Grosse lenteur sous xp au bout de 5 mn, help

Fermé
frip22 Messages postés 1 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 5 novembre 2009 - 5 nov. 2009 à 17:18
Bonjour,

Je suis très embêté car je n'ai jamais fait appel à quelqu'un pour des problemes informatiques.
MAis cette fois ci , je ne sais pas quoi faire.

Cela a commencé d'abord par l'ordi qui a installé une mise à jour windows cette semaine.
Ensuite j'ai eu un trojan detecté par antivir que j'ai demandé de supprimer:TR/Rootkit.gen, qui était dans le fichier C:/windows/temp/50.tmp
5 minutes après, j'ai un message de windows plateform qui s'affiche, et qui me plante le systeme.
JE décide supprimer messenger et de reinstaller. Dés que messenger se lancait , il y avait message windows plateform et plantage quelques minutes après.
Au final, cela me fait planter que planter windows (ralentissement jusqu'à figage de l'ecran, la sourtis ne bouge plus), tout ca en 5 mn.
Il n'y a quand mode sans echec ou j'ai pu faire un scan antivirus, antimalwayre(malwarebytes) mais rien.

J'ai fait un scan avec combo fix que voici en premier et j'ai fait un scan aussi avec Hijackthis (2eme partie)
Merci d'avance de votre aide.

ComboFix 09-11-04.05 - Administrateur 05/11/2009 11:57.1.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1776 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\fredocaromaellys\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-05 au 2009-11-05 ))))))))))))))))))))))))))))))))))))
.

2009-11-05 07:34 . 2009-11-05 07:34 86576 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-11-05 07:34 . 2009-11-05 07:34 392728 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-11-05 07:34 . 2009-11-05 07:34 135680 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-11-05 07:34 . 2009-11-05 07:34 132672 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-11-05 07:18 . 2009-11-05 08:47 -------- d-----w- c:\program files\Windows Live
2009-11-04 22:36 . 2009-11-04 22:36 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-11-04 22:19 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 22:19 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 22:19 . 2009-11-04 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 21:58 . 2009-11-04 21:58 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-11-04 21:43 . 2009-11-04 21:43 -------- d-----w- c:\documents and settings\HelpAssistant\dwhelper
2009-11-04 21:43 . 2009-11-04 21:43 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2009-10-30 07:37 . 2009-10-30 07:37 152576 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-27 16:10 . 2009-10-27 16:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-20 19:47 . 2009-10-19 12:30 872960 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Mozilla\Firefox\Profiles\5stpmtno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-10-20 19:47 . 2009-10-19 12:30 43008 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Mozilla\Firefox\Profiles\5stpmtno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-10-20 19:47 . 2009-10-19 12:30 340480 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Mozilla\Firefox\Profiles\5stpmtno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-10-20 19:47 . 2009-10-19 12:30 346624 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Mozilla\Firefox\Profiles\5stpmtno.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-10-20 16:02 . 2009-10-20 16:02 -------- d-----w- c:\program files\Microsoft
2009-10-17 11:50 . 2009-10-17 11:50 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-10-16 22:01 . 2009-10-16 22:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-16 21:57 . 2009-10-16 21:57 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-10-16 07:33 . 2009-10-16 07:33 -------- d-----r- c:\documents and settings\LocalService\Favoris
2009-10-16 06:32 . 2009-07-17 16:16 1440768 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-16 06:32 . 2009-09-04 21:04 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-15 15:22 . 2009-10-15 15:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-15 13:22 . 2009-10-15 13:22 -------- d-sh--w- c:\documents and settings\fredocaromaellys\IETldCache
2009-10-15 13:20 . 2009-10-15 13:20 -------- d-sh--w- c:\documents and settings\freenet\IETldCache
2009-10-15 10:30 . 2009-08-29 07:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-15 10:30 . 2009-08-29 07:56 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-15 10:30 . 2009-10-15 10:30 -------- d-----w- c:\windows\ie8updates
2009-10-15 10:30 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-15 10:27 . 2009-10-15 10:29 -------- dc-h--w- c:\windows\ie8
2009-10-12 19:29 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-12 19:29 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-12 19:29 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-12 19:29 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 10:46 . 2009-05-26 08:44 -------- d-----w- c:\program files\Freenet
2009-11-05 07:22 . 2009-05-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 07:16 . 2008-07-05 22:18 -------- d-----w- c:\program files\BitComet
2009-11-04 21:54 . 2009-09-14 20:57 -------- d-----w- c:\program files\Panda Security
2009-11-03 20:00 . 2008-06-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-02 09:35 . 2008-12-30 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-30 07:38 . 2008-06-23 21:40 -------- d-----w- c:\program files\Java
2009-10-30 07:34 . 2009-09-28 19:55 177024 ----a-w- c:\documents and settings\fredocaromaellys\Application Data\Mozilla\Firefox\Profiles\5stpmtno.default\FlashGot.exe
2009-10-27 19:52 . 2008-12-30 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2009-10-26 12:33 . 2002-08-30 12:00 81386 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-26 12:33 . 2002-08-30 12:00 503238 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-25 09:43 . 2009-06-13 08:41 -------- d-----w- c:\documents and settings\fredocaromaellys\Application Data\uTorrent
2009-10-24 07:14 . 2008-06-17 16:03 85576 ----a-w- c:\documents and settings\fredocaromaellys\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 10:18 . 2008-06-17 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-21 10:17 . 2008-06-17 20:39 -------- d-----w- c:\program files\Microsoft Works
2009-10-17 11:50 . 2008-06-17 13:33 -------- d-----w- c:\program files\Fichiers communs\Real
2009-10-17 11:49 . 2004-07-12 04:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-17 11:49 . 2004-07-12 04:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-20 19:31 . 2009-11-04 21:37 186830 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat
2009-09-20 12:15 . 2008-12-29 16:32 -------- d-----w- c:\documents and settings\fredocaromaellys\Application Data\GARMIN
2009-09-20 11:47 . 2009-02-15 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-19 20:10 . 2008-06-17 22:11 -------- d-----w- c:\documents and settings\fredocaromaellys\Application Data\Ahead
2009-09-19 07:17 . 2009-09-19 07:17 -------- d-----w- c:\program files\StealthNet
2009-09-15 07:03 . 2008-09-04 15:08 -------- d-----w- c:\program files\FusionSoft DVD Player XP
2009-09-11 14:18 . 2004-08-19 14:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:03 . 2009-03-30 15:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:04 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 12:23 . 2009-07-21 06:47 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-29 07:56 . 2007-10-14 22:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2007-10-14 22:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2006-09-24 16:11 . 2009-02-01 21:10 389120 ----a-w- c:\program files\lameACM.acm
2006-04-29 18:46 . 2009-02-01 21:10 179 ----a-w- c:\program files\Free-Codecs.txt
2002-04-07 10:17 . 2009-02-01 21:10 414 ----a-w- c:\program files\lame_acm.xml
2002-01-23 19:39 . 2009-02-01 21:10 3133 ----a-w- c:\program files\LameACM.inf
2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2005-08-04 3627008]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\hdashcut.exe [2007-10-14 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\PacSteamT\\SteamApps\\fripouillefm\\team fortress 2\\hl2.exe"=
"c:\\PacSteamT\\SteamApps\\frip21\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\left 4 dead\\LEFT 4 DEAD.[FRENCH].[PCDVD].(2008)-{AkT-Grp}\\LEFT 4 DEAD.[FRENCH].[PCDVD].(2008).by AkTivisT\\left4dead.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\fredocaromaellys\\Bureau\\NRPG_RatioMaster4.exe"=
"c:\\Program Files\\StealthNet\\stealthnet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18124:TCP"= 18124:TCP:BitComet 18124 TCP
"18124:UDP"= 18124:UDP:BitComet 18124 UDP
"20209:TCP"= 20209:TCP:BitComet 20209 TCP
"20209:UDP"= 20209:UDP:BitComet 20209 UDP
"7268:TCP"= 7268:TCP:BitComet 7268 TCP
"7268:UDP"= 7268:UDP:BitComet 7268 UDP
"12053:TCP"= 12053:TCP:BitComet 12053 TCP
"12053:UDP"= 12053:UDP:BitComet 12053 UDP
"23391:TCP"= 23391:TCP:bitcomet 23391
"23391:UDP"= 23391:UDP:bitcomet 23391
"1723:TCP"= 1723:TCP:ipodah
"1701:UDP"= 1701:UDP:ipodah 1701
"11793:UDP"= 11793:UDP:freenet 11793
"52085:UDP"= 52085:UDP:freenet 52085
"11793:TCP"= 11793:TCP:BitComet 11793 TCP
"3389:TCP"= 3389:TCP:Remote Desktop

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [25/08/2008 11:41 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [25/08/2008 11:41 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [25/08/2008 11:41 431236]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 FNETDEVI;FNETDEVI;c:\windows\system32\drivers\FNETDEVI.SYS [10/12/2008 18:16 19572]
S2 ABBYY.Licensing.FineReader.Corporate.9.0;ABBYY FineReader 9.0 CE Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe [27/10/2008 17:03 759072]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [21/07/2009 07:47 108289]
S2 freenet-darknet-8888;Freenet 0.7 darknet-8888;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [26/05/2009 09:44 204800]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [17/06/2008 22:00 1287296]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [15/09/2008 12:38 13352]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [17/06/2008 22:06 91830]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2009-11-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-17 09:28]

2009-11-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-10-08 07:42]
.
.
------- Examen supplémentaire -------
.
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-HijackThis - c:\documents and settings\fredocaromaellys\Mes documents\HijackThis.exe
AddRemove-WinLiveSuite_Wave3 - c:\program files\Windows Live\Installer\wlarp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 12:05
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys spyl.sys hal.dll >>UNKNOWN [0x8A640938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x03A384C41
malicious code @ sector 0x03A384C44 !
PE file found in sector at 0x03A384C5A !
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="C64859792D7456A64CF4D3FB85312A03C87105F5F1CB5D6323AC475A1CD3B61F5A8EA4D7019D3824BA7547164953F57ECBD530FEEA92BCE29DD9C8970F9A81D9E11CBBEDDE092A6ECF6CA5100B2C1D6CE5A50E9931602D3BE517B24B0D7CC73BB778FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79335D575E7D6A3B9808559461AB02506F466AE35A4CB54B33E1C0C56762C77945EC10F72E5EBFCC387840694A21D4F4F26D3FDCFB732543840A1389257EB69E52DE4DDB9F5CCC8488EEC4BED8360D9AEACD25764775F3D4675DC308247A1A258290D7B801F5C6BA8BBF6C15A83F55DCA894B00BCC446A45B1FC1896078BF6994F3041FBAB3F90E5FE4CB391674D0E3851F270192F1685BA8B87482D88270AEC89720D378D90C16077F70E00D53D4D90DC1FDF45A7647740F4277E66F288BFF2D18FB61E2605A6665D2DE0CD4C295AAA9852F45500EEA646BD04DC83A7B03BE4A041280A0CFC3E98EA56070B347432B2A5CA943496B52B208DCEF5689ADFD25EBFC745F7691DBB7EB2E54EEF0C4385B677499BF160815404DCB8D21CD3A092DFCEE76188F8CD0700955077D5667E38275794D6BFE3DAA10EF978EE4B6F3AB6CE40E845818EBABB6A4C0D3AB968D3635DE2758BF4BB0F49BD06CA3A459FBF3372D995AFCA8E5429EF631A3FBE4DB453128AB9EF8C99B135F6F6EA98FD2681AEF6B73E50F071CD52263AF726AA645508E313342E27BD190300979D638D5C97036EC7364DA645A0708504AAFEE58C30B75514B86684815E8385052AE430AE5DBE4BCDD5BDBE2B096DEBC83AD17FBF01C84C7C22AB8E4FE0BC16315ADEC51CF1A5E7DFF83034D885E91B64B517A807C9D9140B4D834D274168A4E17C03513B38ACFE687D25A297DA37B8872B3D397FCFB95AD41DEA729AE6F20AAF627B7BB2D77E31A749924A4392E04C3531A6A8DC9B6D33447650CFD3FA00800AE464113F3BFA04AEC160124F779EC445DDA917E4F92E12154295DB0B6CE228B1DD4B7F311233DEE4D46B01BE1AE1F362D10FC3F17E6753576E13B091EDA6033DAAB65DECCEED8E04EF0645ACCE4D0E8D2A969772FA3AB5F0ED930FC9F308F995309EE0E92A26C39D88742FC42DB8AD1B8C709A670BFBD91AB55659AA3A7958F9D2ECE5B51E8A1212946F334A12B04EB122C3F9E80A3448DFBE8D1641BD9F4EF9FE836DEFE9FCF11A91A36B901E73D3CD182A89201B1F6AA2876070AAC1D36CFCA1B59A4C9095C03DFEB39302B374813E9D32BE4CA12E8D1811E9B79B4BA3ACBC2F4CB513591DBE5DDEB30D9B7C5B82A7E85EB2BE4785E5C761B95D5AA5D1E8451E82AAA250120FACBAAC5CEE6305E28131A224DDF97D898F03D279C35D5262"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-11-05 12:07
ComboFix-quarantined-files.txt 2009-11-05 11:07

Avant-CF: 4 192 919 552 octets libres
Après-CF: 4 270 182 400 octets libres

je vous envoie le rapport hijackthis aussi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:20, on 05/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\fredocaromaellys\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [comsmartsrv] C:\WINDOWS\system32\wbulolqb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-1454471165-484061587-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'freenet')
O4 - HKUS\S-1-5-21-1454471165-484061587-725345543-1004\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'freenet')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\fredocaromaellys\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: ABBYY FineReader 9.0 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.9.0) - ABBYY (BIT Software) - C:\Program Files\Fichiers communs\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe