Se connecter / S'enregistrer
Votre question

TR spy gen avec Antivir

Tags :
  • Antivir
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Mars 2009 12:57:32

Bonjour a tous, je sais que ce topic est récurrent mais apres avoir lu toutes vos réponses et les avoir mises en places, je ne me suis toujours pas débarrassé de ce trojan. :??: 

J'ai donc un message récurent d'antivir, dans lequel il aparrait que le fichier: c:\\WINDOWS\system32\DOCOBJ32.dll contient le cheval de Troie TR/Spy.Gen

Cette fenetre s'ouvre systématiquement a chaque fois que je lance un programme ou un navigateur...

J'ai clean avec Maleware mais sans succes, j'ai clean avec Antivir et malgres ce rapport:
C:\WINDOWS\system32\DOCOBJ32.dll
[RESULTAT] Contient le cheval de Troie TR/Spy.Gen
[AVERTISSEMENT] Impossible de supprimer le fichier !
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Fichier supprimé.

Le Trojan est toujours la.

J'ai télécharger CCcleaner, marche pas non plus... J'ai éssayer de le supprimer manuellement mais "Acces refusé"

Que dois-je faire? testez avec Spybot?

Merci de votre aide!

Autres pages sur : spy gen antivir

a b 8 Sécurité
7 Mars 2009 13:03:21

Bonjour,

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue  à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt  (qui sera affiché)
    ainsi que de info.txt  (qui sera réduit dans la Barre des Tâches)
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit  
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    m
    0
    l
    7 Mars 2009 13:20:21

    Voici le fichier "info"

    info.txt logfile of random's system information tool 1.05 2009-03-07 13:18:07

    ======Uninstall list======

    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ActivePerl 5.8.4 Build 810-->MsiExec.exe /I{D629903C-0C85-4425-ACE5-38CFD312AF0B}
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Defenza-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B3AA536-2193-4D9B-812A-DE45C4D57AD1}\Setup.exe" -l0x9
    F-Secure Management Agent-->"C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Java 2 Runtime Environment, SE v1.4.2_14-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    LimeWire 5.1.1-->"C:\Program Files\LimeWire\uninstall.exe"
    livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Office 97 Standard-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf
    Microsoft Report Viewer Redistributable 2005-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\install.exe
    Microsoft SQL Server Desktop Engine (MPSC_DB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique de Microsoft Report Viewer Redistributable 2005 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005 Language Pack - FRA\install.exe
    Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MySQL Connector/ODBC-->MsiExec.exe /I{DBB6755D-3ACC-416D-B810-188C6951A4B5}
    OpenOffice.org 2.2-->MsiExec.exe /I{419805D6-75A0-4981-BC8F-9FF97EC6B03A}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PowerPacket Ethernet Adapter-->MsiExec.exe /X{B7B8AA42-B894-4668-A652-D9915C7EDDCF}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Visual FoxPro ODBC Driver-->MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168}
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Computer Name: VERITRON-M410
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers VERITRON-M410.

    Record Number: 5
    Source Name: EventLog
    Time Written: 20080806094947.000000+120
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 2
    Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

    Record Number: 4
    Source Name: Serial
    Time Written: 20080806114222.000000+120
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 2
    Message: Pendant la validation de \Device\Serial1 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.
    m
    0
    l
    Contenus similaires
    7 Mars 2009 13:21:23

    Ici, le fichier "log"

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by compte ff at 2009-03-07 13:17:53
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 107 GB (93%) free of 115 GB
    Total RAM: 3071 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:18:05, on 07/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\perl\bin\perl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
    C:\MySql\Bin\MySqld-nt.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\OOffice2\program\soffice.exe
    C:\OOffice2\program\soffice.BIN
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    c:\program files\avira\antivir personaledition classic\avcenter.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Defenza\pcd-as.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Program Files\GUILD WARS\Gw.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\compte ff\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\compte ff.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - .DEFAULT User Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O20 - AppInit_DLLs: C:\WINDOWS\System32\DOCOBJ32.dll
    O20 - Winlogon Notify: f8b0aac6548 - C:\WINDOWS\System32\DOCOBJ32.dll (file missing)
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: DGIAV - ActiveState, a division of Sophos - c:\perl\bin\perl.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MySql - Unknown owner - C:\MySql\Bin\MySqld-nt.exe

    --
    End of file - 7044 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\XoftSpySE 2.job
    C:\WINDOWS\tasks\XoftSpySE.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-06 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2005-09-19 106571]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 136600]
    "PCDAS"=C:\Program Files\Defenza\pcd-as.exe [2006-12-15 1359872]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Documents and Settings\compte ff\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 2.2.lnk - C:\OOffice2\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\System32\DOCOBJ32.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]
    C:\WINDOWS\System32\DOCOBJ32.dll [2009-03-07 139264]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Perl\bin\perl.exe"="C:\Perl\bin\perl.exe:*:Enabled:p erl Command Line Interpreter"
    "C:\Program Files\Cobian Backup 7\cobui.exe"="C:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface"
    "C:\Program Files\Cobian Backup 7\CobBU.exe"="C:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2765931a-dc96-11dd-a540-806d6172696f}]
    shell\AutoRun\command - E:\Setup.exe


    ======List of files/folders created in the last 1 months======

    2009-03-07 13:17:54 ----D---- C:\Program Files\trend micro
    2009-03-07 13:17:53 ----D---- C:\rsit
    2009-03-07 12:15:56 ----A---- C:\WINDOWS\system32\Machnm1.exe
    2009-03-07 12:15:51 ----D---- C:\Program Files\Defenza
    2009-03-07 12:09:09 ----D---- C:\Program Files\XoftSpySE
    2009-03-07 12:04:00 ----D---- C:\Program Files\CCleaner
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\muweb.dll
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll
    2009-03-07 12:02:17 ----D---- C:\WINDOWS\LastGood
    2009-03-06 21:02:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Malwarebytes
    2009-03-06 20:59:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-06 20:59:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-06 20:56:43 ----A---- C:\WINDOWS\GnuHashes.ini
    2009-03-06 20:49:08 ----A---- C:\WINDOWS\system32\DOCOBJ32.dll
    2009-03-06 20:49:08 ----A---- C:\ARK41.tmp
    2009-03-06 20:49:08 ----A---- C:\ARK30.tmp
    2009-03-06 20:37:48 ----D---- C:\Documents and Settings\compte ff\Application Data\teamspeak2
    2009-03-06 20:37:39 ----D---- C:\Program Files\Teamspeak2_RC2
    2009-03-06 20:11:59 ----D---- C:\Program Files\uTorrent
    2009-03-06 20:11:53 ----D---- C:\Documents and Settings\compte ff\Application Data\uTorrent
    2009-03-06 20:04:18 ----D---- C:\Documents and Settings\compte ff\Application Data\Adobe
    2009-03-06 20:03:52 ----D---- C:\Documents and Settings\compte ff\Application Data\LimeWire
    2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-06 19:59:39 ----D---- C:\Documents and Settings\compte ff\Application Data\Sun
    2009-03-06 19:59:31 ----D---- C:\Program Files\LimeWire
    2009-03-06 19:59:14 ----D---- C:\Program Files\Microsoft
    2009-03-06 19:58:59 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-03-06 19:58:39 ----D---- C:\Program Files\Windows Live
    2009-03-06 19:50:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Mozilla
    2009-03-06 19:50:52 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs\Windows Live
    2009-03-06 19:46:05 ----D---- C:\Program Files\GUILD WARS
    2009-03-06 19:42:53 ----D---- C:\Documents and Settings\compte ff\Application Data\Macromedia
    2009-03-06 19:30:27 ----D---- C:\Program Files\Avira
    2009-03-06 19:30:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-06 16:54:13 ----D---- C:\Program Files\SAGEM
    2009-03-06 16:36:59 ----D---- C:\Program Files\Securitoo
    2009-03-06 16:27:11 ----D---- C:\Program Files\PowerPacket
    2009-03-05 14:33:19 ----D---- C:\Documents and Settings\compte ff\Application Data\Identities
    2009-03-05 14:33:13 ----ASH---- C:\Documents and Settings\compte ff\Application Data\desktop.ini
    2009-03-05 14:33:12 ----SD---- C:\Documents and Settings\compte ff\Application Data\Microsoft
    2009-03-05 14:33:12 ----D---- C:\Documents and Settings\compte ff\Application Data\OpenOffice.org2
    2009-03-05 13:52:18 ----D---- C:\WINDOWS\system32\NtmsData
    2009-03-05 13:48:19 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-05 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    ======List of files/folders modified in the last 1 months======

    2009-03-07 13:17:59 ----D---- C:\WINDOWS\Prefetch
    2009-03-07 13:17:54 ----RD---- C:\Program Files
    2009-03-07 13:14:10 ----D---- C:\WINDOWS\Temp
    2009-03-07 12:46:22 ----D---- C:\WINDOWS\system32
    2009-03-07 12:16:00 ----D---- C:\WINDOWS
    2009-03-07 12:15:51 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-07 12:09:11 ----SD---- C:\WINDOWS\Tasks
    2009-03-07 12:05:54 ----D---- C:\WINDOWS\Debug
    2009-03-07 12:02:42 ----HD---- C:\WINDOWS\inf
    2009-03-07 12:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-07 12:02:22 ----D---- C:\WINDOWS\Help
    2009-03-07 11:56:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-07 11:55:44 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-03-06 21:02:11 ----D---- C:\WINDOWS\system32\drivers
    2009-03-06 21:00:04 ----SHD---- C:\WINDOWS\Installer
    2009-03-06 20:48:58 ----D---- C:\Program Files\Windows Media Player
    2009-03-06 20:20:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-06 20:02:43 ----D---- C:\Program Files\Java
    2009-03-06 19:59:24 ----D---- C:\WINDOWS\WinSxS
    2009-03-06 19:59:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-06 19:58:44 ----RSD---- C:\WINDOWS\Fonts
    2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs
    2009-03-06 16:19:54 ----SHD---- C:\RECYCLER
    2009-03-05 15:23:12 ----D---- C:\Program Files\Cobian Backup 7
    2009-03-05 14:33:12 ----D---- C:\Documents and Settings
    2009-03-05 13:56:41 ----D---- C:\WINDOWS\repair
    2009-03-05 13:56:39 ----D---- C:\WINDOWS\Registration
    2009-03-05 13:47:30 ----D---- C:\temp
    2009-03-05 13:27:44 ----D---- C:\WINDOWS\system32\appmgmt
    2009-03-05 13:27:44 ----D---- C:\Program Files\ALTO
    2009-03-05 13:23:16 ----H---- C:\WINDOWS\system32\FFASTLOG.TXT

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-06 75072]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-06 21419]
    R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Common\FSfilter.sys []
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Common\fsgk.sys []
    R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Common\FSrec.sys []
    R2 FSpm;F-Secure Policy Manager; \??\C:\Program Files\F-Secure\Common\FSPM.SYS []
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]
    S3 PLCMP532;PLCMP532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCMP532.sys []
    S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCND532.sys [2007-08-08 26656]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
    R2 DGIAV;DGIAV; c:\perl\bin\perl.exe [2004-06-01 41050]
    R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2005-09-19 61516]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984]
    R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe [2002-12-17 7520337]
    R2 MySql;MySql; C:\MySql\Bin\MySqld-nt.exe [2003-07-21 2244608]
    R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2005-09-19 110668]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
    S2 FSAA;F-Secure Authentication Agent; C:\Program Files\F-Secure\Common\FSAA.EXE [2005-09-19 225280]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
    S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE [2002-12-17 311872]

    -----------------EOF-----------------
    m
    0
    l
    a b 8 Sécurité
    7 Mars 2009 13:56:45

    Re,

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Defenza
  • XoftSpySE
    (Et tous les autres programmes associés à celui-ci !)

    &

    Télécharge R-Hosts (de S!ri).
    Lance R-host en double cliquant sur l’exe, puis clique sur restaurer , puis ok.

    &

    Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "PCDAS"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]

    :files
    c:\temp1\*.txt /s
    C:\WINDOWS\System32\DOCOBJ32.dll
    C:\Program Files\XoftSpySE

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    7 Mars 2009 14:10:54

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDAS not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548\\ deleted successfully.
    ========== FILES ==========
    File/Folder c:\temp1\*.txt not found.
    LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
    C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
    File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
    File/Folder C:\Program Files\XoftSpySE not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_84.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03072009_140639

    Files moved on Reboot...
    LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
    C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
    File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
    File C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ moved successfully.

    m
    0
    l
    7 Mars 2009 14:11:33

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDAS not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548\\ deleted successfully.
    ========== FILES ==========
    File/Folder c:\temp1\*.txt not found.
    LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
    C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
    File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
    File/Folder C:\Program Files\XoftSpySE not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_84.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03072009_140639

    Files moved on Reboot...
    LoadLibrary failed for C:\WINDOWS\System32\DOCOBJ32.dll
    C:\WINDOWS\System32\DOCOBJ32.dll NOT unregistered.
    File move failed. C:\WINDOWS\System32\DOCOBJ32.dll scheduled to be moved on reboot.
    File C:\DOCUME~1\COMPTE~1\LOCALS~1\Temp\hsperfdata_compte ff\2420 not found!
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
    File C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found!
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\compte ff\Local Settings\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\Cache\_CACHE_MAP_ moved successfully.
    m
    0
    l
    7 Mars 2009 14:12:04

    dsl pour le double post
    m
    0
    l
    a b 8 Sécurité
    7 Mars 2009 14:25:08

    Refais un scan RSTI :) 
    m
    0
    l
    7 Mars 2009 14:29:58

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by compte ff at 2009-03-07 14:27:51
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 107 GB (92%) free of 115 GB
    Total RAM: 3071 MB (76% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:27:59, on 07/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\perl\bin\perl.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
    C:\MySql\Bin\MySqld-nt.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\OOffice2\program\soffice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\OOffice2\program\soffice.BIN
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\compte ff\Bureau\RSIT.exe
    C:\Program Files\trend micro\compte ff.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.youtube.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - .DEFAULT User Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\OOffice2\program\quickstart.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O20 - AppInit_DLLs: C:\WINDOWS\System32\DOCOBJ32.dll
    O20 - Winlogon Notify: f8b0aac6548 - C:\WINDOWS\System32\DOCOBJ32.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: DGIAV - ActiveState, a division of Sophos - c:\perl\bin\perl.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MySql - Unknown owner - C:\MySql\Bin\MySqld-nt.exe

    --
    End of file - 6468 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-06 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-06 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-06 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2005-09-19 106571]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-06 136600]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\Documents and Settings\compte ff\Menu Démarrer\Programmes\Démarrage
    OpenOffice.org 2.2.lnk - C:\OOffice2\program\quickstart.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\System32\DOCOBJ32.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f8b0aac6548]
    C:\WINDOWS\System32\DOCOBJ32.dll [2009-03-07 139264]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "C:\Perl\bin\perl.exe"="C:\Perl\bin\perl.exe:*:Enabled:p erl Command Line Interpreter"
    "C:\Program Files\Cobian Backup 7\cobui.exe"="C:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface"
    "C:\Program Files\Cobian Backup 7\CobBU.exe"="C:\Program Files\Cobian Backup 7\CobBU.exe:*:Enabled:Cobian Backup 7 Application"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-03-07 14:06:39 ----D---- C:\_OTMoveIt
    2009-03-07 13:17:54 ----D---- C:\Program Files\trend micro
    2009-03-07 13:17:53 ----D---- C:\rsit
    2009-03-07 12:15:56 ----A---- C:\WINDOWS\system32\Machnm1.exe
    2009-03-07 12:04:00 ----D---- C:\Program Files\CCleaner
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\muweb.dll
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2009-03-07 12:02:42 ----A---- C:\WINDOWS\system32\mucltui.dll
    2009-03-06 21:02:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Malwarebytes
    2009-03-06 20:59:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-06 20:59:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-06 20:56:43 ----A---- C:\WINDOWS\GnuHashes.ini
    2009-03-06 20:49:08 ----A---- C:\WINDOWS\system32\DOCOBJ32.dll
    2009-03-06 20:37:48 ----D---- C:\Documents and Settings\compte ff\Application Data\teamspeak2
    2009-03-06 20:37:39 ----D---- C:\Program Files\Teamspeak2_RC2
    2009-03-06 20:11:59 ----D---- C:\Program Files\uTorrent
    2009-03-06 20:11:53 ----D---- C:\Documents and Settings\compte ff\Application Data\uTorrent
    2009-03-06 20:04:18 ----D---- C:\Documents and Settings\compte ff\Application Data\Adobe
    2009-03-06 20:03:52 ----D---- C:\Documents and Settings\compte ff\Application Data\LimeWire
    2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-06 20:02:53 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-06 19:59:39 ----D---- C:\Documents and Settings\compte ff\Application Data\Sun
    2009-03-06 19:59:31 ----D---- C:\Program Files\LimeWire
    2009-03-06 19:59:14 ----D---- C:\Program Files\Microsoft
    2009-03-06 19:58:59 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-03-06 19:58:39 ----D---- C:\Program Files\Windows Live
    2009-03-06 19:50:56 ----D---- C:\Documents and Settings\compte ff\Application Data\Mozilla
    2009-03-06 19:50:52 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs\Windows Live
    2009-03-06 19:46:05 ----D---- C:\Program Files\GUILD WARS
    2009-03-06 19:42:53 ----D---- C:\Documents and Settings\compte ff\Application Data\Macromedia
    2009-03-06 19:30:27 ----D---- C:\Program Files\Avira
    2009-03-06 19:30:27 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-03-06 16:54:13 ----D---- C:\Program Files\SAGEM
    2009-03-06 16:36:59 ----D---- C:\Program Files\Securitoo
    2009-03-06 16:27:11 ----D---- C:\Program Files\PowerPacket
    2009-03-05 14:33:19 ----D---- C:\Documents and Settings\compte ff\Application Data\Identities
    2009-03-05 14:33:13 ----ASH---- C:\Documents and Settings\compte ff\Application Data\desktop.ini
    2009-03-05 14:33:12 ----SD---- C:\Documents and Settings\compte ff\Application Data\Microsoft
    2009-03-05 14:33:12 ----D---- C:\Documents and Settings\compte ff\Application Data\OpenOffice.org2
    2009-03-05 13:52:18 ----D---- C:\WINDOWS\system32\NtmsData
    2009-03-05 13:48:19 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-05 13:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    ======List of files/folders modified in the last 1 months======

    2009-03-07 14:27:55 ----D---- C:\WINDOWS\Temp
    2009-03-07 14:22:48 ----D---- C:\WINDOWS\Prefetch
    2009-03-07 14:08:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-07 14:08:25 ----D---- C:\WINDOWS
    2009-03-07 14:07:58 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-07 14:07:44 ----D---- C:\WINDOWS\system32
    2009-03-07 14:07:16 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-07 14:03:50 ----SD---- C:\WINDOWS\Tasks
    2009-03-07 14:03:50 ----RD---- C:\Program Files
    2009-03-07 14:03:33 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-07 12:05:54 ----D---- C:\WINDOWS\Debug
    2009-03-07 12:02:42 ----HD---- C:\WINDOWS\inf
    2009-03-07 12:02:22 ----D---- C:\WINDOWS\Help
    2009-03-06 21:02:11 ----D---- C:\WINDOWS\system32\drivers
    2009-03-06 21:00:04 ----SHD---- C:\WINDOWS\Installer
    2009-03-06 20:48:58 ----D---- C:\Program Files\Windows Media Player
    2009-03-06 20:20:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-06 20:02:45 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-06 20:02:43 ----D---- C:\Program Files\Java
    2009-03-06 19:59:24 ----D---- C:\WINDOWS\WinSxS
    2009-03-06 19:59:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-06 19:58:44 ----RSD---- C:\WINDOWS\Fonts
    2009-03-06 19:47:52 ----D---- C:\Program Files\Fichiers communs
    2009-03-06 16:19:54 ----SHD---- C:\RECYCLER
    2009-03-05 15:23:12 ----D---- C:\Program Files\Cobian Backup 7
    2009-03-05 14:33:12 ----D---- C:\Documents and Settings
    2009-03-05 13:56:41 ----D---- C:\WINDOWS\repair
    2009-03-05 13:56:39 ----D---- C:\WINDOWS\Registration
    2009-03-05 13:47:30 ----D---- C:\temp
    2009-03-05 13:27:44 ----D---- C:\WINDOWS\system32\appmgmt
    2009-03-05 13:27:44 ----D---- C:\Program Files\ALTO
    2009-03-05 13:23:16 ----H---- C:\WINDOWS\system32\FFASTLOG.TXT

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-06 75072]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-06 21419]
    R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Common\FSfilter.sys []
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Common\fsgk.sys []
    R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Common\FSrec.sys []
    R2 FSpm;F-Secure Policy Manager; \??\C:\Program Files\F-Secure\Common\FSPM.SYS []
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]
    S3 PLCMP532;PLCMP532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCMP532.sys []
    S3 PLCND532;PLCND532 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PLCND532.sys [2007-08-08 26656]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]
    R2 DGIAV;DGIAV; c:\perl\bin\perl.exe [2004-06-01 41050]
    R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2005-09-19 61516]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-06 152984]
    R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe [2002-12-17 7520337]
    R2 MySql;MySql; C:\MySql\Bin\MySqld-nt.exe [2003-07-21 2244608]
    R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2005-09-19 110668]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe []
    S2 FSAA;F-Secure Authentication Agent; C:\Program Files\F-Secure\Common\FSAA.EXE [2005-09-19 225280]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
    S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB; C:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE [2002-12-17 311872]

    -----------------EOF-----------------
    m
    0
    l
    a b 8 Sécurité
    7 Mars 2009 14:32:16

    Il est revenu, on va faire autrement.

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    m
    0
    l
    7 Mars 2009 14:41:35

    ComboFix 09-03-06.02 - compte ff 2009-03-07 14:37:01.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2421 [GMT 1:00]
    Lancé depuis: c:\documents and settings\compte ff\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\compte ff\Application Data\02000000ad946441548C.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548O.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548P.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548S.manifest
    c:\documents and settings\compte ff\Application Data\PLCLIB32.dll
    c:\windows\GnuHashes.ini
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\setup.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-07 14:06 . 2009-03-07 14:06 <REP> d-------- C:\_OTMoveIt
    2009-03-07 13:17 . 2009-03-07 13:18 <REP> d-------- C:\rsit
    2009-03-07 13:17 . 2009-03-07 14:27 <REP> d-------- c:\program files\trend micro
    2009-03-07 12:16 . 2009-03-07 12:16 3,120 --a------ c:\windows\118294.78
    2009-03-07 12:15 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
    2009-03-07 12:15 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
    2009-03-07 12:15 . 2009-03-07 12:15 3,120 --a------ c:\windows\system32\118290.54
    2009-03-07 12:15 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
    2009-03-07 12:04 . 2009-03-07 12:04 <REP> d-------- c:\program files\CCleaner
    2009-03-07 12:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-07 12:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-03-07 12:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-06 21:02 . 2009-03-06 21:02 <REP> d-------- c:\documents and settings\compte ff\Application Data\Malwarebytes
    2009-03-06 20:59 . 2009-03-06 21:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-06 20:59 . 2009-03-06 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-06 20:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-06 20:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-06 20:49 . 2009-03-07 14:07 139,264 --a------ c:\windows\system32\DOCOBJ32.dll
    2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\program files\Teamspeak2_RC2
    2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\teamspeak2
    2009-03-06 20:37 . 2009-03-06 20:37 34,064 --a------ c:\windows\system32\lhacm.acm
    2009-03-06 20:11 . 2009-03-06 20:11 <REP> d-------- c:\program files\uTorrent
    2009-03-06 20:11 . 2009-03-07 14:07 <REP> d-------- c:\documents and settings\compte ff\Application Data\uTorrent
    2009-03-06 20:10 . 2009-03-06 20:10 <REP> d---s---- c:\documents and settings\compte ff\UserData
    2009-03-06 20:03 . 2009-03-07 14:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\LimeWire
    2009-03-06 20:02 . 2009-03-06 20:02 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-03-06 20:02 . 2009-03-06 20:02 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-03-06 20:01 . 2009-03-07 14:09 <REP> d-------- c:\documents and settings\compte ff\Tracing
    2009-03-06 19:59 . 2009-03-06 19:59 <REP> d-------- c:\program files\Microsoft
    2009-03-06 19:59 . 2009-03-06 20:03 <REP> d-------- c:\program files\LimeWire
    2009-03-06 19:58 . 2009-03-06 19:58 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-03-06 19:58 . 2009-03-06 19:59 <REP> d-------- c:\program files\Windows Live
    2009-03-06 19:50 . 2009-03-06 19:50 0 --a------ c:\windows\nsreg.dat
    2009-03-06 19:47 . 2009-03-06 19:47 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-03-06 19:46 . 2009-03-06 20:18 <REP> d-------- c:\program files\GUILD WARS
    2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\program files\Avira
    2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-06 16:54 . 2009-03-06 16:54 <REP> d-------- c:\program files\SAGEM
    2009-03-06 16:36 . 2009-03-06 16:36 <REP> d-------- c:\program files\Securitoo
    2009-03-06 16:27 . 2009-03-06 16:27 <REP> d-------- c:\program files\PowerPacket
    2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage réseau
    2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage d'impression
    2009-03-05 14:33 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte ff\Modèles
    2009-03-05 14:33 . 2009-03-06 20:04 <REP> dr------- c:\documents and settings\compte ff\Mes documents
    2009-03-05 14:33 . 2009-03-06 20:11 <REP> dr------- c:\documents and settings\compte ff\Menu Démarrer
    2009-03-05 14:33 . 2009-03-05 14:33 <REP> dr------- c:\documents and settings\compte ff\Favoris
    2009-03-05 14:33 . 2009-03-07 14:34 <REP> d-------- c:\documents and settings\compte ff\Bureau
    2009-03-05 14:33 . 2009-03-07 14:09 <REP> d-------- c:\documents and settings\compte ff\Application Data\OpenOffice.org2
    2009-03-05 14:33 . 2009-03-07 12:06 <REP> d-------- c:\documents and settings\compte ff
    2009-03-05 13:52 . 2009-03-05 13:56 <REP> d-------- c:\windows\system32\NtmsData
    2009-03-05 13:48 . 2009-03-06 21:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-05 13:48 . 2009-03-07 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-05 13:47 . 2009-03-05 13:47 15,083,520 --------- c:\temp\spybotsd16030.exe
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage réseau
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage d'impression
    2009-03-05 13:25 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte2\Modèles
    2009-03-05 13:25 . 2009-03-05 13:25 <REP> dr------- c:\documents and settings\compte2\Mes documents
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> dr------- c:\documents and settings\compte2\Menu Démarrer
    2009-03-05 13:25 . 2009-03-05 13:26 <REP> dr------- c:\documents and settings\compte2\Favoris
    2009-03-05 13:25 . 2009-03-05 13:48 <REP> d-------- c:\documents and settings\compte2\Bureau
    2009-03-05 13:25 . 2009-03-06 17:41 <REP> d-------- c:\documents and settings\compte2\Application Data\OpenOffice.org2
    2009-03-05 13:25 . 2009-03-05 16:01 <REP> d-------- c:\documents and settings\compte2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-07 13:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-06 19:02 --------- d-----w c:\program files\Java
    2009-03-05 14:23 --------- d-----w c:\program files\Cobian Backup 7
    2009-03-05 12:27 --------- d-----w c:\program files\ALTO
    2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-01-07 14:27 74,752 ------w c:\windows\ST6UNST.EXE
    2009-01-07 14:27 253,952 ------w c:\windows\Setup1.exe
    2009-01-07 14:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2007-08-08 13:40 26,656 ----a-w c:\documents and settings\compte ff\Application Data\PLCND532.sys
    2007-08-08 13:39 40,992 ----a-w c:\documents and settings\compte ff\Application Data\PLCND564.sys
    2004-04-26 09:53 94,208 ----a-w c:\documents and settings\compte ff\Application Data\PLCLIB.dll
    2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-09-19 106571]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

    c:\documents and settings\compte2\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

    c:\documents and settings\compte ff\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8b0aac6548]
    2009-03-07 14:07 139264 c:\windows\system32\DOCOBJ32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\DOCOBJ32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Perl\\bin\\perl.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    R2 DGIAV;DGIAV;c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots --> c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots [?]
    R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Common\fsfilter.sys [2008-08-08 14640]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Common\fsgk.sys [2008-08-08 79600]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Common\fsrec.sys [2008-08-08 12944]
    R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [2008-08-08 65328]
    R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB [?]
    S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?]
    S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [2007-08-08 26656]
    S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB [?]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = www.youtube.com
    mStart Page = www.youtube.com
    FF - ProfilePath - c:\documents and settings\compte ff\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-07 14:37:43
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(724)
    c:\windows\System32\DOCOBJ32.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(784)
    c:\windows\System32\DOCOBJ32.dll
    .
    Heure de fin: 2009-03-07 14:38:29
    ComboFix-quarantined-files.txt 2009-03-07 13:38:27

    Avant-CF: 111 621 758 976 octets libres
    Après-CF: 111,632,355,328 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    185
    m
    0
    l
    a b 8 Sécurité
    7 Mars 2009 15:08:46

    Pas beaucoup d'info sur la dll quand même. Tu peux l'analyser sur le site VirusTotal ?
    c:\windows\System32\DOCOBJ32.dll
    m
    0
    l
    7 Mars 2009 15:16:21

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.03.07 -
    AhnLab-V3 5.0.0.2 2009.02.27 -
    AntiVir 7.9.0.105 2009.03.07 TR/Spy.Gen
    Authentium 5.1.0.4 2009.03.06 W32/Heuristic-KPP!Eldorado
    Avast 4.8.1335.0 2009.03.06 -
    AVG 8.0.0.237 2009.03.06 Agent.BBYI
    BitDefender 7.2 2009.03.07 Trojan.Generic.1536445
    CAT-QuickHeal 10.00 2009.03.07 -
    ClamAV 0.94.1 2009.03.06 -
    Comodo 1030 2009.03.06 -
    DrWeb 4.44.0.09170 2009.03.07 Trojan.DownLoader.origin
    eSafe 7.0.17.0 2009.03.05 -
    eTrust-Vet 31.6.6386 2009.03.06 Win32/Benload!generic
    F-Prot 4.4.4.56 2009.03.06 W32/Heuristic-KPP!Eldorado
    F-Secure 8.0.14470.0 2009.03.07 -
    Fortinet 3.117.0.0 2009.03.07 -
    GData 19 2009.03.07 Trojan.Generic.1536445
    Ikarus T3.1.1.45.0 2009.03.07 -
    K7AntiVirus 7.10.660 2009.03.06 -
    Kaspersky 7.0.0.125 2009.03.07 -
    McAfee 5545 2009.03.06 Downloader-BMN
    McAfee+Artemis 5545 2009.03.06 Downloader-BMN
    Microsoft 1.4405 2009.03.07 TrojanDownloader:Win32/Tracur.A
    NOD32 3917 2009.03.07 a variant of Win32/Agent.OAF
    Norman 6.00.06 2009.03.06 -
    nProtect 2009.1.8.0 2009.03.07 -
    Panda 10.0.0.10 2009.03.07 Suspicious file
    PCTools 4.4.2.0 2009.03.07 -
    Prevx1 V2 2009.03.07 Medium Risk Malware
    Rising 21.19.42.00 2009.03.06 -
    SecureWeb-Gateway 6.7.6 2009.03.07 Trojan.Spy.Gen
    Sophos 4.39.0 2009.03.07 Troj/Agent-INP
    Sunbelt 3.2.1858.2 2009.03.07 -
    Symantec 1.4.4.12 2009.03.07 Backdoor.Trojan
    TheHacker 6.3.2.7.274 2009.03.07 -
    TrendMicro 8.700.0.1004 2009.03.06 -
    VBA32 3.12.10.1 2009.03.07 -
    ViRobot 2009.3.7.1639 2009.03.07 -
    VirusBuster 4.5.11.0 2009.03.07 -
    Information additionnelle
    File size: 139264 bytes
    MD5...: 4e31d48bc4a3dda96317ef34556d617f
    SHA1..: ca0d7598e79c8c41f29838bffa7c92dc6c00db99
    SHA256: 47a39b82c6889dd01c98daf1795ac1466498f18da81869055a40456b6dc0edc4
    SHA512: b6640bd6fd8c4ae75dd6b42b7ee686896267721760d07a077696570cc9f89b55
    b0839ea2485d7e03290a73c5e3032393b583fc444bbd1b3358fdd1bcbc908ea1
    ssdeep: 3072:/f42XzsiKGYNPtvi8ykwlcm7TBf+8NZVVaXju:/A2DCdjvi8ykwlcm7TBm8
    rVAu
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x2035
    timedatestamp.....: 0x49afe844 (Thu Mar 05 14:57:08 2009)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x16b40 0x17000 6.54 3e8f01af7857183feed55b5cdf50cffd
    .rdata 0x18000 0x6679 0x7000 6.44 8838c186c6501d2378cc4dd2024988dd
    .data 0x1f000 0x16e8 0x1000 2.11 52761104ccc5ef26ceb1c2015e150382
    .reloc 0x21000 0x1c30 0x2000 6.10 25e1675accf1019881c54073d2803e36

    ( 11 imports )
    > ntdll.dll: strlen, _strnicmp, strstr, tolower, _stricmp, _snprintf, atoi, _itoa, _ultoa, memcpy, memcmp, memset, _chkstk, _allmul, _alldiv
    > msvcrt.dll: strtok
    > WS2_32.dll: -, WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, WSARecv, -, WSAGetOverlappedResult, -, -, -, -, -, WSACreateEvent, -
    > WININET.dll: InternetCloseHandle, HttpAddRequestHeadersA, HttpQueryInfoA, HttpOpenRequestA, HttpSendRequestA, InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetConnectA, InternetSetOptionA
    > OLEAUT32.dll: -, -
    > SHLWAPI.dll: PathFileExistsA
    > KERNEL32.dll: ReadFile, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, GetVersionExA, FindClose, RemoveDirectoryA, TransactNamedPipe, HeapCreate, HeapSetInformation, HeapDestroy, FindFirstFileA, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, FreeLibrary, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, MapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, InterlockedExchange, CreateEventA, TlsSetValue, TlsGetValue, TlsAlloc, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, VirtualFreeEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, lstrlenA, InterlockedCompareExchange, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, CreateFileA, GetCurrentProcess, WriteFile, EnterCriticalSection, GetFileSize, CreateThread, WaitForMultipleObjects, lstrcpyA, OpenProcess, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, DisconnectNamedPipe, GetTempPathA, lstrcmpA, SetFilePointer, SetEndOfFile, GetTickCount, GetSystemDefaultLangID, GetTempFileNameA, DeleteCriticalSection, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetFileAttributesA, LoadLibraryA, GetSystemDirectoryA, CreateRemoteThread
    > USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
    > ADVAPI32.dll: OpenSCManagerA, RegCreateKeyExA, CloseServiceHandle, OpenServiceA, ChangeServiceConfigA, ControlService, RegQueryValueExA, RegDeleteKeyA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
    > SHELL32.dll: ShellExecuteA, SHGetFolderPathA
    > ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance

    ( 2 exports )
    DllGetClassObject, EventStartup
    Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=613C047F...' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=613C047F...;/a>
    m
    0
    l
    a b 8 Sécurité
    7 Mars 2009 15:20:28

    On retente la suppression :o 

    Sélectionne l'intégralité du cadre ci-dessous :

    Rootkit::
    c:\windows\System32\DOCOBJ32.dll

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f8b0aac6548]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    m
    0
    l
    7 Mars 2009 16:21:38

    combo fixe ne se relance pas, le script n'est pas bien écrit...
    m
    0
    l
    7 Mars 2009 16:29:38

    Ok, Re! J'avais mal nommé le script... my bad =(

    Voila le rapport!
    ComboFix 09-03-06.02 - compte ff 2009-03-07 16:24:00.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.3071.2410 [GMT 1:00]
    Lancé depuis: c:\documents and settings\compte ff\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\compte ff\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\compte ff\Application Data\02000000ad946441548C.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548O.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548P.manifest
    c:\documents and settings\compte ff\Application Data\02000000ad946441548S.manifest
    c:\windows\GnuHashes.ini
    c:\windows\System32\DOCOBJ32.dll
    c:\windows\system32\GroupPolicy000.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-07 14:52 . 2009-03-07 14:53 <REP> d--hs---- c:\windows\system32\LocalService32
    2009-03-07 14:52 . 2009-03-07 14:52 374,272 --ahs---- c:\windows\system32\13.tmp
    2009-03-07 14:06 . 2009-03-07 14:06 <REP> d-------- C:\_OTMoveIt
    2009-03-07 13:17 . 2009-03-07 13:18 <REP> d-------- C:\rsit
    2009-03-07 13:17 . 2009-03-07 14:27 <REP> d-------- c:\program files\trend micro
    2009-03-07 12:16 . 2009-03-07 12:16 3,120 --a------ c:\windows\118294.78
    2009-03-07 12:15 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
    2009-03-07 12:15 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
    2009-03-07 12:15 . 2009-03-07 12:15 3,120 --a------ c:\windows\system32\118290.54
    2009-03-07 12:15 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
    2009-03-07 12:04 . 2009-03-07 12:04 <REP> d-------- c:\program files\CCleaner
    2009-03-07 12:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-07 12:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-03-07 12:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-06 21:02 . 2009-03-06 21:02 <REP> d-------- c:\documents and settings\compte ff\Application Data\Malwarebytes
    2009-03-06 20:59 . 2009-03-06 21:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-06 20:59 . 2009-03-06 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-06 20:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-06 20:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\program files\Teamspeak2_RC2
    2009-03-06 20:37 . 2009-03-06 20:37 <REP> d-------- c:\documents and settings\compte ff\Application Data\teamspeak2
    2009-03-06 20:37 . 2009-03-06 20:37 34,064 --a------ c:\windows\system32\lhacm.acm
    2009-03-06 20:11 . 2009-03-06 20:11 <REP> d-------- c:\program files\uTorrent
    2009-03-06 20:11 . 2009-03-07 14:07 <REP> d-------- c:\documents and settings\compte ff\Application Data\uTorrent
    2009-03-06 20:10 . 2009-03-06 20:10 <REP> d---s---- c:\documents and settings\compte ff\UserData
    2009-03-06 20:03 . 2009-03-07 16:24 <REP> d-------- c:\documents and settings\compte ff\Application Data\LimeWire
    2009-03-06 20:02 . 2009-03-06 20:02 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-03-06 20:02 . 2009-03-06 20:02 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-03-06 20:01 . 2009-03-07 16:26 <REP> d-------- c:\documents and settings\compte ff\Tracing
    2009-03-06 19:59 . 2009-03-06 19:59 <REP> d-------- c:\program files\Microsoft
    2009-03-06 19:59 . 2009-03-06 20:03 <REP> d-------- c:\program files\LimeWire
    2009-03-06 19:58 . 2009-03-06 19:58 <REP> d-------- c:\program files\Windows Live SkyDrive
    2009-03-06 19:58 . 2009-03-06 19:59 <REP> d-------- c:\program files\Windows Live
    2009-03-06 19:50 . 2009-03-06 19:50 0 --a------ c:\windows\nsreg.dat
    2009-03-06 19:47 . 2009-03-06 19:47 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-03-06 19:46 . 2009-03-06 20:18 <REP> d-------- c:\program files\GUILD WARS
    2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\program files\Avira
    2009-03-06 19:30 . 2009-03-06 19:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-03-06 16:54 . 2009-03-06 16:54 <REP> d-------- c:\program files\SAGEM
    2009-03-06 16:36 . 2009-03-06 16:36 <REP> d-------- c:\program files\Securitoo
    2009-03-06 16:27 . 2009-03-06 16:27 <REP> d-------- c:\program files\PowerPacket
    2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage réseau
    2009-03-05 14:33 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte ff\Voisinage d'impression
    2009-03-05 14:33 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte ff\Modèles
    2009-03-05 14:33 . 2009-03-06 20:04 <REP> dr------- c:\documents and settings\compte ff\Mes documents
    2009-03-05 14:33 . 2009-03-06 20:11 <REP> dr------- c:\documents and settings\compte ff\Menu Démarrer
    2009-03-05 14:33 . 2009-03-05 14:33 <REP> dr------- c:\documents and settings\compte ff\Favoris
    2009-03-05 14:33 . 2009-03-07 16:23 <REP> d-------- c:\documents and settings\compte ff\Bureau
    2009-03-05 14:33 . 2009-03-07 16:26 <REP> d-------- c:\documents and settings\compte ff\Application Data\OpenOffice.org2
    2009-03-05 14:33 . 2009-03-07 12:06 <REP> d-------- c:\documents and settings\compte ff
    2009-03-05 13:52 . 2009-03-05 13:56 <REP> d-------- c:\windows\system32\NtmsData
    2009-03-05 13:48 . 2009-03-06 21:12 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-03-05 13:48 . 2009-03-07 12:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-05 13:47 . 2009-03-05 13:47 15,083,520 --------- c:\temp\spybotsd16030.exe
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage réseau
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> d--h----- c:\documents and settings\compte2\Voisinage d'impression
    2009-03-05 13:25 . 2008-08-06 08:51 <REP> d--h----- c:\documents and settings\compte2\Modèles
    2009-03-05 13:25 . 2009-03-05 13:25 <REP> dr------- c:\documents and settings\compte2\Mes documents
    2009-03-05 13:25 . 2008-08-06 10:42 <REP> dr------- c:\documents and settings\compte2\Menu Démarrer
    2009-03-05 13:25 . 2009-03-05 13:26 <REP> dr------- c:\documents and settings\compte2\Favoris
    2009-03-05 13:25 . 2009-03-05 13:48 <REP> d-------- c:\documents and settings\compte2\Bureau
    2009-03-05 13:25 . 2009-03-06 17:41 <REP> d-------- c:\documents and settings\compte2\Application Data\OpenOffice.org2
    2009-03-05 13:25 . 2009-03-05 16:01 <REP> d-------- c:\documents and settings\compte2

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-07 13:03 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-06 19:02 --------- d-----w c:\program files\Java
    2009-03-05 14:23 --------- d-----w c:\program files\Cobian Backup 7
    2009-03-05 12:27 --------- d-----w c:\program files\ALTO
    2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-01-07 14:27 74,752 ------w c:\windows\ST6UNST.EXE
    2009-01-07 14:27 253,952 ------w c:\windows\Setup1.exe
    2009-01-07 14:26 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2007-08-08 13:40 26,656 ----a-w c:\documents and settings\compte ff\Application Data\PLCND532.sys
    2007-08-08 13:39 40,992 ----a-w c:\documents and settings\compte ff\Application Data\PLCND564.sys
    2004-04-26 09:53 94,208 ----a-w c:\documents and settings\compte ff\Application Data\PLCLIB.dll
    2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-07_14.37.57,39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-06 19:09:23 241,536 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-03-07 15:25:33 241,536 ----a-w c:\windows\system32\FNTCACHE.DAT
    + 2009-03-07 15:26:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e8.dat
    + 2009-03-07 15:26:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_240.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-09-19 106571]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-06 136600]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

    c:\documents and settings\compte2\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

    c:\documents and settings\compte ff\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - c:\ooffice2\program\quickstart.exe [2007-02-02 393216]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Perl\\bin\\perl.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    R2 DGIAV;DGIAV;c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots --> c:\perl\bin\perl.exe c:\dgiav\bin\scripts\P0.pl -machine=PDT-NSTD -serveur=av-inter1.appli.impots [?]
    R2 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Common\fsfilter.sys [2008-08-08 14640]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Common\fsgk.sys [2008-08-08 79600]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Common\fsrec.sys [2008-08-08 12944]
    R2 FSpm;F-Secure Policy Manager;c:\program files\F-Secure\Common\FSpm.sys [2008-08-08 65328]
    R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe -sMPSC_DB [?]
    S3 PLCMP532;PLCMP532 NDIS Protocol Driver;c:\windows\system32\Drivers\PLCMP532.sys --> c:\windows\system32\Drivers\PLCMP532.sys [?]
    S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [2007-08-08 26656]
    S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB --> c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlagent.EXE -i MPSC_DB [?]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = www.youtube.com
    mStart Page = www.youtube.com
    FF - ProfilePath - c:\documents and settings\compte ff\Application Data\Mozilla\Firefox\Profiles\hhi9hzp5.default\
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-07 16:26:32
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\perl\bin\perl.exe
    c:\ooffice2\program\soffice.exe
    c:\ooffice2\program\soffice.bin
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exe
    c:\mysql\bin\mysqld-nt.exe
    c:\program files\F-Secure\Common\FSMA32.exe
    c:\program files\F-Secure\Common\FSMB32.exe
    c:\program files\F-Secure\Common\fch32.exe
    c:\program files\F-Secure\Common\FAMEH32.exe
    c:\program files\F-Secure\Common\FNRB32.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    c:\program files\F-Secure\Common\FIH32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-07 16:27:47 - La machine a redémarré [compte ff]
    ComboFix-quarantined-files.txt 2009-03-07 15:27:44
    ComboFix2.txt 2009-03-07 13:38:30

    Avant-CF: 111 308 144 640 octets libres
    Après-CF: 111,297,163,264 octets libres

    199


    J'ai l'impression que ca a marché, merci beaucoup de ton aide et de ta patience!
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS