Need help to remove BankerFox.A and Win32/Nuqel.E

that's really weird. i launched my computer in the safe mode but it told me the same thing.
real time scanners are active (approximation translation from french):

- antivirus: avast!antivirus 4.8.1229 [VPS 090303-2]
- antispyware: avast!antivirus 4.8.1229 [VPS 090303-2]

and i was under the safe mode of windows it was written on the corners of the desktop.

Hello.
I know, the AV is still there, but it's not active.

Hello, here is the combofix log:

ComboFix 10-02-25.02 - Litale 27/02/2010 23:37:01.1.2 - x86 MINIMAL
Microsoft Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3061.2613 [GMT 1:00]
Lancé depuis: c:\users\Litale\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090303-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 090303-2] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-27 au 2010-02-27 ))))))))))))))))))))))))))))))))))))
.

2010-02-27 22:44 . 2010-02-27 22:44 -------- d-----w- c:\users\Litale\AppData\Local\temp
2010-02-27 22:44 . 2010-02-27 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-23 21:13 . 2010-02-23 21:13 -------- d-----w- C:\_OTL
2010-02-23 19:37 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 19:36 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 19:36 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 19:36 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 19:36 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 19:36 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 19:36 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 19:36 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 19:36 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 19:36 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 19:36 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 05:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-22 05:41 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-22 05:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-22 05:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-22 05:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\program files\Spyware Doctor
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\users\Litale\AppData\Roaming\PC Tools
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\programdata\PC Tools
2010-02-22 05:02 . 2010-02-22 05:02 -------- d-----w- c:\program files\CCleaner
2010-02-09 20:31 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 20:31 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 20:31 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 20:31 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 01:57 . 2008-12-17 22:06 -------- d-----w- c:\users\Litale\AppData\Roaming\Skype
2010-02-25 06:23 . 2008-04-16 11:24 -------- d-----w- c:\program files\Java
2010-02-25 06:11 . 2008-07-29 11:12 121896 ----a-w- c:\users\Litale\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 09:09 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:01 . 2008-12-17 22:10 -------- d-----w- c:\users\Litale\AppData\Roaming\skypePM
2010-02-18 03:06 . 2008-04-29 14:11 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 01:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-24 03:04 . 2008-12-17 22:06 -------- d-----r- c:\program files\Skype
2010-01-24 03:03 . 2010-01-24 03:03 -------- d-----w- c:\program files\Common Files\Skype
2010-01-24 03:03 . 2008-12-17 22:06 -------- d-----w- c:\programdata\Skype
2010-01-20 20:54 . 2009-03-04 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 02:10 . 2010-01-18 02:11 143976 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\uninstall.exe
2010-01-19 02:10 . 2010-01-18 02:11 -------- d-----w- c:\users\Litale\AppData\Roaming\Move Networks
2010-01-19 02:10 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2010-01-18 02:11 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-01-06 15:38 . 2010-02-23 19:36 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:36 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-23 19:36 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:36 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 00:26 . 2008-12-08 18:56 1 ----a-w- c:\users\Litale\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-03 19:51 . 2008-01-21 08:40 690868 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-03 19:51 . 2008-01-21 08:40 134270 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-18 13:01 . 2010-01-22 06:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-22 06:51 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 20:01 . 2010-02-09 20:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-09 20:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 20:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 20:30 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 20:30 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 20:30 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 20:30 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 20:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 20:30 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 20:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 20:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-09 20:30 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 20:30 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-20 00:39 . 2009-11-20 00:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-20 30192]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Litale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):4e,8a,10,c6,90,46,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2010934422-3753900080-3233031512-1000]
"EnableNotificationsRef"=dword:00000002

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22/02/2010 06:41 207792]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [16/04/2008 12:54 7168]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23/09/2008 11:38 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23/09/2008 11:38 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/09/2008 11:38 53328]
S2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 12:07 40960]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/02/2010 06:41 359624]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 16:03 126976]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/04/2008 13:11 30192]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03/03/2009 16:00 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-02-27 c:\windows\Tasks\User_Feed_Synchronization-{9C06C2BC-B6D2-4B13-95E7-4D7DB9C296E3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://portail.free.fr/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home
FF - ProfilePath - c:\users\Litale\AppData\Roaming\Mozilla\Firefox\Profiles\v3zdxdis.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 23:44
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-02-27 23:46:15
ComboFix-quarantined-files.txt 2010-02-27 22:46

Avant-CF: 12 395 753 472 octets libres
Après-CF: 13 494 448 128 octets libres

- - End Of File - - 7CA35091FC5FA2384126FC5CD3C828B8

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

I should do it into which program combo fix or OTL ? and still under the safe mode or we don't care for the AV?

by the way, on my desktop i have since the trojan entered my computer some new icons ( their color is clearer, they are translucide ) the file "desktop.ini" and in my documents i have the file"ntuser.ini" and some new folders too (application data, cookies, local settings, sent to, recent...).

ok so I think you were not talking about any of those programs but just the menu start. still since i launched combo fix again, i waited for the result and here is the new log ( in case it would change something).

I wait for your answer before doing your last instructions.


ComboFix 10-02-25.02 - Litale 28/02/2010 21:45:24.1.2 - x86
Microsoft Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3061.1690 [GMT 1:00]
Lancé depuis: c:\users\Litale\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090303-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 090303-2] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Litale\AppData\Local\Temp\ppcrlui_2584_2

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))
.

2010-02-28 20:55 . 2010-02-28 20:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-28 20:55 . 2010-02-28 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 22:46 . 2010-02-28 20:55 -------- d-----w- c:\users\Litale\AppData\Local\temp
2010-02-23 21:13 . 2010-02-23 21:13 -------- d-----w- C:\_OTL
2010-02-23 19:37 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 19:36 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 19:36 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 19:36 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 19:36 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 19:36 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 19:36 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 19:36 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 19:36 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 19:36 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 19:36 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 19:36 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 05:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-22 05:41 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-22 05:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-22 05:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-22 05:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\program files\Spyware Doctor
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\users\Litale\AppData\Roaming\PC Tools
2010-02-22 05:41 . 2010-02-22 05:41 -------- d-----w- c:\programdata\PC Tools
2010-02-22 05:02 . 2010-02-22 05:02 -------- d-----w- c:\program files\CCleaner
2010-02-09 20:31 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 20:31 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 20:31 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 20:31 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 20:11 . 2008-12-17 22:06 -------- d-----w- c:\users\Litale\AppData\Roaming\Skype
2010-02-25 06:23 . 2008-04-16 11:24 -------- d-----w- c:\program files\Java
2010-02-25 06:11 . 2008-07-29 11:12 121896 ----a-w- c:\users\Litale\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 09:09 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:01 . 2008-12-17 22:10 -------- d-----w- c:\users\Litale\AppData\Roaming\skypePM
2010-02-18 03:06 . 2008-04-29 14:11 -------- d-----w- c:\programdata\Microsoft Help
2010-02-10 01:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-24 03:04 . 2008-12-17 22:06 -------- d-----r- c:\program files\Skype
2010-01-24 03:03 . 2010-01-24 03:03 -------- d-----w- c:\program files\Common Files\Skype
2010-01-24 03:03 . 2008-12-17 22:06 -------- d-----w- c:\programdata\Skype
2010-01-20 20:54 . 2009-03-04 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 02:10 . 2010-01-18 02:11 143976 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\uninstall.exe
2010-01-19 02:10 . 2010-01-18 02:11 -------- d-----w- c:\users\Litale\AppData\Roaming\Move Networks
2010-01-19 02:10 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2010-01-18 02:11 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-01-06 15:38 . 2010-02-23 19:36 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:36 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-23 19:36 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:36 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 00:26 . 2008-12-08 18:56 1 ----a-w- c:\users\Litale\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-03 19:51 . 2008-01-21 08:40 690868 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-03 19:51 . 2008-01-21 08:40 134270 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-18 13:01 . 2010-01-22 06:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-22 06:51 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-08 20:01 . 2010-02-09 20:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-09 20:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 20:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 20:30 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 20:30 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 20:30 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 20:30 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 20:30 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 20:30 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 20:30 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 20:30 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-09 20:30 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 20:30 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-20 00:39 . 2009-11-20 00:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-20 30192]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Litale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):4e,8a,10,c6,90,46,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2010934422-3753900080-3233031512-1000]
"EnableNotificationsRef"=dword:00000002

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22/02/2010 06:41 207792]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [23/09/2008 11:38 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [23/09/2008 11:38 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [23/09/2008 11:38 53328]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [25/12/2007 12:07 40960]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22/02/2010 06:41 359624]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 16:03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [16/04/2008 12:54 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/04/2008 13:11 30192]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [03/03/2009 16:00 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{9C06C2BC-B6D2-4B13-95E7-4D7DB9C296E3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://portail.free.fr/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home
FF - ProfilePath - c:\users\Litale\AppData\Roaming\Mozilla\Firefox\Profiles\v3zdxdis.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Litale\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 21:55
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-02-28 21:59:20
ComboFix-quarantined-files.txt 2010-02-28 20:59
ComboFix2.txt 2010-02-27 22:46

Avant-CF: 10 374 934 528 octets libres
Après-CF: 10 344 742 912 octets libres

- - End Of File - - 44633DA0EDEB892492DD4185DF865055

Hello.
The Av should be fine, Combofix is seeing avast twice. You can delete the desktop.ini files that appeared.

ok so i uninstalled combofix like you said. It seems to be ok.
What should I do now ? is the computer alright?

What would you advise me to do to try to keep my computer safe ?
Taking Avira instead of Avast as AV?
What about malwarebytes, OTL, Spyware doctor and Ccleaner?

Again thank you very much for your help!!

Delete OTL, keep the rest.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

thank you. I followed your recommendations (downloading ans installing the antispywares). The computer is clean

however now when I go to the website where my teacher puts the videos of my class online. I can't watch them, I just hear the sound of them.
I tried to authorize the whole Website. But it still doesn't work.
I don't know which one of the antispyware causes the problem, and which setting I should change.

Uninstall them one-by-one till it comes back, then whatever you uninstalled last caused it.

ok so I did it, and nothing changed. then I thought that the problem came from the Add-on for mozilla. I uninstalled them but i still can't watch the videos (I think it's video/x-ms-wvx the link appears, I hear the video but i don't see anything, the page is white).

I also noticed that now i can't open Windows Media Player. Maybe it's linked.

Hello.
Please update your flash player, download it from here:
http://www.adobe.com/products/flashplayer/

apparently some plugins are missing. I can"t download the last adobe flash player 10

Please download the Shockwave Player.
http://get.adobe.com/shockwave/

Once you have done that, download the flash player too.

I was able to download shockwave player. But still unable to download the flash player.
it asks me if i want to install the plugins but then it find no plugins matching. it says the plugin (application/getplusplusadobe16263) in unknown.