript.exe .\`.vbs
\Shell\open\command - wscript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef036ee-ef43-11dc-bd1f-000e35ed2a41}]
\Shell\AutoRun\command - E:\b.com
\Shell\explore\Command - E:\b.com
\Shell\open\Command - E:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbb528-a663-11dc-bc39-000e35ed2a41}]
\Shell\AutoRun\command - x6.bat
\Shell\explore\Command - x6.bat
\Shell\open\Command - x6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46c6fd0-e9e3-11db-b06f-000fb05a6e2a}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-10 21:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 01:03:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-16 1:05:02
ComboFix-quarantined-files.txt 2008-04-15 23:04:43
ComboFix2.txt 2008-04-15 20:29:50
ComboFix3.txt 2008-04-15 00:44:51
ComboFix4.txt 2008-04-14 11:27:53

Pre-Run: 48,944,062,464 octets libres
Post-Run: 48,934,723,584 octets libres
.
2008-04-08 18:17:38 --- E O F ---

C'est normal qu'il y ait autant de virus sur un seul PC? J'ai avast et je pensais que c'était un bon antivirus...

Avast ne voit pas grand chose... tu en as la preuve. Sur les forums de désinfections, plus de 9 cas sur 10 de machines infectées ont Avast qui tourne et qui ne signale rien ou ou alors détecte un fichier, l'efface, mais l'infection se régénère.

J'ai oublié un petit signe dans le script, il faut en refaire un avec ceci :

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47da60f8-d4f4-11dc-bcbc-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48085ac4-bea8-11dc-bc81-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d0eec80-6600-11dc-bbb2-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81ad04f6-321d-11dc-bb88-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9518cc-c385-11dc-bc8a-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3839ce3-f25e-11db-bb42-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba401b99-6543-11dc-bbb0-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caed68e9-db5b-11db-b06c-000fb05a6e2a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b4-bd56-11dc-bc7b-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce4dc4b5-bd56-11dc-bc7b-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef036ee-ef43-11dc-bd1f-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cffbb528-a663-11dc-bc39-000e35ed2a41}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f46c6fd0-e9e3-11db-b06f-000fb05a6e2a}]

Le rapport de ComboFix:

ComboFix 08-04-14.2 - Bernard Jabet 2008-04-16 11:45:17.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.209 [GMT 2:00]
Endroit: C:\Documents and Settings\Bernard Jabet\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bernard Jabet\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 12:28 . 2008-04-14 12:28 8 --a------ C:\WINDOWS\system32\20625fb0
2008-04-13 22:36 . 2008-04-13 22:36 <REP> d-------- C:\VundoFix Backups
2008-04-13 18:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 18:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 18:09 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 18:09 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 18:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 18:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 18:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 16:05 . 2008-04-13 16:05 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-04-13 15:43 . 2008-04-13 15:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 11:38 . 2008-04-13 11:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Program Files\Avira
2008-04-12 16:40 . 2008-04-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-10 22:59 . 2008-04-10 22:59 <REP> d-------- C:\Program Files\TOSHIBA
2008-04-10 22:34 . 2008-04-10 22:34 <REP> d-------- C:\Program Files\EzButton
2008-04-10 22:34 . 2008-04-10 22:34 77 --a------ C:\WINDOWS\EzButton.UNI
2008-04-10 22:33 . 2004-08-30 15:55 131,072 --a------ C:\WINDOWS\UNINST32.EXE
2008-04-10 22:33 . 2004-08-30 15:56 17,497 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-04-10 22:31 . 2008-04-10 22:31 <REP> d-------- C:\WINDOWS\Drivers
2008-04-08 22:58 . 2008-04-08 23:10 <REP> d-------- C:\ConvertTemp
2008-04-07 13:10 . 2008-04-07 13:10 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-06 21:38 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 21:38 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 20:31 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-26 20:31 . 2008-03-26 20:31 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-26 20:31 . 2008-03-26 20:31 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-20 19:03 . 2008-03-20 19:03 <REP> d-------- C:\Program Files\Logiciel Soliland
2008-03-20 19:03 . 2007-12-15 16:14 537,872 --a------ C:\WINDOWS\system32\msxml20.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 20:37 --------- d-----w C:\Program Files\Intel
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-21 22:49 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\SolidWorks
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:46 --------- d-----w C:\Program Files\Conquist
2008-03-07 15:28 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\DAEMON Tools
2008-03-06 12:41 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-06 12:41 --------- d--h--r C:\Documents and Settings\Bernard Jabet\Application Data\SecuROM
2008-03-06 10:08 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 00:05 --------- d-----w C:\Program Files\Windows Live
2008-02-24 16:05 --------- d-----w C:\Program Files\MSN Games
2008-02-24 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 16:03 --------- d-----w C:\Documents and Settings\Bernard Jabet\Application Data\iWin
2008-02-21 22:38 --------- d-----w C:\Program Files\QuickTime
2008-02-21 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 16:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-20 10:58 --------- d-----w C:\Program Files\VirginMega
2008-02-20 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-05 21:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_13.25.50.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 11:16:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 09:36:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 09:36:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"soliland"="C:\Program Files\Logiciel Soliland\SolilandUpdate.exe" [2007-12-24 02:49 148992]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-08-30 15:55 712704]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-04-30 11:14 118784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-12 16:46 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\Deamon\daemon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\age2_x1.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Bernard Jabet\\Bureau\\Age Of Empire-II The Conquerors\\empires2.exe"=
"C:\\Anno 1701\\Anno1701.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15643:TCP"= 15643:TCP:NortonAV
"13436:TCP"= 13436:TCP:NortonAV
"15692:TCP"= 15692:TCP:NortonAV
"12082:TCP"= 12082:TCP:NortonAV
"17954:TCP"= 17954:TCP:NortonAV
"16708:TCP"= 16708:TCP:NortonAV
"14287:TCP"= 14287:TCP:NortonAV
"16133:TCP"= 16133:TCP:NortonAV
"13134:TCP"= 13134:TCP:NortonAV
"12149:TCP"= 12149:TCP:NortonAV
"15482:TCP"= 15482:TCP:NortonAV

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-10 21:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 11:48:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-16 11:50:34
ComboFix-quarantined-files.txt 2008-04-16 09:50:19
ComboFix2.txt 2008-04-15 23:05:03
ComboFix3.txt 2008-04-15 20:29:50
ComboFix4.txt 2008-04-15 00:44:51
ComboFix5.txt 2008-04-14 11:27:53

Pre-Run: 48,874,401,792 octets libres
Post-Run: 48,864,624,640 octets libres
.
2008-04-08 18:17:38 --- E O F ---

Je te met aussi le rapport de HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logiciel Soliland\SolilandUpdate.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast\Avast4\ashMaiSv.exe
C:\Program Files\Avast\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [soliland] C:\Program Files\Logiciel Soliland\SolilandUpdate.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: logiciel Soliland - {8354F0FE-550E-4E14-AFE1-E5CEF9009311} - C:\Program Files\Logiciel Soliland\soliland.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE62BD-E789-42EE-B15E-B8CCB1C48249}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7902 bytes

Clean.
Je suppose que tu n'as plus de symptômes infectieux ?

Si oui, je te recommande vivement la lecture de cet article (par Gof), pour les clés USB infectées :
les-infections-se-propageant-par-les-supports-amovibles-t25796.html
Il explique aussi comment "vacciner" les clés et disques durs contre cette infection.

* Tu peux désinstaller combofix : entre combofix /u dans la boite exécuter du menu démarrer.
Après cela, efface ce dossier s'il existe encore.
C:\QooBox
et ça aussi
C:\vundofix backups

* Désinstalle SDFix par ajout/suppression de programmes.
Les autres peuvent se supprimer par leur dossier et/ou icône.

Ca roule!
J'ai l'impression que mon PC est tout neuf

Merci beaucoup de ton aide!

Impec, tu peux marquer résolu dans le titre, en éditant le premier post.

Pour des conseils plus généraux : voici un récapitulatif avec des explications commentées sur les moyens de prévention, éviter l'infection avant qu'elle ne survienne.
prevention-comment-eviter-bien-des-infections-t24540.html

Tu vas rire mais c'est pas fini!!!

J'ai fait un scan avec Antivir qui m'a retrouvé des virus! C'est le même troyan trundo.gen mais tous les fichiers attaché à celui-ci sont des dll.vir

Bizarement, je n'ai pas branché de disque durs externe ni autre périphérique. Je me demande si l'infection ne vient pas de ma boîte mail... C'est possible?

Je t'envoie le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logiciel Soliland\SolilandUpdate.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BERNAR~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [soliland] C:\Program Files\Logiciel Soliland\SolilandUpdate.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: logiciel Soliland - {8354F0FE-550E-4E14-AFE1-E5CEF9009311} - C:\Program Files\Logiciel Soliland\soliland.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE62BD-E789-42EE-B15E-B8CCB1C48249}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{38135541-907D-4B4B-8BB9-00FDEA884AB0}: NameServer = 213.244.0.15,213.244.0.16
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7451 bytes

C'est normal. Le log est propre, ce qui veut dire que ce que tu trouve, ce sont sans doute des résidus inactifs, HJt montre ce qui est actif ou "démarrable".

Nettoie avec Antivir, mets en quarantaine, dans le doute, et tu peux poster le rapport.
Si Antivir coince pour nettoyer, fais le scan en mode sans échec.

Ok ca marche!

Merci encore!