Se connecter / S'enregistrer
Votre question

Infection PC

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Septembre 2010 15:15:57

Bonjour à tous,

Je vous expose mon problème, hier mon ordinateur ( surtout mon antivirus ) s'est affolé, Antivir a détecté un virus, je le supprime, et la il m'en detecte 16 en l'espace d'une seconde ! Je les supprime etc. Depuis, ca arrive que mon ordinateur detecte plus mes hauts parleurs et donc je dois reboot le PC pour qu'il les re-detecte, et aussi, google chrome ne marche plus =(

Pouvez vous m'aidez s'il vous plait ?

Autres pages sur : infection

29 Septembre 2010 20:33:02

Bonsoir
Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    30 Septembre 2010 18:58:27

    Bonsoir, et merci de votre aide !!

    Voici le rapport comme demandé


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Propri‚taire at 18:54:22,04 on 30/09/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.643 [GMT 2:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe
    C:\Documents and Settings\Propriétaire\Local Settings\Apps\2.0\ZW0YGPNX.DEB\A5TJOXPW.CKA\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\CurseClient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.10.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [3FWHZQA3LT] c:\docume~1\propri~1\locals~1\temp\Gkn.exe
    mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    mRun: [LXCECATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCEtime.dll,_RunDLLEntry@16
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\documents and settings\propriétaire\menu démarrer\programmes\démarrage\CurseClientStartup.ccip
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\wirele~1.lnk - c:\program files\trendnet\tew-648ub\WlanCU.exe
    IE: E&xporter vers Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Tout télécharger avec BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: Télécharger avec BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: Télécharger toutes les vidéos avec BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\propri~1\applic~1\mozilla\firefox\profiles\ahmbf339.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT292072&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - component: c:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\ahmbf339.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\ahmbf339.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\ahmbf339.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - component: c:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\propriétaire\application data\mozilla\firefox\profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\propriã©taire\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-11 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-8-11 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-11 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-29 56816]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\fichiers communs\magix services\database\bin\FABS.exe [2009-5-6 1220608]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-1-29 20480]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-2-11 33792]
    R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-25 588032]
    S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
    S2 WLSVC;WLSVC;c:\program files\trendnet\tew-648ub\WLSVC.exe [2010-8-25 167936]
    S3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [2010-1-30 16640]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\fichiers communs\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

    =============== Created Last 30 ================

    2010-09-25 19:49:25 0 d-----w- c:\docume~1\propri~1\applic~1\Samsung
    2010-09-25 19:48:55 174592 ----a-w- c:\windows\system32\framedyn.dll
    2010-09-25 19:48:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-09-25 19:48:22 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2010-09-25 19:43:31 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
    2010-09-25 19:43:31 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
    2010-09-25 19:43:31 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
    2010-09-25 19:43:31 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
    2010-09-25 19:43:31 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
    2010-09-25 19:43:31 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
    2010-09-25 19:43:31 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
    2010-09-25 19:43:23 0 d-----w- c:\windows\system32\Samsung_USB_Drivers
    2010-09-25 19:43:20 766 ----a-w- c:\windows\system32\Uninstall.ico
    2010-09-25 19:43:17 0 d-----w- c:\program files\Samsung
    2010-09-25 14:39:48 0 d-----w- c:\docume~1\propri~1\applic~1\Azureus
    2010-09-25 14:38:59 0 d-----w- c:\program files\Vuze
    2010-09-25 14:38:51 0 d-----w- c:\program files\Conduit
    2010-09-25 14:38:47 0 d-----w- c:\program files\ConduitEngine
    2010-09-25 14:38:45 0 d-----w- c:\program files\Vuze_Remote
    2010-09-22 05:16:27 62496 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-09-21 13:54:44 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-09-21 13:54:44 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-09-21 13:54:44 18288 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-09-07 18:15:19 385 ----a-w- c:\windows\ODBC.INI
    2010-09-07 18:14:49 28040 ----a-w- c:\windows\system32\mdimon.dll
    2010-09-07 18:11:53 0 d-----w- c:\windows\SHELLNEW
    2010-09-07 15:34:33 0 d-----w- c:\program files\MSECache

    ==================== Find3M ====================

    2010-09-29 18:43:40 5767168 ---ha-w- c:\documents and settings\propriétaire\NTUSER.DAT
    2010-08-25 13:34:37 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
    2010-08-25 13:34:37 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-08-19 21:34:00 23238 ----a-w- c:\windows\War3Unin.dat
    2010-08-19 21:23:30 2829 ----a-w- c:\windows\War3Unin.pif
    2010-08-19 21:23:30 126976 ----a-w- c:\windows\War3Unin.exe
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-12 23:57:09 84730 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-12 23:57:09 510654 ----a-w- c:\windows\system32\perfh00C.dat
    2010-07-30 18:40:40 219648 ----a-w- c:\windows\system32\uxtheme.dll
    2010-07-22 15:48:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19:05 5632 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 18:56:24,43 ===============
    Contenus similaires
    30 Septembre 2010 23:06:16

    re
    désinstalle spyhunter. (faux logiciel)
    lire:
    http://forum.malekal.com/faux-blogs-securite-spyhunter-...



    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    2 Octobre 2010 10:40:51

    ComboFix 10-10-01.01 - Propriétaire 02/10/2010 10:24:44.1.2 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1535.1091 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Propriétaire\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Propriétaire\Application Data\.#
    c:\documents and settings\Propriétaire\Application Data\F35370C4344D9BC18C2C8BB4A4692BD2
    c:\documents and settings\Propriétaire\Application Data\F35370C4344D9BC18C2C8BB4A4692BD2\enemies-names.txt
    c:\documents and settings\Propriétaire\Application Data\F35370C4344D9BC18C2C8BB4A4692BD2\local.ini
    c:\documents and settings\Propriétaire\Local Settings\Application Data\Windows Server
    c:\documents and settings\Propriétaire\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\Propriétaire\Local Settings\Application Data\Windows Server\server.dat
    c:\documents and settings\Propriétaire\Local Settings\Application Data\Windows Server\uses32.dat
    C:\Install.exe

    Une copie infectée de c:\windows\system32\drivers\isapnp.sys a été trouvée et désinfectée
    Copie restaurée à partir de - Kitty had a snack :p 
    Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe

    Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe

    Une copie infectée de c:\windows\system32\midimap.dll a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\midimap.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-02 au 2010-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-01 09:47 . 2010-10-01 09:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-10-01 07:46 . 2010-10-01 07:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Vuze_Remote
    2010-09-25 19:48 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
    2010-09-25 19:48 . 2003-02-21 16:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-09-25 19:48 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    2010-09-25 19:43 . 2007-07-03 15:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
    2010-09-25 19:43 . 2007-07-03 15:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
    2010-09-25 19:43 . 2007-07-03 14:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
    2010-09-25 19:43 . 2007-07-03 14:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
    2010-09-25 19:43 . 2007-07-03 14:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
    2010-09-25 19:43 . 2007-07-03 14:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
    2010-09-25 19:43 . 2007-07-03 14:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
    2010-09-25 19:43 . 2010-09-25 19:48 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
    2010-09-25 19:43 . 2010-09-25 19:43 -------- d-----w- c:\program files\Samsung
    2010-09-25 14:44 . 2010-09-25 14:44 4146688 ----a-w- c:\documents and settings\Propriétaire\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
    2010-09-25 14:44 . 2010-09-25 14:44 7288256 ----a-w- c:\documents and settings\Propriétaire\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
    2010-09-25 14:40 . 2010-09-25 14:40 310208 ----a-w- c:\documents and settings\Propriétaire\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
    2010-09-25 14:38 . 2010-09-25 14:39 -------- d-----w- c:\program files\Vuze
    2010-09-25 14:38 . 2010-09-25 14:38 52224 ----a-w- c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    2010-09-25 14:38 . 2010-09-25 14:38 101376 ----a-w- c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    2010-09-25 14:38 . 2010-09-25 14:38 -------- d-----w- c:\program files\Conduit
    2010-09-25 14:38 . 2010-09-25 14:38 -------- d-----w- c:\program files\ConduitEngine
    2010-09-25 14:38 . 2010-09-25 14:38 -------- d-----w- c:\program files\Vuze_Remote
    2010-09-22 05:16 . 2010-09-22 05:16 62496 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-09-21 13:54 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-09-21 13:54 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-09-07 18:14 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2010-09-07 18:14 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
    2010-09-07 18:11 . 2010-09-07 18:13 -------- d-----w- c:\windows\SHELLNEW
    2010-09-07 18:11 . 2010-09-07 18:11 -------- d-----w- c:\program files\Microsoft.NET
    2010-09-07 15:34 . 2010-09-07 15:34 -------- d-----w- c:\program files\MSECache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-02 07:30 . 2010-05-12 07:24 -------- d-----w- c:\program files\Google
    2010-09-30 17:05 . 2010-02-11 12:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-29 13:24 . 2010-06-28 12:59 -------- d-----r- c:\program files\Skype
    2010-09-25 20:29 . 2010-02-15 13:00 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2010-09-25 20:06 . 2010-02-14 22:30 -------- d-----w- c:\program files\Paint.NET
    2010-09-25 19:48 . 2010-01-29 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-25 08:24 . 2010-06-24 01:18 786896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-09-21 11:00 . 2010-01-29 17:33 -------- d-----w- c:\program files\Windows Live
    2010-09-09 20:03 . 2010-02-15 11:58 -------- d-----w- c:\program files\Lx_cats
    2010-09-03 17:58 . 2010-07-05 21:12 -------- d-----w- c:\program files\World of Warcraft
    2010-08-27 12:24 . 2010-08-27 12:24 -------- d-----w- c:\program files\Guitar Pro 5
    2010-08-27 12:18 . 2010-08-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
    2010-08-26 14:46 . 2010-08-26 14:46 655360 ----a-w- c:\documents and settings\Propriétaire\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
    2010-08-26 14:46 . 2010-08-26 14:46 282624 ----a-w- c:\documents and settings\Propriétaire\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
    2010-08-26 14:46 . 2010-08-26 14:46 208896 ----a-w- c:\documents and settings\Propriétaire\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
    2010-08-26 14:45 . 2010-08-26 14:45 -------- d-----w- c:\program files\Spotify
    2010-08-25 23:59 . 2010-08-25 23:59 -------- d-----w- c:\program files\Enigma Software Group
    2010-08-25 23:59 . 2010-08-25 23:59 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2010-08-25 13:34 . 2010-08-25 13:34 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-08-25 13:34 . 2010-01-29 16:19 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
    2010-08-25 13:34 . 2010-08-25 13:34 -------- d-----w- c:\program files\TRENDnet
    2010-08-21 16:05 . 2010-08-21 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
    2010-08-21 15:33 . 2010-08-21 15:33 -------- d-----w- c:\program files\Microsoft Games
    2010-08-20 20:09 . 2010-08-18 23:12 -------- d-----w- c:\program files\Warcraft III
    2010-08-19 21:34 . 2010-08-19 21:23 23238 ----a-w- c:\windows\War3Unin.dat
    2010-08-19 21:23 . 2010-08-19 21:23 2829 ----a-w- c:\windows\War3Unin.pif
    2010-08-19 21:23 . 2010-08-19 21:23 126976 ----a-w- c:\windows\War3Unin.exe
    2010-08-18 00:24 . 2010-08-18 00:23 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2010-08-17 20:36 . 2010-08-17 20:36 -------- d-----w- c:\program files\EA GAMES
    2010-08-17 20:33 . 2010-08-17 20:30 -------- d-----w- c:\program files\emote
    2010-08-17 20:33 . 2010-08-17 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Emote
    2010-08-17 13:17 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-12 23:57 . 2004-08-05 12:00 84730 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-12 23:57 . 2004-08-05 12:00 510654 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-11 18:46 . 2010-07-17 22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-11 14:10 . 2010-08-11 14:10 -------- d-----w- c:\program files\Avira
    2010-08-11 14:10 . 2010-01-29 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-08-08 14:27 . 2010-08-08 14:27 503808 ----a-w- c:\documents and settings\Propriétaire\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31ac0c6c-n\msvcp71.dll
    2010-08-08 14:27 . 2010-08-08 14:27 499712 ----a-w- c:\documents and settings\Propriétaire\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31ac0c6c-n\jmc.dll
    2010-08-08 14:27 . 2010-08-08 14:27 348160 ----a-w- c:\documents and settings\Propriétaire\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-31ac0c6c-n\msvcr71.dll
    2010-08-08 14:27 . 2010-08-08 14:27 61440 ----a-w- c:\documents and settings\Propriétaire\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-277111e7-n\decora-sse.dll
    2010-08-08 14:27 . 2010-08-08 14:27 12800 ----a-w- c:\documents and settings\Propriétaire\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-277111e7-n\decora-d3d.dll
    2010-07-30 18:40 . 2004-08-05 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
    2010-07-22 15:48 . 2004-08-05 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    .

    ------- Sigcheck -------

    [7] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\comctl32.dll
    [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\60\msft\windows\common\controls\comctl32.dll
    [7] 2008-04-13 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
    [-] 2008-04-13 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
    [-] 2008-04-13 . BCC393F205C17911ED52870968336E8E . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2008-04-13 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [7] 2004-08-05 . A53B48B5AB9A5DA76ED247D61B0B0ADD . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
    [7] 2004-08-05 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    [7] 2004-08-05 . 97668958194B82F5B88EABC88ACA5AE1 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

    [7] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\user32.dll
    [7] 2008-04-13 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
    [-] 2008-04-13 . DE4A4AC7328FC80156034E7EB283676D . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
    [7] 2004-08-05 . E46FB493E3B33704F0715020CF52106B . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

    [7] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ole32.dll
    [7] 2008-04-13 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
    [-] 2008-04-13 . 577B8AA9BFB6180DC7EF3FCFBDEE9E61 . 1312256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
    [-] 2008-04-13 . 577B8AA9BFB6180DC7EF3FCFBDEE9E61 . 1312256 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
    [7] 2004-08-05 . A2AD7FCB806A2035F506664883F45B32 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll

    [7] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe
    [7] 2008-04-13 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-13 . E21578B40C046A3F0FF371A9755145E5 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    [7] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
    [-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\ServicePackFiles\i386\iexplore.exe
    [-] 2009-03-08 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
    [7] 2008-04-14 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\iexplore.exe
    [7] 2008-04-13 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
    [7] 2004-08-05 . 833E2B3F0E2484C0F2B804AE871B4381 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-09-12 13:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-09-12 13:02 3863136 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 40448]

    c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    CurseClientStartup.ccip [2010-7-18 0]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-648UB\WlanCU.exe [2010-8-25 368640]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0-frFR-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\WINDOWS\\system32\\lxcecoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcepswx.exe"=
    "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Warcraft III\\War3.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Documents and Settings\\Propriétaire\\Local Settings\\Apps\\2.0\\ZW0YGPNX.DEB\\A5TJOXPW.CKA\\curs..tion_eee711038731a406_0004.0000_1829574d2128b108\\CurseClient.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "17118:TCP"= 17118:TCP:BitComet 17118 TCP
    "17118:UDP"= 17118:UDP:BitComet 17118 UDP
    "11273:TCP"= 11273:TCP:BitComet 11273 TCP
    "11273:UDP"= 11273:UDP:BitComet 11273 UDP
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/08/2010 16:10 108289]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [06/05/2009 19:53 1220608]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [29/01/2010 18:19 20480]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [11/02/2010 13:56 33792]
    R3 RTL8192su;TRENDnet 300Mbps Wireless N USB Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/08/2010 15:34 588032]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2010 09:24 136176]
    S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-648UB\WLSVC.exe [25/08/2010 15:34 167936]
    S3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [30/01/2010 09:43 16640]
    S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 12:10 3276800]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/02/2010 19:23 691696]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 07:24]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 07:24]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT292072&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{2069a8c8-fad1-424b-b76c-d7f33d77dc4c}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\ahmbf339.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-02 10:32
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...


    c:\docume~1\PROPRI~1\LOCALS~1\Temp\xumxcdqg.cmdline 472 bytes

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-515967899-1177238915-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:8f,7f,f5,d2,1f,ef,43,93,ec,01,ba,83,4d,b7,70,84,57,2c,41,68,50,
    a9,dd,9a,8d,1e,0e,6f,9d,db,a0,bb,9a,b6,c6,90,50,a8,6c,d3,34,ca,b0,30,c4,e2,\
    "rkeysecu"=hex:D b,dc,3c,ea,a6,8e,32,23,e7,45,dd,ef,5c,98,0a,35

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):2a,d3,01,f4,de,f2,71,60,b2,21,2a,8c,30,ed,50,46,83,48,5c,ee,bd,
    d8,2e,b5,98,f6,ca,bb,d2,79,73,9c,24,2d,c6,d1,4b,af,ca,cd,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{dcafbd3f-50e0-406f-b2a4-74e4d6cdb987}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000066
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,ab,9e,50,1b,eb,77,d1,ab,a5,dc,ce,c4,12,ad,eb,5f,83,e0,8b,c5,07,bb,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(848)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\cscui.dll
    c:\windows\system32\COMRes.dll

    - - - - - - - > 'lsass.exe'(908)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\psbase.dll

    - - - - - - - > 'explorer.exe'(3488)
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\SOUNDMAN.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Skype\Phone\Skype.exe
    c:\windows\system32\lxcecoms.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-10-02 10:38:34 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-10-02 08:38

    Avant-CF: 86 172 680 192 octets libres
    Après-CF: 87 502 229 504 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 59DAEE529FFE11D7B319F7B64568620A
    2 Octobre 2010 16:07:25

    re
    Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
    Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php

  • Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
  • Double-clique sur le fichier GMER téléchargé.
    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet "rootkit"
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    6 Octobre 2010 18:32:59

    Re,
    Lorsque je fais l'analyse ( qui dure toute une parès midi ) a la fin lorsque je veut enregistrer sous bloc note, il a y tout qui plante, et mon ordinateur se redemarre tout seul .. c'est la deuxieme fois que ca me le fait
    6 Octobre 2010 18:56:39

    re
    essaye en mode sans échec:
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS