Mon ordi est lent depuis hier

voici mon scan de malware encore ce soir... étrange encore trouvé Vundo et aussi Rootkit.Agent ...

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 3

19:11:28 2008-09-02
mbam-log-09-02-2008 (19-11-28).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 145729
Temps écoulé: 40 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\hijack\backups\backup-20080612-153700-549.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\hijack\backups\backup-20080612-153701-910.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{08C99507-F658-4C4D-8877-80BFEF004424}\RP88\A0016037.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

Voici le rapport de combofix:

ComboFix 08-09-01.03 - Chantal et Francis 2008-09-02 20:59:22.2 - NTFSx86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.256 [GMT -4:00]
Endroit: C:\Documents and Settings\Chantal et Francis\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\#SharedObjects\AWYM8B7S\bin.clearspring.com
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\#SharedObjects\AWYM8B7S\bin.clearspring.com\clearspri­ng.sol
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\#SharedObjects\AWYM8B7S\interclick.com
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\#SharedObjects\AWYM8B7S\interclick.com\ud.sol
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspri­ng.com
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspri­ng.com\settings.sol
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.co­m
C:\Documents and Settings\Chantal et Francis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.co­m\settings.sol
C:\Temp\vtmp2
C:\WINDOWS\system32\gfhgljid.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ulqlbkxl.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.

2008-09-02 19:13 . 2008-09-02 19:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-02 18:49 . 2008-09-02 18:49 <REP> d-------- C:\Documents and Settings\Chantal et Francis\Application Data\Grisoft
2008-09-02 18:49 . 2008-09-02 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 18:49 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-01 21:51 . 2008-09-01 22:12 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts
2008-09-01 21:32 . 2008-09-01 21:58 <REP> d-------- C:\VundoFix Backups
2008-09-01 21:12 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 21:06 . 2008-09-01 21:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-01 18:28 . 2008-09-01 18:28 <REP> d-------- C:\Program Files\ESET
2008-09-01 18:28 . 2008-09-01 18:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-01 18:25 . 2008-09-01 20:50 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-01 18:25 . 2008-09-01 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 18:22 . 2008-09-01 18:22 <REP> d-------- C:\Program Files\CCleaner
2008-08-27 22:30 . 2008-08-27 22:30 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-27 22:30 . 2008-08-27 22:30 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-27 22:30 . 2008-08-27 22:30 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 22:24 . 2008-08-27 22:31 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 18:43 . 2008-08-27 18:45 <REP> d-------- C:\Program Files\Dofus
2008-08-27 06:39 . 2008-04-13 22:33 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-27 06:38 . 2008-04-13 22:33 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-20 06:25 . 2008-08-20 06:25 <REP> d-------- C:\Program Files\Raxco
2008-08-18 20:35 . 2008-08-18 20:35 <REP> d-------- C:\Documents and Settings\Chantal et Francis\Application Data\LANCITE
2008-08-17 20:13 . 2008-08-17 20:13 <REP> d-------- C:\Program Files\GoldWave
2008-08-17 19:43 . 2008-08-17 19:43 <REP> d-------- C:\Program Files\MIDI
2008-08-17 19:40 . 2008-08-17 19:40 <REP> d-------- C:\Program Files\LAME
2008-08-17 19:40 . 2008-08-17 20:21 <REP> d-------- C:\Program Files\GH3PCeditor
2008-08-14 13:43 . 2008-08-14 13:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-14 13:43 . 2008-08-14 13:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-13 07:14 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 00:52 --------- d-----w C:\Program Files\Steam
2008-09-03 00:48 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-03 00:34 --------- d-sh--w C:\Documents and Settings\All Users\Application Data\MPK
2008-09-02 01:12 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-02 00:09 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\OpenOffice.org2
2008-08-24 01:19 --------- d-----w C:\Program Files\FrostWire
2008-08-20 10:24 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-08-17 19:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 20:02 --------- d-----w C:\Program Files\QuickTime
2008-08-01 22:32 --------- d-----w C:\Program Files\Picasa2
2008-07-31 21:15 --------- d-----w C:\Program Files\Copain TÉLÉTOON 2
2008-07-31 19:46 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\Canon
2008-07-31 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-31 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-31 19:35 --------- d-----w C:\Program Files\ScanSoft
2008-07-31 19:35 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2008-07-31 19:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-31 19:35 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\ScanSoft
2008-07-31 19:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 19:32 --------- d-----w C:\Program Files\ArcSoft
2008-07-31 19:31 --------- d-----w C:\Program Files\Canon
2008-07-31 19:29 --------- d--h--w C:\Program Files\CanonBJ
2008-07-31 19:29 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-07-29 02:12 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\gtk-2.0
2008-07-29 01:44 --------- d-----w C:\Program Files\GIMP-2.0
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-17 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch
2008-07-17 00:42 106 ----a-w C:\delete.bat
2008-07-09 00:21 --------- d-----w C:\Program Files\PhotoFiltre Studio
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 18:19 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\Vidéotron
2008-07-06 18:16 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-07-06 18:03 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-07-06 18:02 --------- d-----w C:\Program Files\Vidéotron
2008-07-06 18:02 --------- d-----w C:\Program Files\CA
2008-07-06 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-06 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vidéotron
2008-07-06 18:00 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\InstallShield
2008-07-04 22:41 --------- d-----w C:\Documents and Settings\Chantal et Francis\Application Data\Bell
2008-07-04 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bell
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-10 03:01 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-05 1271032]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [2007-06-13 61432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-04-16 249856]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-06-13 2061816]
"Services de sécurité Vidéotron"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe" [2007-06-13 311288]
"-FreedomNeedsReboot"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe" [2007-06-13 13816]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2007-05-24 10:13 24665 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\EA Sports\\NHL08\\nhl2008pal.exe"=
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2007-05-24 2234800]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2007-05-24 36368]
S2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2007-05-24 673456]
S3 Radialpoint Security Services;Services de sécurité Vidéotron;C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AnyDVD - C:\Program Files\Any-DVD\AnyDVD.exe
HKLM-Run-ROAD ITCH AMOK PING - C:\Documents and Settings\All Users\Application Data\Long slow road itch\book axis.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Chantal et Francis\Application Data\Mozilla\Firefox\Profiles\6dpg7v49.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 21:03:01
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-02 21:04:41
ComboFix-quarantined-files.txt 2008-09-03 01:04:35

Pre-Run: 204,308,914,176 octets libres
Post-Run: 204,292,968,448 octets libres

201 --- E O F --- 2008-08-29 06:01:49



Voici le dernier hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:37, on 2008-09-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hijack\marcus.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\pkR.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.download.com
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/35.06/uploader2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
End of file - 8599 bytes



*** Je ne sais pas si cela a rapport mais depuis hier aussi j'ai un icone dans le systray qui me dit que j'ai un nouveau matériel USB ...pourtant j'ai rien branché de nouveau... weird.

Merci ! :)

petite question avant de poursuivre... c ok si je fait tout cela en mode sans echec ?
car en mode normal mon ordi devient tres lent et fige...
merci encore je vais faire le virtumundobegone

Ok en effet... Authentium ca me dit rien du tout alors j'ai enlevé.

J'ai fait le scan de virtubegone et ca donne ceci ...


[09/02/2008, 21:40:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Chantal et Francis\Local Settings\Temporary Internet Files\Content.IE5\3AWCRNAE\VirtumundoBeGone[1].exe" )
[09/02/2008, 21:41:09] - User choose NOT to continue. Exiting...

[09/02/2008, 21:43:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Chantal et Francis\Mes documents\VirtumundoBeGone.exe" )
[09/02/2008, 21:43:39] - Detected System Information:
[09/02/2008, 21:43:39] - Windows Version: 5.1.2600, Service Pack 3
[09/02/2008, 21:43:39] - Current Username: Chantal et Francis (Admin)
[09/02/2008, 21:43:39] - Windows is in SAFE mode.
[09/02/2008, 21:43:39] - Searching for Browser Helper Objects:
[09/02/2008, 21:43:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[09/02/2008, 21:43:40] - BHO 2: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[09/02/2008, 21:43:40] - BHO 3: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[09/02/2008, 21:43:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/02/2008, 21:43:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/02/2008, 21:43:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/02/2008, 21:43:40] - No filename found. Continuing.
[09/02/2008, 21:43:40] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[09/02/2008, 21:43:40] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/02/2008, 21:43:40] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/02/2008, 21:43:40] - Finished Searching Browser Helper Objects
[09/02/2008, 21:43:40] - Finishing up...
[09/02/2008, 21:43:40] - Nothing found! Exiting...