jumpman : Profil et derniers messages sur le Forum Informatique

bonjour, comme le titre l indique j ai besoin d aide
voici le rapport combofix:

Code: Tout sélectionner: ComboFix 10-05-14.06 - mumu 15/05/2010 15:25:31.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.895.571 [GMT 2:00] Lancé depuis: c:\documents and settings\mumu\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\mumu\LOCALS~1\Temp\svchost.exe c:\windows\system32\VB40032.DLL . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-15 au 2010-05-15 )))))))))))))))))))))))))))))))))))) . 2010-05-15 13:08 . 2004-08-03 16:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-05-15 13:08 . 2004-08-03 16:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-15 13:07 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-05-15 13:07 . 2004-08-03 17:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-05-15 13:06 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-05-15 13:06 . 2004-08-03 17:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-05-15 13:03 . 2010-05-15 13:03 -------- d-----w- c:\windows\Sun 2010-05-13 13:16 . 2010-05-13 13:16 -------- d-sh--w- c:\documents and settings\mumu\IECompatCache 2010-05-13 13:16 . 2010-05-13 13:16 -------- d-sh--w- c:\documents and settings\mumu\PrivacIE 2010-05-13 13:15 . 2010-05-13 13:15 -------- d-sh--w- c:\documents and settings\mumu\IETldCache 2010-05-13 13:07 . 2010-05-13 13:09 -------- dc-h--w- c:\windows\ie8 2010-04-22 19:44 . 2010-04-22 19:44 17820 ---ha-w- c:\windows\system32\mlfcache.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 13:05 . 2010-05-15 13:04 16 ----a-w- c:\documents and settings\mumu\Application Data\qvjsge.dat 2010-05-14 14:04 . 2010-01-24 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-04-13 23:53 . 2001-08-24 13:00 80946 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-13 23:53 . 2001-08-24 13:00 501138 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-04 13:25 . 2010-02-14 14:53 -------- d-----w- c:\documents and settings\mumu\Application Data\dvdcss 2010-03-19 06:44 . 2010-02-06 22:10 -------- d-----w- c:\documents and settings\mumu\Application Data\Apple Computer 2010-02-24 12:31 . 2006-03-09 09:24 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:33 . 2006-03-09 09:25 2183424 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:33 . 2005-03-02 16:07 2060416 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-03-21 14:20 . 2004-08-19 16:09 162194 --sha-r- c:\windows\system32\zevbcztx.dll . ------- Sigcheck ------- [-] 2009-10-09 . 67D7DDB8E98D22886360D470DF66526D . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 344064] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\mumu\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] Outil de mise … jour Google.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2010-1-24 124400] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5113:TCP"= 5113:TCP:eyhus R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2010 04:47 108289] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 02:00 200576] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2010 12:59 691696] S2 acwyblwv;ulmwzrc;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 01:13 135664] S2 vuiibgt;Driver Time;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336] S2 yknae;Installer Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 18:10 14336] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [07/02/2010 00:08 17408] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - I2OMGMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs yknae acwyblwv vuiibgt . Contenu du dossier 'Tâches planifiées' 2010-05-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-24 02:54] 2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:13] 2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 23:13] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-15 15:34 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acwyblwv] "ServiceDll"="c:\windows\system32\zevbcztx.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vuiibgt] "ServiceDll"="c:\windows\system32\zevbcztx.dll" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yknae] "ServiceDll"="c:\windows\system32\zevbcztx.dll" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-05-15 15:35:35 ComboFix-quarantined-files.txt 2010-05-15 13:35 Avant-CF: 2 309 791 744 octets libres Après-CF: 3 067 715 584 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 140F1A8ADFCA19E083207D6464134387

EDIT Skynet : Balises [code] ajoutées.

Encore un tr/rootkit.gen trouvé par antivir

Bonsoir, je suis aussi victime de ce trojan détecter par antivir.
Peut on m aider svp car je ne sais pas quoi faire ensuite?
Voici le rapport combofix:

ComboFix 10-04-13.02 - stephane 13/04/2010 19:55:28.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1215 [GMT 2:00]
Lancé depuis: c:\documents and settings\stephane\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\stephane\LOCALS~1\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\docume~1\stephane\LOCALS~1\Temp\swtlib-32\swt-win32-3550.dll
c:\documents and settings\stephane\Application Data\Desktopicon
c:\documents and settings\stephane\Application Data\Desktopicon\eBay.ico
c:\documents and settings\stephane\Application Data\Desktopicon\uninst.exe
c:\documents and settings\stephane\Local Settings\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\documents and settings\stephane\Local Settings\Temp\swtlib-32\swt-win32-3550.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-13 au 2010-04-13 ))))))))))))))))))))))))))))))))))))
.

2010-04-13 16:53 . 2004-08-03 16:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-13 16:53 . 2004-08-03 16:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-13 16:53 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-13 16:53 . 2004-08-03 17:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-13 16:52 . 2004-08-03 17:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-13 16:48 . 2010-04-13 16:48 -------- d-----w- c:\windows\Sun
2010-04-12 18:07 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-12 18:07 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-12 18:07 . 2010-04-12 18:07 -------- d-----w- c:\program files\Microsoft.NET
2010-04-12 18:06 . 2010-04-12 18:06 -------- d-----w- c:\windows\SHELLNEW
2010-04-03 20:50 . 2010-04-03 23:24 -------- d-----w- c:\documents and settings\stephane\Application Data\gtk-2.0
2010-04-03 18:19 . 2010-04-03 18:19 -------- d-----w- c:\documents and settings\stephane\.thumbnails
2010-04-03 18:14 . 2010-04-03 23:55 -------- d-----w- c:\documents and settings\stephane\.gimp-2.6
2010-04-03 18:13 . 2010-04-03 18:13 -------- d-----w- c:\program files\GIMP-2.0
2010-04-03 18:09 . 2010-04-03 18:09 -------- d-----w- c:\program files\WinSCP
2010-04-02 15:59 . 2010-04-02 15:59 -------- d-----w- c:\documents and settings\stephane\Application Data\Foxit
2010-04-02 15:59 . 2010-04-02 15:59 -------- d-----w- c:\program files\Foxit Software
2010-04-01 17:19 . 2010-04-01 17:53 -------- d-----w- c:\program files\PartyGaming
2010-03-31 21:05 . 2010-03-31 21:09 -------- d-----w- c:\documents and settings\stephane\Application Data\Apple Computer
2010-03-31 21:04 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-31 21:02 . 2010-03-31 21:06 -------- d-----w- c:\documents and settings\stephane\Local Settings\Application Data\Apple Computer
2010-03-31 17:51 . 2010-03-31 17:55 -------- d-----w- c:\program files\Microsoft Money 2005
2010-03-30 16:24 . 2010-03-30 20:13 -------- d-----w- c:\documents and settings\stephane\Application Data\ImgBurn
2010-03-29 16:52 . 2010-03-29 16:54 -------- d-----w- c:\program files\Unlocker
2010-03-28 14:15 . 2010-03-28 14:15 -------- d-----w- c:\program files\RealVNC
2010-03-28 13:54 . 2004-08-03 17:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 18:01 . 2010-03-27 23:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-13 17:59 . 2010-03-27 23:58 -------- d-----w- c:\documents and settings\stephane\Application Data\Azureus
2010-04-13 16:49 . 2010-04-13 16:49 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jdzarn.dat
2010-04-12 18:23 . 2010-03-27 23:58 18232 ----a-w- c:\documents and settings\stephane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 18:46 . 2010-03-27 23:38 -------- d-----w- c:\program files\JDownloader
2010-04-09 16:52 . 2010-03-27 22:15 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 21:05 . 2010-03-31 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-31 21:04 . 2010-03-31 21:04 -------- d-----w- c:\program files\iTunes
2010-03-31 21:04 . 2010-03-31 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-31 21:04 . 2010-03-31 21:04 -------- d-----w- c:\program files\iPod
2010-03-31 21:04 . 2010-03-31 21:03 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-31 21:04 . 2010-03-31 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-31 21:04 . 2010-03-31 21:04 -------- d-----w- c:\program files\Bonjour
2010-03-31 21:04 . 2010-03-31 21:03 -------- d-----w- c:\program files\QuickTime
2010-03-31 21:03 . 2010-03-31 21:03 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 17:41 . 2001-08-24 13:00 368076 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 17:41 . 2001-08-24 13:00 48856 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 17:32 . 2010-03-31 17:37 1911296 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-03-28 00:00 . 2010-03-27 22:16 -------- d-----w- c:\program files\Azureus
2010-03-27 23:58 . 2010-03-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-03-27 23:35 . 2010-03-27 23:35 2232 ----a-w- c:\windows\java\Packages\Data\OM31RVVL.DAT
2010-03-27 23:35 . 2010-03-27 23:35 155995 ----a-w- c:\windows\java\Packages\TVVH39VN.ZIP
2010-03-27 23:35 . 2010-03-27 23:35 2678 ----a-w- c:\windows\java\Packages\Data\1FTN7X3J.DAT
2010-03-27 23:35 . 2010-03-27 23:35 2678 ----a-w- c:\windows\java\Packages\Data\BDBNNX3X.DAT
2010-03-27 23:35 . 2010-03-27 23:35 2678 ----a-w- c:\windows\java\Packages\Data\SJTFFFVH.DAT
2010-03-27 23:35 . 2010-03-27 23:35 2678 ----a-w- c:\windows\java\Packages\Data\RLBR3Z3B.DAT
2010-03-27 23:35 . 2010-03-27 23:35 2678 ----a-w- c:\windows\java\Packages\Data\JDFLNTVN.DAT
2010-03-27 23:33 . 2010-03-27 23:33 -------- d-----w- c:\program files\Google
2010-03-27 23:27 . 2010-03-27 22:27 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2010-03-27 23:26 . 2010-03-27 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 23:20 . 2010-03-27 23:20 -------- d-----w- c:\documents and settings\stephane\Application Data\vlc
2010-03-27 23:01 . 2010-03-27 23:01 -------- d-----w- c:\program files\Zone Labs
2010-03-27 22:57 . 2010-03-27 22:57 -------- d-----w- c:\program files\Avira
2010-03-27 22:57 . 2010-03-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-27 22:51 . 2010-03-27 22:51 -------- d-----w- c:\documents and settings\stephane\Application Data\Logitech
2010-03-27 22:51 . 2010-03-27 22:51 10134 ----a-r- c:\documents and settings\stephane\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-03-27 22:51 . 2010-03-27 22:51 -------- d-----w- c:\program files\Fichiers communs\LogiShared
2010-03-27 22:51 . 2010-03-27 22:51 -------- d-----w- c:\documents and settings\stephane\Application Data\Leadertech
2010-03-27 22:50 . 2010-03-27 22:50 10134 ----a-r- c:\documents and settings\stephane\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2010-03-27 22:50 . 2010-03-27 22:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-03-27 22:50 . 2010-03-27 22:50 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Fichiers communs\Logitech
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\program files\Logitech
2010-03-27 22:49 . 2010-03-27 22:49 10134 ----a-r- c:\documents and settings\stephane\Application Data\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\documents and settings\stephane\Application Data\InstallShield
2010-03-27 22:49 . 2010-03-27 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-03-27 22:45 . 2010-03-27 22:45 -------- d-----w- c:\program files\SEC
2010-03-27 22:42 . 2010-03-27 22:42 79488 ----a-w- c:\documents and settings\stephane\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-27 22:41 . 2010-03-27 22:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 22:41 . 2010-03-27 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-27 22:18 . 2010-03-27 22:18 -------- d-----w- c:\program files\microsoft frontpage
2010-03-27 22:18 . 2010-03-27 22:18 -------- d-----w- c:\program files\VideoLAN
2010-03-27 22:18 . 2010-03-27 22:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-03-27 22:18 . 2010-03-27 22:18 -------- d-----w- c:\program files\Java
2010-03-27 22:16 . 2010-03-27 22:16 -------- d-----w- c:\program files\ImgBurn
2010-03-27 22:16 . 2010-03-27 22:16 -------- d-----w- c:\program files\eMule
2010-03-27 22:16 . 2010-03-27 22:16 -------- d-----w- c:\program files\CCleaner
2010-03-27 22:16 . 2010-03-27 22:16 -------- d-----w- c:\program files\Alwil Software
2010-03-27 22:14 . 2010-03-27 22:14 -------- d-----w- c:\program files\Services en ligne
2010-03-27 22:12 . 2010-03-27 22:12 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2006-02-14 . 667192A11DB19F36624119C0DD4DE4F2 . 359808 . . [5.1.2600.2827] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-03-09 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll

[-] 2006-03-09 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll

[-] 2006-03-09 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

[-] 2006-03-09 09:24 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll

[-] 2006-03-09 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll

[-] 2006-03-09 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe

[-] 2006-03-09 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

[-] 2006-03-09 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\system32\user32.dll

[-] 2009-10-09 . 67D7DDB8E98D22886360D470DF66526D . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2005-05-27 20:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys

[-] 2006-05-09 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-27 148888]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-08-25 208896]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-18 981384]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-28 692224]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2010-3-28 49220]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [28/03/2010 00:57 108289]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2010 01:33 135664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - I2OMGMT
.
Contenu du dossier 'Tâches planifiées'

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 23:33]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-27 23:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {259746CA-FD3D-4D17-8E5F-4631DC1F6925} = 80.10.246.2,80.10.246.129
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-eBay Icon - c:\documents and settings\stephane\Application Data\Desktopicon\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 20:01
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(624)
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-04-13 20:02:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-13 18:02

Avant-CF: 4 455 186 432 octets libres
Après-CF: 4 617 682 944 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - BAD867D0D2A9A9D4F65571AF2DC48CE4

jumpman

Contacter jumpman

Statistiques de l’utilisateur

Les derniers messages de jumpman