Se connecter / S'enregistrer
Votre question

Virus très envahissant...

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Janvier 2009 13:17:04

Bien par ou commencer...
Je suis contaminer depuis un moment par plusieurs choses :

Tout d'abord, j'ai enclenché une petite cochonnerie nommée "a.bat" qui m'a causé des soucis (Le non démmarage de mes antivirus et firewall, le blocage de plusieurs processus système ect...) et j'ai fais un gros nétoyage avec Hijackthis, spybot, ADaware ect...
J'ai repassé plusieurs fois après redémarrage des scans onlines comme Bitdefender.....
Il ne me trouvait plus d'infection....
Puis des fenêtres intempestives s'ouvraient dans Firefox et IE se déclenchait tout seul avec des onglets qui se multipliaient encore à l'infini.....
J'ai déjà suivit pas loin de 20 méthodes différentes mais il y'a toujours ces cochonneries dans les registres et ailleurs et quand je les vires avec Spybot ou autre, ils réapparaissent... Si je les effacent dans les registre (Current verssion\Run) il réapparaissent, quand je les modifient, ils réapparaissent...
Pareil, les fichiers DLL dans "systrem32" aux noms complètement extravagants, je les changent en fichiers ".txt" et ils reviennent sous un autre nom aussi loufoque... Si je les fixent avec Hijackthis, ils réaparaissent au scan suivant......

Je vous post nue copie du log hijackthis si celà peut vous aider ou vous mettre sur la voix... Merci d'avance à toutes les braves âmes qui prendront un peu de temps pour sauver mon PC et mon cas désespéré......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:09, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Recreg\HiJackThis.exe

O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /H
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 6781 bytes


Je peux assurer que les lignes suivantes (tout les system32 aux noms étranges) sont des soucis :

O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll
O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

Et le nom dans les registres qui reviens souvent est : bekezojaru.....

Si quelqu'un peut m'aider s'il vous plait?.... MERCI! =)

Autres pages sur : virus tres envahissant

a b 8 Sécurité
18 Janvier 2009 13:36:05

Bonjour,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    18 Janvier 2009 17:34:51

    Tentative d'essais avec Combofix mais le soucis, c'est qu'il plante...
    Je suis A LA LETTRE les indications mais lorsque je fais glisser l'icone de restoration Windows + SP2 sur l'icone Combofix, une fenêtre de commande (MS Dos je pense) sur fond bleue s'ouvre et plante...

    EDIT : J'ai effectuer un arrêt au démarrage (Executer => MSconfig) des deux processus ce qui semble avoir réglé un soucis ou deux...
    Contenus similaires
    a b 8 Sécurité
    18 Janvier 2009 19:20:35

    C'est pas grave, n'installe pas la console de récup.
    19 Janvier 2009 21:07:16

    Voici la réponse de Combofix à une tentative de démarrage :

    "C.bat n'est pas reconnu en tant que commande interne ou externe, un programme executable ou un fichier de commandes"
    a b 8 Sécurité
    19 Janvier 2009 21:52:16

    Bizarre.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    20 Janvier 2009 00:46:16

    Voilà le rapport et après redémarrage (qu'il fallait faire en mode sans echec ou non?) il à planté à plusieurs reprises, impossible de le redémarrer en mode sans echec ou normale... J'ai donc fais un redémarrage en "derniers bon paramètres connus"...

    Ci join, le rapport :

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1668
    Windows 5.1.2600 Service Pack 3

    2009-01-20 00:34:48
    mbam-log-2009-01-20 (00-34-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 109362
    Temps écoulé: 54 minute(s), 10 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 20

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\zerajifu.dll (Trojan.Vundo.H) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bekezojaru (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5fd7c57e (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zerajifu.dll -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zerajifu.dll -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zerajifu.dll -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\holusifo.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\zerajifu.dll (Trojan.Vundo.H) -> No action taken.
    C:\Documents and Settings\Voodoobear\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\Voodoobear\Bureau\backups\backup-20090118-165432-719.dll (Trojan.Vundo.H) -> No action taken.
    C:\Recreg\backups\backup-20090116-155746-584.dll (Trojan.Vundo) -> No action taken.
    C:\Recreg\backups\backup-20090117-213442-234.dll (Trojan.Vundo.H) -> No action taken.
    C:\Recreg\backups\backup-20090117-213442-588.dll (Trojan.Vundo) -> No action taken.
    C:\Recreg\backups\backup-20090117-213612-555.dll (Trojan.Vundo.H) -> No action taken.
    C:\Recreg\backups\backup-20090118-110508-378.dll (Trojan.Vundo.H) -> No action taken.
    C:\Recreg\backups\backup-20090118-113231-315.dll (Trojan.Vundo.H) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0003950.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004107.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004111.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP10\A0004112.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP11\A0004131.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP11\A0004134.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\pstsqt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\subapade.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\tamawopi.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wavemile.dll (Trojan.Vundo) -> No action taken.


    Merci BEAUCOUP de l'aide et du temps fournis, j'en suis TRES reconaissant!!!
    a b 8 Sécurité
    20 Janvier 2009 13:19:59

    Tu as bien supprimé les infections avec MBAM ?
    20 Janvier 2009 13:34:55

    Voici ce que j'ai précisément fait :

    Redémarré Windows XP (en mode sans echec)
    Démarré MBAM
    Analyse complète (En mode sans echec)
    Enregistrement du log
    Tout supprimer
    MBAM à redémarré, impossible de passer l'écran de chargement Windows jusqu'à ce que je fasses "dernière bonne configuration"
    Et là, il à redémarré...

    Est-ce bon?
    a b 8 Sécurité
    20 Janvier 2009 13:52:08

    Reposte un rapport Hijackthis.
    Refais quand même un scan en attendant ma prochaine réponse.
    20 Janvier 2009 14:11:15

    Voici le dernier raport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:07, on 2009-01-20
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    O2 - BHO: (no name) - {4f1aa0d3-9302-4f9f-bc57-9181114dedea} - C:\WINDOWS\system32\holusifo.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\zerajifu.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 6459 bytes

    Merci de l'aide, je refais une analyse avec MBAM dans l'aprème...

    EDIT :

    Voici le rapport après un nouveau scan de MBAM et un succès (sans redémarrer) de suppression :


    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1668
    Windows 5.1.2600 Service Pack 3

    2009-01-20 15:18:45
    mbam-log-2009-01-20 (15-18-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 109678
    Temps écoulé: 54 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4f1aa0d3-9302-4f9f-bc57-9181114dedea} (Trojan.Vundo.H) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bekezojaru (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm5fd7c57e (Trojan.Vundo.H) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007115.exe (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007117.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007119.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007123.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007124.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007125.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP15\A0007126.dll (Trojan.Vundo) -> No action taken.


    a b 8 Sécurité
    20 Janvier 2009 20:34:58

    Tu supprimes bien les infections ? oO

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    20 Janvier 2009 22:44:35

    Oui je les suprimes mais quel que soit l'outil de supression que j'utilise, apparemment, les cochoneries reviennent toujours!!

    Je refais un scan demain et le post au pire juste pour voir...
    a b 8 Sécurité
    21 Janvier 2009 17:13:53

    Fais combofix :) 
    21 Janvier 2009 18:29:14

    J'en relance un et j'édite pour donner le rapport =).
    22 Janvier 2009 00:03:40

    IMPOSSIBLE de démarrer ComboFix depuis mon bureau donc, je l'ai passé en Mode sans echec et là, ça a fonctionné, voici le rapport :

    ComboFix 09-01-21.01 - Voodoobear 2009-01-21 23:40:18.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.365 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Firewall *disabled*

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\cqugpg.dll
    c:\windows\system32\eOpsCfhk.ini
    c:\windows\system32\gedekuye.dll
    c:\windows\system32\muvetuvo.dll
    c:\windows\system32\titobigi.dll
    c:\windows\system32\zerajifu.dll
    c:\windows\system32\zilosuzu.dll
    c:\windows\Tasks\czfxnepq.job

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://77.74.48.105
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-21 23:30 . 2009-01-21 23:30 <REP> d-------- C:\ComboFix.exe
    2009-01-21 21:50 . 2009-01-21 21:50 <REP> d-------- C:\Bibitte
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
    2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
    2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
    2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\nominenu.dll
    2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\miyowepa.dll
    2009-01-21 10:45 . 2009-01-21 10:45 2,724 ---hs---- c:\windows\system32\herugife.dll
    2009-01-20 10:44 . 2009-01-20 10:44 2,724 ---hs---- c:\windows\system32\gubebusi.dll
    2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 22:44 . 2009-01-19 22:44 2,724 ---hs---- c:\windows\system32\fuzuwigi.dll
    2009-01-19 10:44 . 2009-01-19 10:44 2,724 ---hs---- c:\windows\system32\finobefe.dll
    2009-01-19 10:44 . 2009-01-19 10:44 2,724 ---hs---- c:\windows\system32\bavawapa.dll
    2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
    2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
    2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\wavowibi.dll
    2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\tunesega.dll
    2009-01-18 22:44 . 2009-01-18 22:44 2,724 ---hs---- c:\windows\system32\jisaleyu.dll
    2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
    2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
    2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-17 21:37 . 2009-01-18 16:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\vorosuka.dll
    2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\haditapo.dll
    2009-01-15 14:11 . 2009-01-15 14:11 2,724 ---hs---- c:\windows\system32\bozilajo.dll
    2009-01-14 14:29 . 2009-01-21 21:49 <REP> d-------- C:\Recreg
    2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
    2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
    2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
    2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
    2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
    2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
    2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
    2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
    2009-01-06 10:12 . 2009-01-19 14:22 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
    2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
    2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
    2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
    2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
    2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
    2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
    2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
    2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
    2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
    2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
    2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
    2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
    2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
    2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
    2009-01-05 10:11 . 2009-01-21 23:48 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
    2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
    2009-01-04 21:40 . 2009-01-04 21:43 2,330,880 --a------ c:\windows\system32\TUKernel.exe
    2009-01-04 21:21 . 2009-01-21 21:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
    2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
    2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
    2009-01-04 20:48 . 2009-01-04 21:32 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-04 20:48 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-04 19:30 . 2009-01-21 23:36 9,662,496 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-01-04 19:30 . 2009-01-21 23:36 113,936 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
    2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
    2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
    2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
    2009-01-04 19:21 . 2009-01-21 23:45 358,382 --a------ c:\windows\system32\vsconfig.xml
    2009-01-04 19:20 . 2009-01-21 23:49 <REP> d-------- c:\windows\Internet Logs
    2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
    2009-01-04 19:10 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
    2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
    2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
    2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
    2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
    2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
    2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-03 11:58 . 2009-01-04 20:48 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
    2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
    2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
    2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-11 10:07 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
    2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
    2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=G,c:\windows\system32\zerajifu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184]
    R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
    R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
    R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
    R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
    S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
    S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - PCANDIS5

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{4f1aa0d3-9302-4f9f-bc57-9181114dedea} - c:\windows\system32\holusifo.dll
    HKLM-Run-bekezojaru - c:\windows\system32\regikiho.dll
    HKLM-Run-CPM5fd7c57e - c:\windows\system32\rizizozu.dll
    MSConfigStartUp-bekezojaru - c:\windows\system32\regikiho.dll
    MSConfigStartUp-CPM5fd7c57e - c:\windows\system32\rizizozu.dll


    .
    ------- Examen supplémentaire -------
    .
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-21 23:50:06
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
    6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
    aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
    1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
    b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
    43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
    f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
    a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
    15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
    67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
    04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
    ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
    fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(992)
    c:\windows\DPPWDFLT.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\DigitalPersona\Bin\DpHost.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\snmp.exe
    c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-21 23:52:57 - La machine a redémarré [Voodoobear]
    ComboFix-quarantined-files.txt 2009-01-21 22:52:53

    Avant-CF: 5,892,304,896 octets libres
    Après-CF: 5,396,135,936 octets libres

    Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
    363 --- E O F --- 2009-01-06 09:20:44


    REMARQUE : Spybot n'arrête pas de s'exciter avec des changements registres liés, je pense, aux différents explorateur Internet installés sur ma machine avec des liens du genre

    http://go.microsoft.com/fwlink/?Linkld=54896



    Est-ce normale ou au moins bon signe?


    PS : Je m'y connait pas mal en informatique mais loin d'être un expert cependant.....
    Est ce que le Rundll32.exe qui lance les merdes de ces lignes au démarrage de windows ne peuvent pas être supprimés? :

    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a

    Car même en les décochants dans le MSconfig, il se réactivent et se recochent automatiquement au redémarrage.....

    Merci ENCORE pour l'aide fournie!!!!
    a b 8 Sécurité
    22 Janvier 2009 17:10:38

    Re,

    Re,

    On va s'en charger ;) 

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    c:\windows\system32\nominenu.dll
    c:\windows\system32\miyowepa.dll
    c:\windows\system32\herugife.dll
    c:\windows\system32\gubebusi.dll
    c:\windows\system32\fuzuwigi.dll
    c:\windows\system32\finobefe.dll
    c:\windows\system32\bavawapa.dll
    c:\windows\system32\wavowibi.dll
    c:\windows\system32\tunesega.dll
    c:\windows\system32\jisaleyu.dll
    c:\windows\system32\vorosuka.dll
    c:\windows\system32\haditapo.dll
    c:\windows\system32\bozilajo.dll


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    22 Janvier 2009 17:43:05

    Alors :

    "CFScript.txt" glissé sur ComboFix.exe
    Tout c'est bien déroullé et voici le raport :

    ComboFix 09-01-21.01 - Voodoobear 2009-01-22 17:22:53.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.282 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Firewall *disabled*
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\system32\bavawapa.dll
    c:\windows\system32\bozilajo.dll
    c:\windows\system32\finobefe.dll
    c:\windows\system32\fuzuwigi.dll
    c:\windows\system32\gubebusi.dll
    c:\windows\system32\haditapo.dll
    c:\windows\system32\herugife.dll
    c:\windows\system32\jisaleyu.dll
    c:\windows\system32\miyowepa.dll
    c:\windows\system32\nominenu.dll
    c:\windows\system32\tunesega.dll
    c:\windows\system32\vorosuka.dll
    c:\windows\system32\wavowibi.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bavawapa.dll
    c:\windows\system32\bozilajo.dll
    c:\windows\system32\finobefe.dll
    c:\windows\system32\fuzuwigi.dll
    c:\windows\system32\gubebusi.dll
    c:\windows\system32\haditapo.dll
    c:\windows\system32\herugife.dll
    c:\windows\system32\jisaleyu.dll
    c:\windows\system32\miyowepa.dll
    c:\windows\system32\nominenu.dll
    c:\windows\system32\tunesega.dll
    c:\windows\system32\vorosuka.dll
    c:\windows\system32\wavowibi.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-01-21 23:30 . 2009-01-21 23:30 <REP> d-------- C:\ComboFix.exe
    2009-01-21 21:50 . 2009-01-21 21:50 <REP> d-------- C:\Bibitte
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
    2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
    2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
    2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
    2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
    2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
    2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
    2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 14:29 . 2009-01-22 09:23 <REP> d-------- C:\Recreg
    2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
    2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
    2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
    2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
    2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
    2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
    2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
    2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
    2009-01-06 10:12 . 2009-01-22 13:28 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
    2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
    2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
    2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
    2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
    2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
    2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
    2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
    2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
    2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
    2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
    2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
    2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
    2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
    2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
    2009-01-05 10:11 . 2009-01-22 17:30 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
    2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
    2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
    2009-01-04 21:21 . 2009-01-21 21:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
    2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
    2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
    2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-04 19:30 . 2009-01-22 17:31 10,080,288 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-01-04 19:30 . 2009-01-22 17:26 122,288 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
    2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
    2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
    2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
    2009-01-04 19:21 . 2009-01-22 17:28 358,382 --a------ c:\windows\system32\vsconfig.xml
    2009-01-04 19:20 . 2009-01-22 17:16 <REP> d-------- c:\windows\Internet Logs
    2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
    2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
    2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
    2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
    2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
    2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
    2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
    2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
    2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
    2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
    2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
    2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
    2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
    2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
    2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
    2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll
    2009-01-02 21:49 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
    2009-01-02 21:49 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
    2009-01-02 21:49 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
    2009-01-02 21:49 . 2008-09-25 09:03 81,920 --a------ c:\windows\system32\dpl100.dll
    2009-01-02 21:49 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-11 10:07 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
    2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
    2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-21_23.51.51.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-14 02:34:20 33,792 -c--a-w c:\windows\system32\dllcache\rundll32.exe
    - 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 13:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
    - 2009-01-05 18:19:55 71,394 ----a-w c:\windows\system32\perfc009.dat
    + 2009-01-22 16:26:54 71,060 ----a-w c:\windows\system32\perfc009.dat
    - 2009-01-05 18:19:55 84,964 ----a-w c:\windows\system32\perfc00C.dat
    + 2009-01-22 16:26:54 84,526 ----a-w c:\windows\system32\perfc00C.dat
    - 2009-01-05 18:19:55 441,458 ----a-w c:\windows\system32\perfh009.dat
    + 2009-01-22 16:26:54 441,124 ----a-w c:\windows\system32\perfh009.dat
    - 2009-01-05 18:19:55 510,980 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-22 16:26:55 510,324 ----a-w c:\windows\system32\perfh00C.dat
    - 2007-11-30 04:39:30 18,296 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
    - 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2008-10-16 13:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2009-01-22 16:28:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1f0.dat
    + 2009-01-22 16:28:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat
    + 2009-01-22 16:28:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_628.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
    "bekezojaru"="c:\windows\system32\regikiho.dll" [BU]
    "CPM5fd7c57e"="c:\windows\system32\rizizozu.dll" [BU]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bekezojaru]
    c:\windows\system32\regikiho.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fd7c57e]
    c:\windows\system32\rizizozu.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-27 111184]
    R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
    R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
    R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
    R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
    R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
    S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
    S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-22 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-22 17:31:10
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
    6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
    aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
    1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
    b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
    43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
    f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
    a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
    15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
    67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
    04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
    ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
    fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(992)
    c:\windows\DPPWDFLT.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\DigitalPersona\Bin\DpHost.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\snmp.exe
    c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-22 17:34:01 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-22 16:33:58

    Avant-CF: 7 630 147 584 octets libres
    Après-CF: 7,614,115,840 octets libres

    Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
    397 --- E O F --- 2009-01-06 09:20:44

    Ensuite, Raport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:35:48, on 22/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 6162 bytes


    Dernier détail, j'ai réussis pour la première fois à fixer les lignes :

    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a

    Et après un scan, elle ne éaparaissent plus!!! Merveilleux!!!
    Mais il y'a je pense encore un hic...

    J'ai BIEN peur que le Rundll32.exe les relancent aau démarrage....
    Que faire, que faire....?

    PS : Après redémarrage : les deux lignes sont de nouveau là, plusieurs modifications on été faites dans mes configurations (réinitialisés) et certains éléments ne fonctionnent plus sous Firefox (Un TRES grand nombre d'images ne s'affichent plus, des cases à cocher ect....)
    23 Janvier 2009 21:59:51

    En principe, tout est fait correctement. (Et promis je ne fix plus rien sans permission ;)  )

    Voici le rapport :



    Avira AntiVir Personal
    Date de création du fichier de rapport : vendredi 23 janvier 2009 20:26

    La recherche porte sur 1272260 souches de virus.

    Détenteur de la licence :Avira AntiVir PersonalEdition Classic
    Numéro de série : 0000149996-ADJIE-0001
    Plateforme : Windows XP
    Version de Windows :( Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur :AKSHAYA

    Informations de version :
    BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
    AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
    LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 19:22:40
    ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 23/01/2009 19:22:51
    ANTIVIR3.VDF : 7.1.1.173 2048 Bytes 23/01/2009 19:22:51
    Version du moteur: 8.2.0.60
    AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
    AESCRIPT.DLL : 8.1.1.32 340347 Bytes 23/01/2009 19:23:10
    AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
    AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
    AEPACK.DLL : 8.1.3.5 393588 Bytes 23/01/2009 19:23:07
    AEOFFICE.DLL : 8.1.0.33 196987 Bytes 23/01/2009 19:23:05
    AEHEUR.DLL : 8.1.0.86 1552759 Bytes 23/01/2009 19:23:03
    AEHELP.DLL : 8.1.2.0 119159 Bytes 23/01/2009 19:22:55
    AEGEN.DLL : 8.1.1.10 323957 Bytes 23/01/2009 19:22:54
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
    AECORE.DLL : 8.1.5.2 172405 Bytes 23/01/2009 19:22:52
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
    RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

    Configuration pour la recherche actuelle :
    Nom de la tâche..................: Contrôle intégral du système
    Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Documentation....................: bas
    Action principale................: interactif
    Action secondaire................: ignorer
    Recherche sur les secteurs d'amorçage maître: marche
    Recherche sur les secteurs d'amorçage: marche
    Secteurs d'amorçage..............: C:, D:, E:,
    Recherche dans les programmes actifs: marche
    Recherche en cours sur l'enregistrement: marche
    Recherche de Rootkits............: arrêt
    Fichier mode de recherche........: Sélection de fichiers intelligente
    Recherche sur les archives.......: marche
    Limiter la profondeur de récursivité: 20
    Archive Smart Extensions.........: marche
    Heuristique de macrovirus........: marche
    Heuristique fichier..............: moyen

    Début de la recherche : vendredi 23 janvier 2009 20:26

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'WLANUTL.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DPAgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'point32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'type32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'atiptaxx.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DPFUSMgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'snmp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'slserv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DpHost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'aawservice.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '43' processus ont été contrôlés avec '43' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'E:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence.
    Le registre a été contrôlé ( '53' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    C:\Bibitte\catchme.cfexe
    [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49ee1a77.qua' !
    C:\ComboFix.exe\catchme.cfexe
    [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
    [AVERTISSEMENT] Fichier ignoré.
    C:\Documents and Settings\Voodoobear\Bureau\ComboFix.exe
    [0] Type d'archive: RAR SFX (self extracting)
    --> 32788R22FWJFW\catchme.cfexe
    [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e71b43.qua' !
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gedekuye.dll.vir
    [RESULTAT] Contient le cheval de Troie TR/PSW.OnlineGames.umpc
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49de211b.qua' !
    C:\Qoobox\Quarantine\C\WINDOWS\system32\muvetuvo.dll.vir
    [RESULTAT] Contient le cheval de Troie TR/Monder.anyg
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49f0212b.qua' !
    C:\Qoobox\Quarantine\C\WINDOWS\system32\titobigi.dll.vir
    [RESULTAT] Contient le cheval de Troie TR/Monder.anyg
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49ee211f.qua' !
    C:\System Volume Information\_restore{C46AB882-33F2-42D6-80C4-EAB8AA5B2BC7}\RP22\A0011644.exe
    [0] Type d'archive: RAR SFX (self extracting)
    --> 32788R22FWJFW\catchme.cfexe
    [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49aa2179.qua' !
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S1SP8JUH\pldr8[1].htm
    [RESULTAT] Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Crypted)
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49de2610.qua' !
    C:\WINDOWS\system32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Recherche débutant dans 'D:\'
    D:\RECYCLER\S-1-5-21-1482476501-746137067-839522115-1004\Dd16\Mogwai - Mogwai remix.mp3
    [RESULTAT] Contient le modèle de détection de l'exploit EXP/ASF.GetCodec.Gen
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49e127d1.qua' !
    Recherche débutant dans 'E:\' <Voodoobear>


    Fin de la recherche : vendredi 23 janvier 2009 21:34
    Temps nécessaire: 1:08:04 Heure(s)

    La recherche a été effectuée intégralement

    9075 Les répertoires ont été contrôlés
    270651 Des fichiers ont été contrôlés
    9 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    8 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    270640 Fichiers non infectés
    1687 Les archives ont été contrôlées
    3 Avertissements
    8 Consignes
    a b 8 Sécurité
    24 Janvier 2009 13:57:10

    Reposte un rapport Hijackthis.
    24 Janvier 2009 14:47:58

    Voilà voilà =) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:34:13, on 24/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7668 bytes
    a b 8 Sécurité
    24 Janvier 2009 19:05:44

    Bizarre, tu as bien fixer les lignes ?
    Refais un scan Combofix
    26 Janvier 2009 00:09:08

    Hop là, un rport tout frais... :

    ComboFix 09-01-21.04 - Voodoobear 2009-01-25 23:52:34.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.284 [GMT 1:00]
    Running from: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Firewall *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bikojoki.dll.tmp
    c:\windows\system32\lezaromo.dll.tmp
    c:\windows\system32\navavaze.dll.tmp
    c:\windows\system32\sadezaji.dll.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
    .

    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
    2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
    2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
    2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
    2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
    2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
    2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
    2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
    2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
    2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
    2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
    2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
    2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
    2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
    2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
    2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
    2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
    2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
    2009-01-06 10:12 . 2009-01-23 11:22 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
    2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
    2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
    2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
    2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
    2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
    2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
    2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
    2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
    2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
    2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
    2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
    2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
    2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
    2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
    2009-01-05 10:11 . 2009-01-26 00:00 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
    2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
    2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
    2009-01-04 21:21 . 2009-01-25 19:15 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
    2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-01-04 21:20 . 2009-01-04 21:20 <REP> d-------- c:\program files\Vuze
    2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
    2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-04 19:30 . 2009-01-26 00:01 12,259,360 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-01-04 19:30 . 2009-01-25 23:57 147,824 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
    2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
    2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
    2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
    2009-01-04 19:21 . 2009-01-25 23:58 358,382 --a------ c:\windows\system32\vsconfig.xml
    2009-01-04 19:20 . 2009-01-25 11:09 <REP> d-------- c:\windows\Internet Logs
    2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
    2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
    2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
    2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
    2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
    2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
    2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
    2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
    2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
    2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
    2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
    2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
    2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
    2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
    2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
    2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
    2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
    2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-21_23.51.51.42 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-23 18:39:56 262,144 ----a-w c:\windows\system32\config\systemprofile\NtUser.dat
    + 2008-04-14 02:34:20 33,792 -c--a-w c:\windows\system32\dllcache\rundll32.exe
    - 2008-10-16 13:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2008-10-16 13:12:24 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
    + 2006-02-28 11:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
    + 2006-02-28 11:41:22 53,248 ----a-w c:\windows\system32\dnssd.dll
    + 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
    + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
    + 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
    + 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
    + 2007-02-13 15:22:54 947,472 ----a-w c:\windows\system32\msjava.dll
    - 2009-01-05 18:19:55 71,394 ----a-w c:\windows\system32\perfc009.dat
    + 2009-01-23 18:48:16 71,510 ----a-w c:\windows\system32\perfc009.dat
    - 2009-01-05 18:19:55 84,964 ----a-w c:\windows\system32\perfc00C.dat
    + 2009-01-23 18:48:16 85,112 ----a-w c:\windows\system32\perfc00C.dat
    - 2009-01-05 18:19:55 441,458 ----a-w c:\windows\system32\perfh009.dat
    + 2009-01-23 18:48:16 441,766 ----a-w c:\windows\system32\perfh009.dat
    - 2009-01-05 18:19:55 510,980 ----a-w c:\windows\system32\perfh00C.dat
    + 2009-01-23 18:48:17 511,358 ----a-w c:\windows\system32\perfh00C.dat
    - 2007-11-30 04:39:30 18,296 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
    - 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2008-10-16 13:12:24 202,776 ----a-w c:\windows\system32\wuweb.dll
    + 2009-01-25 22:58:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_74c.dat
    + 2009-01-25 22:58:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7d8.dat
    + 2006-06-05 13:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
    + 2006-06-05 13:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
    + 2006-06-05 13:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
    + 2006-06-05 14:47:40 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80.dll
    + 2006-06-05 14:47:48 1,080,320 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfc80u.dll
    + 2006-06-05 14:47:50 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80.dll
    + 2006-06-05 14:47:50 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\mfcm80u.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
    "bekezojaru"="c:\windows\system32\regikiho.dll" [BU]
    "CPM5fd7c57e"="c:\windows\system32\rizizozu.dll" [BU]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bekezojaru]
    c:\windows\system32\regikiho.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fd7c57e]
    c:\windows\system32\rizizozu.dll [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
    R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
    R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
    R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
    S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
    S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-25 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-26 00:01:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
    6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
    aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
    1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
    b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
    43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
    f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
    a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
    15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
    67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
    04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
    ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
    fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(992)
    c:\windows\DPPWDFLT.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ZoneLabs\vsmon.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DigitalPersona\Bin\DpHost.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\snmp.exe
    c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-26 0:05:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-25 23:05:29
    ComboFix2.txt 2009-01-22 16:34:03

    Pre-Run: 1 227 235 328 octets libres
    Post-Run: 1,234,153,472 octets libres

    Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
    393 --- E O F --- 2009-01-06 09:20:44
    a b 8 Sécurité
    26 Janvier 2009 19:40:15

    Reposte un rapport Hijackthis.
    26 Janvier 2009 21:28:08

    Voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:27:01, on 26/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7772 bytes
    a b 8 Sécurité
    27 Janvier 2009 13:13:18

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "bekezojaru"=-
    "CPM5fd7c57e"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bekezojaru]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM5fd7c57e]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    27 Janvier 2009 13:52:37

    Voilà :

    ComboFix 09-01-21.04 - Voodoobear 2009-01-27 13:34:17.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.261 [GMT 1:00]
    Running from: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
    Command switches used :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Firewall *enabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
    .

    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
    2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
    2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
    2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
    2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
    2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
    2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
    2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
    2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
    2009-01-17 21:37 . 2009-01-17 21:47 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-17 21:37 . 2009-01-22 00:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
    2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
    2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
    2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
    2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
    2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
    2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
    2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
    2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
    2009-01-06 10:12 . 2009-01-26 20:13 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
    2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
    2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
    2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
    2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
    2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
    2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
    2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
    2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
    2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
    2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
    2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
    2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
    2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
    2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
    2009-01-05 10:11 . 2009-01-27 13:42 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
    2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
    2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
    2009-01-04 21:21 . 2009-01-26 23:52 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
    2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-01-04 21:20 . 2009-01-26 21:46 <REP> d-------- c:\program files\Vuze
    2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
    2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-04 19:30 . 2009-01-27 13:44 12,650,528 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-01-04 19:30 . 2009-01-27 13:39 152,384 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
    2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
    2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
    2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
    2009-01-04 19:21 . 2009-01-27 13:40 358,382 --a------ c:\windows\system32\vsconfig.xml
    2009-01-04 19:20 . 2009-01-27 13:17 <REP> d-------- c:\windows\Internet Logs
    2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
    2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
    2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
    2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
    2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
    2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
    2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
    2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
    2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
    2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
    2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
    2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
    2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
    2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
    2009-01-02 21:49 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-01-02 21:49 . 2006-11-01 14:52 765,952 --a------ c:\windows\system32\xvidcore.dll
    2009-01-02 21:49 . 2008-10-28 23:35 684,032 --a------ c:\windows\system32\divx.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
    2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
    2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-26_ 0.04.07.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-27 12:40:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_264.dat
    + 2009-01-27 12:40:19 16,384 ----atw c:\windows\temp\Perflib_Perfdata_d8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
    R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
    R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
    R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
    S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
    S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PCANDIS5
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-27 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-27 13:44:15
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
    6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
    aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
    1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
    b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
    43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
    f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
    a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
    15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
    67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
    04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
    ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
    fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(988)
    c:\windows\DPPWDFLT.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DigitalPersona\Bin\DpHost.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\snmp.exe
    c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-27 13:47:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-27 12:47:40
    ComboFix2.txt 2009-01-25 23:05:42
    ComboFix3.txt 2009-01-22 16:34:03

    Pre-Run: 1 719 074 816 octets libres
    Post-Run: 1,726,328,832 octets libres

    Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4
    350 --- E O F --- 2009-01-06 09:20:44


    Par prévention, je reposte après ce scan un raport Hijackthis =) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:52:24, on 27/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7317 bytes
    a b 8 Sécurité
    27 Janvier 2009 14:00:17

    Tu as les mêmes problèmes ?
    27 Janvier 2009 15:52:49

    Je n'ai plus aucun problèmes, il me suffit de redémarrer pour voir si j'ai toujours des messages d'avertissement pour le démarrage des deux DLL qui me saoulaient! =)

    Je réédite pour dire tout ça quand j'aurais redémarré et si tout est okay, je met le topic en résolu =).

    En attendant, mes soucis Firefox sont Okay...
    a b 8 Sécurité
    27 Janvier 2009 18:03:55

    Bonne continuation ;) 
    28 Janvier 2009 11:23:27

    Alors, après redémarrage du PC, il me remet les erreures DLL pour :
    regikiho.dll",s
    et rizizozu.dll",a qu'il n'arrive bien évidement pas à trouver étant donné que je les ai renomés et que j'ai changé leur type de fichier (de DLL en TXT) par précaution...
    Y'a t'il quelque chose pour virer ça?
    Voici mon raport Hijackthis après redémarrage... :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:19:55, on 28/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [bekezojaru] Rundll32.exe "C:\WINDOWS\system32\regikiho.dll",s
    O4 - HKLM\..\Run: [CPM5fd7c57e] Rundll32.exe "c:\windows\system32\rizizozu.dll",a
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7635 bytes
    a b 8 Sécurité
    28 Janvier 2009 14:53:47

    Désactive le TeaTimer de Spybot qui nous empêche de désinfecter.
    29 Janvier 2009 13:36:35

    J'ai désinstallé spybot et vérifier avant le scan qu'il était bien désactivé dans les processus (que je réinstallerais après ou y'a plus pratique pour prtéger mon pC?)

    Voici le raport combofix :

    ComboFix 09-01-21.04 - Voodoobear 2009-01-29 13:14:32.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.510.172 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Voodoobear\Bureau\ComboFix.exe.exe
    Commutateurs utilisés :: c:\documents and settings\Voodoobear\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
    FW: ZoneAlarm Firewall *disabled*
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-28 00:14 . 2009-01-28 00:22 720,896 --a------ c:\windows\iun6002ev.exe
    2009-01-28 00:02 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
    2009-01-27 23:59 . 2009-01-27 23:59 34 --------- c:\windows\system32\oeminfo.ini
    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\program files\Avira
    2009-01-23 20:19 . 2009-01-23 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
    2009-01-23 17:17 . 2009-01-23 17:17 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
    2009-01-23 16:01 . 2009-01-23 16:18 <REP> d-------- c:\program files\Google
    2009-01-23 13:56 . 2009-01-23 13:56 <REP> d-------- c:\program files\Bonjour
    2009-01-23 13:42 . 2009-01-23 13:42 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
    2009-01-21 23:58 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
    2009-01-21 21:50 . 2009-01-23 20:27 <REP> d-------- C:\Bibitte
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- c:\program files\Smallvideosoft
    2009-01-21 13:58 . 2009-01-21 13:58 <REP> d-------- C:\Mp3 Output
    2009-01-21 13:58 . 2007-03-01 04:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
    2009-01-21 13:58 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
    2009-01-20 00:35 . 2009-01-20 00:35 61,440 --a------ c:\windows\system32\drivers\sjsnq.sys
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-19 23:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-19 23:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-19 23:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-19 08:19 . 2009-01-19 08:19 <REP> d-------- c:\program files\AC3Filter
    2009-01-19 08:19 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
    2009-01-18 16:27 . 2009-01-18 16:27 <REP> d-------- C:\VundoFix Backups
    2009-01-18 01:27 . 2009-01-18 16:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-01-17 23:07 . 2009-01-18 00:20 264 --a------ c:\windows\wininit.ini
    2009-01-17 21:37 . 2009-01-29 12:58 <REP> d-------- c:\program files\Spybot - Search & Destroy
    2009-01-17 21:37 . 2009-01-29 12:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-14 14:29 . 2009-01-25 23:50 <REP> d-------- C:\Recreg
    2009-01-14 13:38 . 2009-01-14 13:38 <REP> d-------- c:\program files\CCleaner
    2009-01-13 16:03 . 2009-01-17 10:44 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-11 20:02 . 2009-01-11 20:11 <REP> d-------- c:\program files\Random Software
    2009-01-11 11:04 . 2009-01-11 11:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
    2009-01-11 11:03 . 2009-01-11 11:03 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-01-09 10:29 . 2009-01-09 10:29 172 ---h----- c:\windows\formacd.id
    2009-01-09 09:02 . 2009-01-09 09:02 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\DigitalPersona
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\program files\Webteh
    2009-01-08 18:25 . 2009-01-08 18:25 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\BSplayer Pro
    2009-01-08 15:55 . 2009-01-08 16:02 <REP> d-------- C:\xampp
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\windows\DPDrv
    2009-01-08 10:00 . 2009-01-08 10:00 <REP> d-------- c:\program files\DigitalPersona
    2009-01-07 18:19 . 2009-01-07 18:19 <REP> d-------- c:\program files\Guitar Pro 5
    2009-01-06 12:33 . 2009-01-06 12:33 <REP> d-------- c:\windows\Sun
    2009-01-06 10:15 . 2009-01-06 10:15 <REP> d-------- c:\documents and settings\Voodoobear\Incomplete
    2009-01-06 10:12 . 2009-01-26 20:13 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\LimeWire
    2009-01-06 09:54 . 2009-01-13 11:49 <REP> d-------- c:\program files\LimeWire
    2009-01-06 09:37 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliPoint
    2009-01-06 09:36 . 2009-01-16 16:00 <REP> d-------- c:\program files\Microsoft IntelliType Pro
    2009-01-05 22:00 . 2009-01-05 22:01 <REP> d-------- c:\program files\Fichiers communs\Merge Modules
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\program files\Microsoft SQL Server
    2009-01-05 19:46 . 2009-01-07 19:19 <REP> d-------- c:\documents and settings\Voodoobear\dwhelper
    2009-01-05 19:40 . 2009-01-05 19:40 <REP> d-------- c:\program files\Microsoft.NET
    2009-01-05 19:38 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2009-01-05 19:37 . 2009-01-05 19:38 <REP> d-------- c:\program files\Microsoft Web Designer Tools
    2009-01-05 19:37 . 2009-01-06 10:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> dr-h----- C:\MSOCache
    2009-01-05 19:33 . 2009-01-05 19:33 <REP> d-------- c:\program files\Microsoft SDKs
    2009-01-05 19:18 . 2009-01-05 19:26 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-05 19:17 . 2009-01-05 19:17 <REP> d-------- c:\program files\MSBuild
    2009-01-05 19:16 . 2009-01-05 19:16 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-05 19:14 . 2009-01-05 19:14 212 --a------ c:\windows\system32\spupdsvc.inf
    2009-01-05 19:06 . 2009-01-06 09:06 <REP> d-------- c:\windows\SxsCaPendDel
    2009-01-05 15:18 . 2009-01-05 15:18 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\AdobeUM
    2009-01-05 10:44 . 2009-01-05 10:48 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Dev-Cpp
    2009-01-05 10:31 . 2009-01-05 10:31 <REP> d-------- c:\program files\Microsoft
    2009-01-05 10:11 . 2009-01-29 13:22 <REP> d-------- c:\documents and settings\Voodoobear\Tracing
    2009-01-05 10:05 . 2009-01-05 10:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-01-05 09:39 . 2009-01-05 10:47 <REP> d-------- C:\Dev-Cpp
    2009-01-04 21:40 . 2009-01-22 17:00 2,331,008 --a------ c:\windows\system32\TUKernel.exe
    2009-01-04 21:21 . 2009-01-28 23:42 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Azureus
    2009-01-04 21:21 . 2009-01-04 21:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-01-04 21:20 . 2009-01-26 21:46 <REP> d-------- c:\program files\Vuze
    2009-01-04 21:12 . 2009-01-04 21:12 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\InstallShield
    2009-01-04 20:48 . 2009-01-22 16:33 <REP> d-------- c:\program files\TuneUp Utilities 2008
    2009-01-04 20:48 . 2009-01-04 20:48 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-01-04 19:30 . 2009-01-29 13:23 13,090,848 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2009-01-04 19:30 . 2009-01-29 13:18 157,544 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2009-01-04 19:23 . 2009-01-04 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
    2009-01-04 19:23 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll
    2009-01-04 19:23 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll
    2009-01-04 19:23 . 2009-01-04 19:26 4,212 ---h----- c:\windows\system32\zllictbl.dat
    2009-01-04 19:22 . 2009-01-04 19:22 <REP> d-------- c:\program files\Zone Labs
    2009-01-04 19:21 . 2009-01-29 13:19 358,382 --a------ c:\windows\system32\vsconfig.xml
    2009-01-04 19:20 . 2009-01-29 13:19 <REP> d-------- c:\windows\Internet Logs
    2009-01-04 19:11 . 2009-01-04 19:11 <REP> d-------- c:\documents and settings\Voodoobear\Contacts
    2009-01-04 19:10 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
    2009-01-04 19:09 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2009-01-04 19:08 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-01-04 19:08 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-01-04 19:07 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2009-01-04 19:07 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2009-01-04 19:06 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2009-01-04 19:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-01-04 19:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-01-04 18:24 . 2009-01-04 18:24 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-01-03 21:24 . 2009-01-03 21:24 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Media Player Classic
    2009-01-03 20:20 . 2009-01-03 20:20 <REP> d-------- c:\program files\SAGEM Wi-Fi USB 802.11g
    2009-01-03 20:20 . 2005-06-17 10:27 16,292 --a------ c:\windows\system32\PCANDIS5.SYS
    2009-01-03 20:19 . 2009-01-03 20:19 <REP> d-------- c:\program files\SAGEM
    2009-01-03 20:19 . 2005-06-17 10:27 379,456 --a------ c:\windows\system32\drivers\WlanUIG.sys
    2009-01-03 20:19 . 2005-07-04 16:25 163,840 --a------ c:\windows\UninstWiFi.exe
    2009-01-03 20:19 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll
    2009-01-03 20:19 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a------ c:\windows\system32\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:34 153,088 --a--c--- c:\windows\system32\dllcache\irftp.exe
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a------ c:\windows\system32\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 29,184 --a--c--- c:\windows\system32\dllcache\irmon.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a------ c:\windows\system32\wshirda.dll
    2009-01-03 12:25 . 2008-04-14 04:33 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
    2009-01-03 11:57 . 2009-01-03 11:57 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\TuneUp Software
    2009-01-03 11:41 . 2009-01-17 23:07 <REP> d-------- c:\program files\Sleepy
    2009-01-02 21:51 . 2009-01-02 21:50 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-02 21:51 . 2009-01-02 21:50 73,728 --a------ c:\windows\system32\javacpl.cpl
    2009-01-02 21:50 . 2009-01-02 21:50 <REP> d-------- c:\program files\Java
    2009-01-02 21:50 . 2009-01-02 21:52 <REP> d-------- c:\program files\EasyPHP 2.0b1
    2009-01-02 21:50 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\wxGlade
    2009-01-02 21:49 . 2009-01-05 18:16 <REP> d-------- c:\program files\Unlocker
    2009-01-02 21:49 . 2009-01-02 21:49 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-01-02 21:49 . 2009-01-20 00:34 <REP> d-------- c:\documents and settings\Voodoobear\Application Data\Desktopicon
    2009-01-02 21:49 . 2008-09-19 22:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-23 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-11 13:19 --------- d-----w c:\program files\Messenger Plus! Live
    2009-01-05 09:09 --------- d-----w c:\program files\Windows Live
    2009-01-05 08:20 --------- d-----w c:\program files\Microsoft Silverlight
    2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-03 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-04-14 02:34 28,858,803 --sh--r c:\windows\system32\windir.exe
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-26_ 0.04.07.46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-29 12:19:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_10c.dat
    + 2009-01-29 12:19:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7fc.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-27 335872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 913408]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\SOUNDMAN.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\Voodoobear\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2009-01-03 741376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WPN111 Smart Wizard.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WPN111 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --a------ 2007-06-28 23:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2008-05-02 05:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2001-12-26 13:12 472576 c:\windows\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    R3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\drivers\dpK0Bx01.sys [2004-08-04 32640]
    R3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\drivers\UsbdpFP.sys [2004-08-04 34560]
    R3 WB528MS;Winbond PCI Memory Stick PRO Storage (MSPRO) Device Driver;c:\windows\system32\drivers\wb528ms.sys [2008-09-27 38400]
    R3 WB528SD;Winbond PCI Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\WB528SD.sys [2008-09-27 35712]
    R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-01-03 379456]
    S3 AMDMSRIO;AMDMSRIO;\??\f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys --> f:\driver\CAD2000\PowerNow Patch\WIN2000_ver.1.1.0.0\AMDMSRIO.sys [?]
    S3 ATICDSDr;ATICDSDr;\??\f:\install\bin\atiicdxx.sys --> f:\install\bin\atiicdxx.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-10-06 17149]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-29 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Voodoobear\Application Data\Mozilla\Firefox\Profiles\41a3xjcs.default\

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-29 13:23:35
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b5,f7,05,cc,5f,
    6d,d6,ab,e2,63,26,f1,3f,c8,ff,68,8b,93,e2,ad,93,45,f4,42,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,6e,ea,72,50,
    aa,d8,7f,6a,9c,d6,61,af,45,84,18,3a,1e,55,dc,e6,ab,49,aa,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e5,ee,d5,bf,55,
    1f,67,7e,ff,7c,85,e0,43,d4,0e,fe,ab,c0,1f,5d,c7,0c,c0,92,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,97,60,b8,42,70,
    b3,ec,e7,86,8c,21,01,be,91,eb,e7,d8,b5,b1,5a,b0,a6,68,0a,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,3f,50,4e,29,f9,
    43,bb,a5,f5,1d,4d,73,a8,13,5c,05,e7,3c,4e,76,c2,9c,dc,3f,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,12,4c,2f,13,60,
    f9,07,86,df,20,58,62,78,6b,cf,c8,6f,1d,fa,bc,93,70,79,0f,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,03,39,1d,67,7b,
    a7,17,8f,fb,a7,78,e6,12,2f,9a,ea,c7,68,08,ed,fe,98,57,93,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,95,89,c5,64,99,
    15,87,53,01,3a,48,fc,e8,04,4a,f1,57,0e,a8,22,14,d2,ab,ba,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,3e,30,6a,ed,
    67,5b,15,f6,0f,4e,58,98,5b,89,c9,26,29,d7,23,55,3a,82,85,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e2,76,af,80,6d,
    04,86,21,3d,ce,ea,26,2d,45,aa,78,d1,49,cc,16,28,09,89,83,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,ad,ef,fc,f2,39,
    ec,bb,26,2a,b7,cc,b5,b9,7f,41,e7,cd,f0,dc,9f,bb,ce,c6,8b,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2d,44,33,fa,03,
    fd,4d,c5,6c,43,2d,1e,aa,22,2f,9c,ad,35,bd,da,ac,c9,57,4c,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="789DC0252CE3703BA7588FC03F90689669B341F395E5ED51BFC8A86DB31B7A901450CA8DA0B5B7B04079D710D9A39E756ED8624C9774D856C35EF587E21604D2DCE3744C78ABACD89B464960FE6C31BA420D673E851AE736E02A9B2564FE148C91BF2BB6D405B12583FD4628EA530CC9DA8A477FDB072A65DBFD45DD106E80E1E26D706587E1808CB783C52290A26B8826AB118AC7CE015A6DCEB68F7162EF7CF69ADB361C4BA4076A5D554B150BE26203EFE1A1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFE6508E9C5C6F450DF8C6C7711B1769110C769D568FB8E869254E7D2BEC97EDEFA8B17C48287BEF6E78080B605D53C173F37F1B92002EEC3C862B9B43A90329A0FB8A74F88DC7A3F96D66FE236B8585EDFB0C407C8B440B5BD996124E05E34BAFACBC01BC4A2AD414894C37DBE3462BD8B06114F48875115E9B2526405DDA8F8B286B93E945EED559028DB8DA84285519169592CF40D035E774BD43EECDAC3D1DE10BE534B35661AB45E691D74038478747374B81F80CAD0C66485FE5248D2875D72D1F5B073D6F2AB6CF03C96BA33D56AA10C9307BCB1706B645378623DB11EBD1CC6C9FE06130526E8CCFBF6D2F7D0DDD321605FC35407AB93027D41F153DFC45F46F36582813A044EACF3F05450146ECD044854BA669E04212A6783C5BE59E973CE9D871E1E415BFD103F5571CC8F6D395D7680692A88A41C369333B88D5B5C712F737B34778CF5BA4C7B687C907561A1269A77BD7AD9EFFA6661CEF26EFB79D70D29CCC3B1D0CF2B8DCBE06FD5BD84F7AFE6BB48C3697D18CE3548BB2213D78AE173F9ED04099B5B4FD66C64E62447101A95C73E88D31AAE5779050480BE3F4F790C777DB8F4BF3AE547A91C25264AA2DDDF87F75DF7C3E23C1ADFDBF3DF2CCEF4B02BD92F14549C74CB2D790508E54C45065DF26BFBAE388B86A679F91CCE1AC7227013DBAE28B775177F848E50A28D6FCD1D50EF47C2972A351BB6A55C8C22BCA796DBC5CDBBA7B75E1B6ADDCA40C9CE7B91533D051B50509D72911CCC7EBDEF8A5F8B873F446CDB5E727A2206304AA95DF4E5B7278613093DD8AB19606F26D117829DCF16ABE9D9D567A9A1D51ABB9B417A1658608974B494EA4B694AE0FA289F2C2F642890E57885538D3351582D13FCC7132CA95BEE06A7BB5AEF05073F89F979041A8F430E57B501E244D27815D2E5F2B1D5BEE7DE077E4F67A24D4BD7E401FE84DCAA49EEE6AF310AD479BE4972D88BEC0AA0CE8690A722A20D244811FA1043B9AC1BDC7EEEC39887F7AAA009DA3592601212E10C54B22062CBCE50965E0B41521BC76A1307C35E81D60A48F24D5FFACB4A9BAB76D5B4"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(988)
    c:\windows\DPPWDFLT.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DigitalPersona\Bin\DpHost.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\snmp.exe
    c:\program files\DigitalPersona\Bin\DPFUSMgr.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-29 13:27:26 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-29 12:27:22
    ComboFix2.txt 2009-01-27 12:47:49
    ComboFix3.txt 2009-01-25 23:05:42
    ComboFix4.txt 2009-01-22 16:34:03

    Avant-CF: 3 921 137 664 octets libres
    Après-CF: 3,952,582,656 octets libres

    349 --- E O F --- 2009-01-06 09:20:44


    Voici le raport hijackthis sans redémarrage :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:36:18, on 29/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7036 bytes

    Et voici le raport après redémarrage au cas ou :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:42:43, on 29/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Voodoobear\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

    --
    End of file - 7295 bytes
    a b 8 Sécurité
    29 Janvier 2009 14:41:45

    Spybot est très useless pour la protection. Tu as encore des soucis ?
    29 Janvier 2009 18:56:28

    Merci, apparemment, non, aucun soucis!

    Je revériffirais après redémmarage mais pour le moment, Impec ;) .

    Merci BEAUCOUP de l'aide et du temps consacré pour résoudre mon (mes) soucis!!!
    Je clique de ce pas sur "prévention et protection" ;) .
    a b 8 Sécurité
    30 Janvier 2009 18:24:43

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS