Se connecter / S'enregistrer
Votre question

Au secours ,je ne peu plus accèder a mon antivirus!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Janvier 2010 04:00:43

Depuis cela environ 2 semanine, ma connexion interent est lente et je n,arrive a me connecter au site webs qu'une fois sur 2 mais mainteant voila que je ne peu plus utilisé mes antivirus et que mon ordi est ralenti, adobe reader a été supprimé sans autorisation et iexplore.exe démarre tout seul dans le gestonnaire des taches.

voici mon hijack this

harrissov@msn.comLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:03, on 2010-01-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xp cocoon sp2\Local Settings\Temporary Internet Files\Content.IE5\AYBJJFRG\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\Iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O2 - BHO: (no name) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [tofepuzeri] C:\
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.com/tv_shows/starwars/games/g..."
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\common files\LogiShrd\eReg\Common\eReg.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaw...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_1_0....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll
O20 - Winlogon Notify: c001E0C2 - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe

--
End of file - 13225 bytes


que faire?
aidez moi!

Autres pages sur : secours acceder antivirus

a c 295 8 Sécurité
a b 9 Windows
13 Janvier 2010 04:04:01

Bonjour,

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    13 Janvier 2010 04:13:09

    J'ai finalement réussi à l'installer mais pas a le faire fonctionner, le processus apparait mbam.exe mais rien n'apparait sur mon écran.
    Contenus similaires
    a c 295 8 Sécurité
    a b 9 Windows
    13 Janvier 2010 05:02:21

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

    Si ComboFix ne se lance pas, renomme-le en KillRootkit puis relance-le.
    13 Janvier 2010 05:54:27

    et si il ne se lance toujours pas?
    et puis a tu une idée de ce que c,est que ca C:\32788R22FWJFW? surtout ce fichier Kill-All.cmd

    a c 295 8 Sécurité
    a b 9 Windows
    13 Janvier 2010 06:12:04

  • Télécharge Gmer sur ton Bureau.
  • Extrais l'archive (Clic droit > Extraire) puis renomme gmer.exe en IDN.exe (Le .exe n'est pas forcément visible).
  • Double-clique sur IDN.exe.
  • Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.
  • En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".
  • Double-clique sur "gmer.txt", le rapport apparaît, poste-le.
    13 Janvier 2010 22:07:29

    Bon, alors finalement combofix a fonctionné voici le rapport

    ComboFix 10-01-12.04 - xp cocoon sp2 2010-01-13 7:35.2.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.564 [GMT -5:00]
    Lancé depuis: c:\documents and settings\xp cocoon sp2\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\data\cmdline.cfg
    c:\program files\INSTALL.LOG
    c:\windows\system32\drivers\H8SRTqlrmlkhyiq.sys
    c:\windows\system32\H8SRTarndybrtrp.dat
    c:\windows\system32\H8SRTbhwqbuvrfv.dll
    c:\windows\system32\h8srtkrl32mainweq.dll
    c:\windows\system32\H8SRTsgalxrqaim.dll
    c:\windows\system32\h8srtshsyst.dll
    c:\windows\system32\H8SRTutptxjxfnq.dll
    c:\windows\system32\H8SRTvykcnrmobm.dll
    c:\windows\system32\meeg32i.dll
    c:\windows\system32\SIntf16.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_H8SRTd.sys
    -------\Legacy_H8SRTd.sys
    -------\Legacy_APPLE_MOBILE_DEVICE
    -------\Service_Apple Mobile Device


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-13 au 2010-01-13 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-13 12:11 . 2010-01-13 12:33 -------- d-----w- C:\KillRootkit
    2010-01-13 03:44 . 2010-01-13 03:44 5919 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A8FEF78679584b0438C292E73A3F8571.dll
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Videotron
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
    2010-01-11 21:24 . 2010-01-11 22:05 -------- d-----w- c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\xldqga
    2010-01-09 15:55 . 2010-01-09 15:55 -------- d-----w- C:\VundoFix Backups
    2010-01-09 01:20 . 2010-01-09 01:20 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Malwarebytes
    2010-01-09 01:20 . 2010-01-09 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-30 19:39 . 2009-12-30 19:39 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Logitech
    2009-12-30 19:39 . 2009-12-30 19:39 53248 ----a-r- c:\documents and settings\xp cocoon sp2\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2009-12-30 19:34 . 2008-01-09 17:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
    2009-12-30 19:34 . 2008-01-09 17:28 76304 ----a-w- c:\windows\system32\KemXML.dll
    2009-12-30 19:34 . 2008-01-09 17:28 117264 ----a-w- c:\windows\system32\KemWnd.dll
    2009-12-30 19:34 . 2008-01-09 17:28 141840 ----a-w- c:\windows\system32\KemUtil.dll
    2009-12-30 19:34 . 2008-01-09 17:27 170512 ----a-w- c:\windows\system32\kemutb.dll
    2009-12-30 19:34 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
    2009-12-30 19:33 . 2009-12-30 19:35 -------- d-----w- c:\program files\Fichiers communs\Logishrd
    2009-12-30 19:33 . 2009-12-30 19:33 -------- d-----w- c:\program files\Logitech
    2009-12-30 19:33 . 2009-12-30 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
    2009-12-28 18:50 . 2009-12-28 18:51 60696384 ----a-w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
    2009-12-28 18:50 . 2009-12-28 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-12-28 18:50 . 2009-12-28 18:50 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Sony Corporation
    2009-12-28 18:49 . 2009-12-28 18:49 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
    2009-12-28 18:47 . 2009-12-28 18:55 -------- d-----w- c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\Downloaded Installations
    2009-12-28 18:44 . 2009-12-28 18:49 -------- d-----w- c:\program files\Sony
    2009-12-23 20:53 . 2009-12-23 20:53 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\VirtualStore

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-13 12:33 . 2008-11-10 01:18 -------- d-----w- c:\program files\DNA
    2010-01-13 12:33 . 2008-11-10 01:18 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\DNA
    2010-01-13 12:32 . 2008-01-26 21:21 -------- d-----w- c:\program files\lg_fwupdate
    2010-01-13 12:06 . 2008-11-29 23:18 -------- d-----w- c:\program files\ma-config.com
    2010-01-13 12:06 . 2008-11-29 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2010-01-13 05:44 . 2008-02-13 13:39 44239 ----a-w- C:\sound32.dll
    2010-01-13 03:55 . 2010-01-13 03:44 -------- d-----w- c:\program files\Security Task Manager
    2010-01-13 03:54 . 2010-01-13 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2010-01-13 03:44 . 2010-01-13 03:44 424 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9FF96681EF8Ca704F9076E4798B6D14B.dll
    2010-01-12 22:04 . 2008-02-25 21:26 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\uTorrent
    2010-01-07 00:27 . 2008-10-26 22:31 -------- d-----w- c:\program files\Druide
    2010-01-04 01:57 . 2008-07-14 15:27 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\ZoomBrowser EX
    2010-01-04 01:57 . 2008-07-14 15:29 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\CameraWindowDC
    2009-12-30 19:39 . 2009-07-29 21:28 -------- d-----w- c:\program files\common files
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-12-30 19:33 . 2008-01-26 21:18 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-30 19:30 . 2009-10-25 00:59 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\vlc
    2009-12-27 22:59 . 2008-01-26 21:21 16384 ----a-w- c:\windows\system32\lgfwunis.exe
    2009-12-26 17:14 . 2008-01-26 20:57 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\AdobeUM
    2009-12-18 22:34 . 2008-02-03 23:31 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Apple Computer
    2009-12-14 00:58 . 2008-05-11 02:46 -------- d-----w- c:\program files\Microsoft Games
    2009-12-13 18:33 . 2009-12-13 18:00 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Mount&Blade
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
    2009-12-12 21:21 . 2009-12-12 21:21 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab
    2009-12-10 17:28 . 2001-08-28 14:00 86074 ----a-w- c:\windows\system32\perfc00C.dat
    2009-12-10 17:28 . 2001-08-28 14:00 513046 ----a-w- c:\windows\system32\perfh00C.dat
    2009-12-09 23:17 . 2009-12-09 23:17 249856 ------w- c:\windows\Setup1.exe
    2009-12-09 23:17 . 2009-12-09 23:17 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-12-09 21:51 . 2009-04-10 22:15 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-12-09 21:49 . 2008-03-14 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-12-09 21:49 . 2008-03-14 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-12-07 01:12 . 2009-12-07 01:12 -------- d-----w- c:\program files\Sector69
    2009-12-03 01:25 . 2008-09-22 00:39 98304 ----a-w- c:\windows\system32CmdLineExt.dll
    2009-12-02 03:00 . 2008-01-26 21:35 88 ----a-w- c:\windows\dun.bat
    2009-11-28 15:52 . 2009-08-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-11-28 05:19 . 2009-11-28 05:19 -------- d-----w- c:\program files\NovaLogic
    2009-11-27 04:12 . 2009-11-27 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2009-11-27 04:08 . 2008-07-02 15:13 -------- d-----w- c:\program files\ATI Technologies
    2009-11-27 03:56 . 2008-07-02 15:24 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\ATI
    2009-11-25 02:26 . 2008-09-09 23:31 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\HP
    2009-11-25 02:26 . 2008-09-09 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2009-11-21 15:59 . 2010-01-12 21:38 1206508 ----a-w- c:\windows\AppPatch\SET66.tmp
    2009-11-21 15:58 . 2010-01-12 21:38 471552 ----a-w- c:\windows\AppPatch\SET67.tmp
    2009-11-21 15:58 . 2004-08-19 16:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-20 01:20 . 2009-11-20 01:20 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\SEGA
    2009-11-18 22:25 . 2009-11-18 22:25 -------- d-----w- c:\program files\Alwil Software
    2009-11-18 22:14 . 2008-01-27 16:02 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
    2009-11-16 21:03 . 2008-07-19 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-08 17:20 . 2009-11-08 17:20 82888 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-11-02 19:39 . 2009-11-02 19:39 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-10-29 07:42 . 2006-05-10 07:24 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2004-08-19 16:09 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-19 16:09 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2006-06-20 22:03 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2009-10-15 16:32 . 2006-06-20 22:13 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-10-15 16:32 . 2006-06-20 22:13 119808 ----a-w- c:\windows\system32\t2embed.dll
    2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
    2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w- c:\program files\BDANT.cab
    2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w- c:\program files\BDAXP.cab
    2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w- c:\program files\dxnt.cab
    2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w- c:\program files\DirectX.cab
    2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w- c:\program files\BDA.cab
    2004-07-09 09:08 . 2004-07-09 09:08 472576 ----a-w- c:\program files\dxsetup.exe
    2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w- c:\program files\dsetup32.dll
    2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w- c:\program files\DSETUP.dll
    2003-12-18 15:33 . 2009-04-03 01:58 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 11:46 . 2009-04-03 01:58 10960 ----a-w- c:\program files\EULA.txt
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 533944]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-14 323392]
    "combo"="c:\documents and settings\xp cocoon sp2\Bureau\ComboFix.exe" [2010-01-13 3821782]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tofepuzeri"="C:\" [X]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-27 557056]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\xp cocoon sp2\Menu D‚marrer\Programmes\D‚marrage\
    Logitech . Enregistrement du produit.lnk - c:\program files\common files\LogiShrd\eReg\Common\eReg.exe [2009-4-8 517384]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-30 789008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)
    "NoResolveTrack"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-01-09 17:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\Msmsgs.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "d:\\freespace2\\FS2.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "d:\\freespace2\\fs2_open_3_6_10.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=

    S3 cpuz130;cpuz130;\??\c:\docume~1\XPCOCO~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\XPCOCO~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S4 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-03-16 717296]
    S4 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
    S4 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1958367476-1417001333-1003Core.job
    - c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-02 03:11]

    2010-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1958367476-1417001333-1003UA.job
    - c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-02 03:11]

    2010-01-09 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

    2009-12-01 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
    Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\xp cocoon sp2\Application Data\Mozilla\Firefox\Profiles\jep3bt63.default\
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - plugin: c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)
    Notify-c001E0C2 - (no file)
    AddRemove-HijackThis - c:\documents and settings\xp cocoon sp2\Local Settings\Temporary Internet Files\Content.IE5\AYBJJFRG\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-13 07:41
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\ASFWHide]
    "ImagePath"="\??\c:\docume~1\XPCOCO~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-682003330-1958367476-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-682003330-1958367476-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:38,35,5c,80,22,96,ff,3e,d8,14,ca,53,93,a9,73,88,ae,6c,b6,90,f2,4b,ba,
    ee,ef,a5,6b,f1,f4,9c,8c,3e,a8,24,11,b4,2a,f7,f5,7e,ac,7a,85,9c,11,7e,ec,8b,\
    "??"=hex:8f,38,87,ab,37,16,a3,70,d8,a4,e5,27,7f,89,e7,4f

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(608)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(2560)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    Heure de fin: 2010-01-13 07:44:17
    ComboFix-quarantined-files.txt 2010-01-13 12:44

    Avant-CF: 9 007 165 440 octets libres
    Après-CF: 8 963 629 056 octets libres

    Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=,1,2,3,4,5,6,7,8,9,10,11
    - - End Of File - - 5F1CAC643C50E007463B1AA9AD97EFA5
    a c 295 8 Sécurité
    a b 9 Windows
    13 Janvier 2010 22:29:55

    Tu peux faire un scan avec Malwarebytes' Anti-Malware.
    13 Janvier 2010 22:46:28

    voici le log

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3556
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2010-01-13 16:44:32
    mbam-log-2010-01-13 (16-44-32).txt

    Type de recherche: Examen rapide
    Eléments examinés: 111894
    Temps écoulé: 5 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)


    mes navigateurs fonctionnent toujorus moyennement malgré tout.
    a c 295 8 Sécurité
    a b 9 Windows
    14 Janvier 2010 06:14:18

    /!\ Seul vincenth13 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    XDva092
    XDva093

    File::
    c:\windows\system32\XDva092.sys
    c:\windows\system32\XDva093.sys

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tofepuzeri"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    15 Janvier 2010 04:20:08

    et voici le rapport


    ComboFix 10-01-14.02 - xp cocoon sp2 2010-01-14 22:04:04.6.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.471 [GMT -5:00]
    Lancé depuis: c:\documents and settings\xp cocoon sp2\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\xp cocoon sp2\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    FILE ::
    "c:\windows\system32\XDva092.sys"
    "c:\windows\system32\XDva093.sys"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_XDVA092
    -------\Legacy_XDVA093
    -------\Service_XDva092
    -------\Service_XDva093


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-15 au 2010-01-15 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-14 21:25 . 2010-01-14 21:34 -------- d-----w- C:\KillRootkit964K
    2010-01-14 21:11 . 2010-01-14 21:22 -------- d-----w- C:\KillRootkit22398K
    2010-01-13 22:21 . 2010-01-13 22:21 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
    2010-01-13 22:00 . 2010-01-13 22:00 -------- d-----w- c:\windows\LastGood.Tmp
    2010-01-13 22:00 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-01-13 22:00 . 2009-03-30 14:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-01-13 22:00 . 2009-02-13 16:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-01-13 22:00 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-01-13 22:00 . 2010-01-13 22:00 -------- d-----w- c:\program files\Avira
    2010-01-13 22:00 . 2010-01-13 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-01-13 21:38 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-13 21:38 . 2010-01-13 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-13 21:38 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-13 21:26 . 2010-01-13 21:36 -------- d-----w- C:\KillRootkit19389K
    2010-01-13 12:11 . 2010-01-13 12:33 -------- d-----w- C:\KillRootkit
    2010-01-13 03:44 . 2010-01-13 03:44 5919 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_A8FEF78679584b0438C292E73A3F8571.dll
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Videotron
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
    2010-01-13 02:35 . 2010-01-13 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
    2010-01-11 21:24 . 2010-01-11 22:05 -------- d-----w- c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\xldqga
    2010-01-09 15:55 . 2010-01-09 15:55 -------- d-----w- C:\VundoFix Backups
    2010-01-09 01:20 . 2010-01-09 01:20 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Malwarebytes
    2010-01-09 01:20 . 2010-01-09 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-12-30 19:39 . 2009-12-30 19:39 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Logitech
    2009-12-30 19:39 . 2009-12-30 19:39 53248 ----a-r- c:\documents and settings\xp cocoon sp2\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2009-12-30 19:34 . 2008-01-09 17:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
    2009-12-30 19:34 . 2008-01-09 17:28 76304 ----a-w- c:\windows\system32\KemXML.dll
    2009-12-30 19:34 . 2008-01-09 17:28 117264 ----a-w- c:\windows\system32\KemWnd.dll
    2009-12-30 19:34 . 2008-01-09 17:28 141840 ----a-w- c:\windows\system32\KemUtil.dll
    2009-12-30 19:34 . 2008-01-09 17:27 170512 ----a-w- c:\windows\system32\kemutb.dll
    2009-12-30 19:34 . 2009-12-30 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
    2009-12-30 19:33 . 2009-12-30 19:35 -------- d-----w- c:\program files\Fichiers communs\Logishrd
    2009-12-30 19:33 . 2009-12-30 19:33 -------- d-----w- c:\program files\Logitech
    2009-12-30 19:33 . 2009-12-30 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
    2009-12-28 18:50 . 2009-12-28 18:51 60696384 ----a-w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
    2009-12-28 18:50 . 2009-12-28 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
    2009-12-28 18:50 . 2009-12-28 18:50 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Sony Corporation
    2009-12-28 18:49 . 2009-12-28 18:49 -------- d-----w- c:\program files\Fichiers communs\Sony Shared
    2009-12-28 18:47 . 2009-12-28 18:55 -------- d-----w- c:\documents and settings\xp cocoon sp2\Local Settings\Application Data\Downloaded Installations
    2009-12-28 18:44 . 2009-12-28 18:49 -------- d-----w- c:\program files\Sony
    2009-12-23 20:53 . 2009-12-23 20:53 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\VirtualStore

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-15 03:11 . 2008-01-26 21:21 -------- d-----w- c:\program files\lg_fwupdate
    2010-01-15 03:03 . 2008-11-10 01:18 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\DNA
    2010-01-15 02:04 . 2008-02-13 13:39 44239 ----a-w- C:\sound32.dll
    2010-01-14 21:10 . 2009-08-01 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-14 04:20 . 2008-02-25 21:26 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\uTorrent
    2010-01-13 22:21 . 2008-01-25 02:00 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2010-01-13 12:33 . 2008-11-10 01:18 -------- d-----w- c:\program files\DNA
    2010-01-13 12:06 . 2008-11-29 23:18 -------- d-----w- c:\program files\ma-config.com
    2010-01-13 12:06 . 2008-11-29 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2010-01-13 03:55 . 2010-01-13 03:44 -------- d-----w- c:\program files\Security Task Manager
    2010-01-13 03:54 . 2010-01-13 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2010-01-13 03:44 . 2010-01-13 03:44 424 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9FF96681EF8Ca704F9076E4798B6D14B.dll
    2010-01-07 00:27 . 2008-10-26 22:31 -------- d-----w- c:\program files\Druide
    2010-01-04 01:57 . 2008-07-14 15:27 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\ZoomBrowser EX
    2010-01-04 01:57 . 2008-07-14 15:29 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\CameraWindowDC
    2009-12-30 19:39 . 2009-07-29 21:28 -------- d-----w- c:\program files\common files
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2009-12-30 19:36 . 2009-12-30 19:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-12-30 19:33 . 2008-01-26 21:18 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-30 19:30 . 2009-10-25 00:59 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\vlc
    2009-12-27 22:59 . 2008-01-26 21:21 16384 ----a-w- c:\windows\system32\lgfwunis.exe
    2009-12-26 17:14 . 2008-01-26 20:57 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\AdobeUM
    2009-12-18 22:34 . 2008-02-03 23:31 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Apple Computer
    2009-12-14 00:58 . 2008-05-11 02:46 -------- d-----w- c:\program files\Microsoft Games
    2009-12-13 18:33 . 2009-12-13 18:00 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\Mount&Blade
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
    2009-12-12 21:21 . 2009-12-12 21:21 138240 ----a-w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
    2009-12-12 21:21 . 2009-12-12 21:21 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\SystemRequirementsLab
    2009-12-10 17:28 . 2001-08-28 14:00 86074 ----a-w- c:\windows\system32\perfc00C.dat
    2009-12-10 17:28 . 2001-08-28 14:00 513046 ----a-w- c:\windows\system32\perfh00C.dat
    2009-12-09 23:17 . 2009-12-09 23:17 249856 ------w- c:\windows\Setup1.exe
    2009-12-09 23:17 . 2009-12-09 23:17 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-12-09 21:51 . 2009-04-10 22:15 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-12-09 21:49 . 2008-03-14 13:08 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-12-09 21:49 . 2008-03-14 13:08 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-12-07 01:12 . 2009-12-07 01:12 -------- d-----w- c:\program files\Sector69
    2009-12-03 01:25 . 2008-09-22 00:39 98304 ----a-w- c:\windows\system32CmdLineExt.dll
    2009-12-02 03:00 . 2008-01-26 21:35 88 ----a-w- c:\windows\dun.bat
    2009-11-28 05:19 . 2009-11-28 05:19 -------- d-----w- c:\program files\NovaLogic
    2009-11-27 04:12 . 2009-11-27 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2009-11-27 04:08 . 2008-07-02 15:13 -------- d-----w- c:\program files\ATI Technologies
    2009-11-27 03:56 . 2008-07-02 15:24 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\ATI
    2009-11-25 02:26 . 2008-09-09 23:31 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\HP
    2009-11-25 02:26 . 2008-09-09 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2009-11-21 15:59 . 2010-01-12 21:38 1206508 ----a-w- c:\windows\AppPatch\SET66.tmp
    2009-11-21 15:58 . 2010-01-12 21:38 471552 ----a-w- c:\windows\AppPatch\SET67.tmp
    2009-11-21 15:58 . 2004-08-19 16:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-20 01:20 . 2009-11-20 01:20 -------- d-----w- c:\documents and settings\xp cocoon sp2\Application Data\SEGA
    2009-11-18 22:25 . 2009-11-18 22:25 -------- d-----w- c:\program files\Alwil Software
    2009-11-18 22:14 . 2008-01-27 16:02 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
    2009-11-16 21:03 . 2008-07-19 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-08 17:20 . 2009-11-08 17:20 82888 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-11-02 19:39 . 2009-11-02 19:39 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-10-29 07:42 . 2006-05-10 07:24 916480 ------w- c:\windows\system32\wininet.dll
    2009-10-21 05:39 . 2004-08-19 16:09 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-19 16:09 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2006-06-20 22:03 265728 ----a-w- c:\windows\system32\drivers\http.sys
    2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
    2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w- c:\program files\BDANT.cab
    2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w- c:\program files\BDAXP.cab
    2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w- c:\program files\dxnt.cab
    2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w- c:\program files\DirectX.cab
    2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w- c:\program files\BDA.cab
    2004-07-09 09:08 . 2004-07-09 09:08 472576 ----a-w- c:\program files\dxsetup.exe
    2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w- c:\program files\dsetup32.dll
    2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w- c:\program files\DSETUP.dll
    2003-12-18 15:33 . 2009-04-03 01:58 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 11:46 . 2009-04-03 01:58 10960 ----a-w- c:\program files\EULA.txt
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-01-13_12.41.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
    + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
    + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
    + 2010-01-13 22:00 . 2009-05-11 14:11 28520 c:\windows\system32\drivers\ssmdrv.sys
    + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
    + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
    + 2010-01-13 21:59 . 2010-01-13 21:59 228352 c:\windows\Installer\2072499.msi
    + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
    + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
    + 2010-01-13 22:21 . 2010-01-13 22:21 3968512 c:\windows\Installer\2194368.msi
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 533944]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tofepuzeri"="C:\" [X]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-27 557056]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\xp cocoon sp2\Menu D‚marrer\Programmes\D‚marrage\
    Logitech . Enregistrement du produit.lnk - c:\program files\common files\LogiShrd\eReg\Common\eReg.exe [2009-4-8 517384]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-30 789008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 1 (0x1)
    "NoResolveTrack"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "MaxRecentDocs"= 15 (0xf)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c001E0C2]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-01-09 17:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\Msmsgs.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "d:\\freespace2\\FS2.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "d:\\freespace2\\fs2_open_3_6_10.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-13 108289]
    S3 cpuz130;cpuz130;\??\c:\docume~1\XPCOCO~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\XPCOCO~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S4 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-03-16 717296]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - SSMDRV

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-01-09 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

    2009-12-01 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.ca/
    uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
    Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\xp cocoon sp2\Application Data\Mozilla\Firefox\Profiles\jep3bt63.default\
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{EB5CEE80-030A-4ED8-8E20-454E9C68380F} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-14 22:13
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\ASFWHide]
    "ImagePath"="\??\c:\docume~1\XPCOCO~1\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-682003330-1958367476-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-682003330-1958367476-1417001333-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:38,35,5c,80,22,96,ff,3e,d8,14,ca,53,93,a9,73,88,ae,6c,b6,90,f2,4b,ba,
    ee,ef,a5,6b,f1,f4,9c,8c,3e,a8,24,11,b4,2a,f7,f5,7e,ac,7a,85,9c,11,7e,ec,8b,\
    "??"=hex:8f,38,87,ab,37,16,a3,70,d8,a4,e5,27,7f,89,e7,4f

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(608)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(3636)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\system32\devldr32.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-01-14 22:16:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-01-15 03:16
    ComboFix2.txt 2010-01-14 21:34
    ComboFix3.txt 2010-01-14 21:22
    ComboFix4.txt 2010-01-13 21:36
    ComboFix5.txt 2010-01-15 03:01

    Avant-CF: 8 945 930 240 octets libres
    Après-CF: 8 920 453 120 octets libres

    Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=,1,2,3,4,5,6,7,8,9,10,11
    - - End Of File - - D9A9EC58A360ED8C04AA7680C4F14FBA
    a c 295 8 Sécurité
    a b 9 Windows
    15 Janvier 2010 04:25:28

    Des changements ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS