Virus bagle

voila le rapport de hitjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:20, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Client\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1228330080562
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection_3_0_4_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

ALLO??????? esque le rapport de hitjackthis et positif et que doije faire pour l etape suivante stp merci

jai trouver un lien pour telecharger combofix spybot na trouver aucun element nuisible

jai trouver le probleme fallait que je desactive kapersky 2009 donc je reboot mon pc jme met en mode sans echec puis je lance combofix et je le laisse guider ses sa

voila mon rapport avec combofix peut tu me dire qs que mon rapport dit infecter ou pas ? MERCI
ComboFix 09-01-21.04 - Client 2009-01-25 16:50:50.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2046.1775 [GMT 1:00]
Lancé depuis: c:\documents and settings\Client\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 ))))))))))))))))))))))))))))))))))))
.

2009-01-25 16:13 . 2009-01-25 16:13 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-25 13:58 . 2009-01-25 13:58 <REP> d-------- c:\documents and settings\Client\DoctorWeb
2009-01-24 20:18 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2009-01-24 19:19 . 2009-01-24 23:13 <REP> d-------- C:\ToolBar SD
2009-01-24 18:12 . 2009-01-24 18:53 77,824 --a------ c:\windows\system32\drivers\esentutl.exe
2009-01-24 15:49 . 2009-01-24 15:49 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-24 15:49 . 2009-01-24 15:49 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-24 15:48 . 2009-01-24 15:48 <REP> d-------- c:\program files\Kaspersky Lab
2009-01-24 15:48 . 2009-01-25 16:48 2,526,752 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-24 15:48 . 2009-01-25 16:54 507,936 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-24 15:48 . 2009-01-25 16:48 21,868 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-24 15:48 . 2009-01-25 16:54 3,864 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-24 15:23 . 2009-01-24 15:23 121 --a------ c:\windows\bdagent.INI
2009-01-24 15:02 . 2009-01-24 15:23 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-23 22:16 . 2009-01-24 23:32 <REP> d-------- c:\program files\Trend Micro
2009-01-23 16:39 . 2009-01-23 16:39 4,767 --a------ c:\windows\Irremote.ini
2009-01-23 16:37 . 2009-01-23 22:49 <REP> d-------- c:\program files\Windows Sidebar
2009-01-23 13:46 . 2009-01-23 13:46 <REP> d-------- c:\documents and settings\All Users\Application Data\SlySoft
2009-01-23 13:45 . 2009-01-23 13:45 <REP> d-------- c:\program files\Windows Desktop Search
2009-01-22 21:27 . 2009-01-23 13:43 <REP> d-------- c:\windows\system32\Activator
2009-01-22 11:51 . 2009-01-22 13:03 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-22 11:42 . 2009-01-22 11:42 <REP> d-------- c:\program files\EA Games
2009-01-21 03:47 . 2009-01-21 03:47 268 --ah----- C:\sqmdata09.sqm
2009-01-21 03:47 . 2009-01-21 03:47 244 --ah----- C:\sqmnoopt09.sqm
2009-01-20 21:00 . 2008-01-20 23:51 106 --a------ c:\windows\system32\jpg.dat
2009-01-20 17:23 . 2009-01-23 18:31 <REP> d-------- c:\program files\SlySoft
2009-01-19 10:40 . 2009-01-19 10:40 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-19 10:39 . 2009-01-24 13:30 <REP> d-------- c:\windows\ERUNT
2009-01-18 19:15 . 2009-01-24 13:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 19:15 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 19:15 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-18 18:49 . 2008-12-19 10:28 59,904 --a------ c:\windows\system32\akl_svc.exe
2009-01-18 12:09 . 2009-01-18 12:14 <REP> d-------- c:\program files\Windows Live Safety Center
2009-01-16 20:40 . 2009-01-16 20:43 <REP> d-------- c:\documents and settings\Client\Application Data\iolo
2009-01-16 20:40 . 2009-01-16 20:40 <REP> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-01-16 20:31 . 2009-01-16 20:31 <REP> d-------- c:\program files\Belarc
2009-01-16 20:20 . 2009-01-16 20:20 <REP> d-------- c:\program files\Yamicsoft
2009-01-16 18:53 . 2009-01-16 18:53 23 --a------ c:\windows\system32\cbeeebdf_z.ocx
2009-01-16 18:22 . 2009-01-16 18:22 <REP> d-------- c:\documents and settings\Client\Application Data\Auslogics
2009-01-16 17:12 . 2009-01-16 17:12 <REP> d-------- c:\documents and settings\Client\Application DataRetinax
2009-01-16 17:10 . 2008-05-07 17:12 1,010,720 --a------ c:\windows\system32\MSCHRT20.OCX
2009-01-16 17:10 . 2008-05-07 17:12 951,104 --a------ c:\windows\system32\tssOfficeMenu1d.ocx
2009-01-16 17:10 . 2008-05-07 17:12 865,088 --a------ c:\windows\system32\ExplorerBarXP2_vba.ocx
2009-01-16 17:10 . 2008-05-07 17:12 865,080 --a------ c:\windows\system32\ExplorerBarXP2.ocx
2009-01-16 17:10 . 2008-05-07 17:12 851,968 --a------ c:\windows\system32\ExplorerBarXP2Demo.ocx
2009-01-16 17:10 . 2008-05-07 17:12 515,584 --a------ c:\windows\system32\RetinaTSpinEditXControl1.ocx
2009-01-16 17:10 . 2008-05-07 17:12 491,520 --a------ c:\windows\system32\vbalSGrid6.ocx
2009-01-16 17:10 . 2008-05-07 17:12 312,128 --a------ c:\windows\system32\tssPopupNotify.ocx
2009-01-16 17:10 . 2008-05-07 17:12 260,880 --a------ c:\windows\system32\MSFLXGRD.OCX
2009-01-16 17:10 . 2008-05-07 17:12 167,683 --a------ c:\windows\system32\COMCT232.OCX
2009-01-16 17:10 . 2008-05-07 17:12 94,208 --a------ c:\windows\system32\vbalIml6.ocx
2009-01-16 17:10 . 2008-05-07 17:12 65,536 --a------ c:\windows\system32\MBSplit.ocx
2009-01-14 20:26 . 2009-01-14 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2009-01-14 20:10 . 2009-01-15 17:31 <REP> d-------- c:\windows\ie8updates
2009-01-14 19:36 . 2008-04-13 19:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2009-01-14 19:28 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-01-14 19:28 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2009-01-14 19:28 . 2009-01-14 19:28 3,120 --a------ c:\windows\system32\118290.54
2009-01-14 19:28 . 2009-01-14 19:28 3,120 --a------ c:\windows\118294.78
2009-01-14 19:28 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-01-14 18:45 . 2009-01-14 18:45 100 --a------ C:\index.ini
2009-01-14 13:46 . 2003-12-11 09:50 70,894 --a------ c:\windows\system32\drivers\LMouFlt2.Sys
2009-01-14 13:46 . 2003-12-11 09:50 51,582 --------- c:\windows\system32\drivers\L8042PR2.SYS
2009-01-14 13:46 . 2003-12-11 09:50 25,630 --a------ c:\windows\system32\drivers\LHidFlt2.Sys
2009-01-14 13:46 . 2003-12-11 09:50 23,372 --------- c:\windows\system32\LCOINST.DLL
2009-01-14 13:46 . 2003-12-11 09:50 20,992 --------- c:\windows\LOGI_MWX.EXE
2009-01-13 18:33 . 2009-01-13 18:33 <REP> d--h----- c:\windows\PIF
2009-01-13 18:15 . 2006-11-02 12:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll
2009-01-13 18:15 . 2008-04-12 18:13 1,029,126 --a------ c:\windows\system32\d3d10.dll
2009-01-13 18:15 . 2009-01-13 18:15 692,058 --a------ c:\windows\system32\unins000.exe
2009-01-13 18:15 . 2006-11-29 14:06 440,080 --a------ c:\windows\system32\d3dx10.dll
2009-01-13 18:15 . 2006-11-02 12:46 167,936 --a------ c:\windows\system32\dxgi.dll
2009-01-13 18:15 . 2006-11-02 12:46 39,936 --a------ c:\windows\system32\dwmapi.dll
2009-01-13 18:15 . 2009-01-13 18:15 1,989 --a------ c:\windows\system32\unins000.dat
2009-01-13 18:15 . 2008-03-09 07:25 236 --a------ c:\program files\Fichiers communs\dx.reg
2009-01-13 18:08 . 2009-01-13 18:08 <REP> d--hs---- c:\documents and settings\Client\PrivacIE
2009-01-13 18:04 . 2008-04-14 03:33 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-11 19:59 . 2009-01-11 19:59 <REP> d-------- c:\program files\Lavalys
2009-01-09 11:26 . 2009-01-09 11:26 <REP> d-------- c:\documents and settings\Client\Application Data\Disney Interactive Studios
2009-01-08 22:11 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-08 22:11 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-01-08 22:11 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-01-08 22:11 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-01-08 22:11 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-01-08 22:11 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-08 22:09 . 2009-01-09 11:24 1,013 --a------ c:\windows\disney.ini
2009-01-06 10:52 . 2009-01-15 20:10 <REP> d-------- c:\program files\Google
2009-01-04 17:19 . 2009-01-04 17:19 <REP> d-------- c:\program files\Alwil Software
2009-01-04 16:02 . 2009-01-04 16:02 <REP> d-------- C:\MFT 59073
2009-01-04 15:57 . 2009-01-04 15:57 <REP> d-------- C:\MFT 29552
2009-01-04 15:57 . 2009-01-04 16:00 <REP> d-------- C:\MFT 248
2009-01-04 15:53 . 2009-01-04 15:53 <REP> d-------- c:\documents and settings\Client\Application Data\BitDownload
2009-01-04 15:34 . 2006-11-10 09:25 319,456 --a------ c:\windows\system32\difxapi.dll
2009-01-04 15:33 . 2009-01-04 15:33 <REP> d-------- c:\documents and settings\Client\Application Data\InstallShield
2009-01-04 13:20 . 2009-01-24 15:47 <REP> d-------- c:\program files\Spyware Doctor
2009-01-04 10:56 . 2009-01-04 10:56 <REP> d-------- c:\program files\CCleaner
2009-01-04 02:34 . 2009-01-04 02:34 268 --ah----- C:\sqmdata08.sqm
2009-01-04 02:34 . 2009-01-04 02:34 244 --ah----- C:\sqmnoopt08.sqm
2009-01-03 19:23 . 2009-01-03 19:23 264 --a------ c:\windows\_delis32.ini
2009-01-02 21:11 . 2009-01-02 21:11 <REP> d-------- C:\MFT 2876
2009-01-01 19:29 . 2009-01-25 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-30 22:28 . 2008-12-30 22:54 <REP> d-------- c:\documents and settings\Client\Application Data\Lavasoft
2008-12-30 20:51 . 2008-12-30 20:51 <REP> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-30 18:14 . 2009-01-15 17:52 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-30 18:14 . 2009-01-04 12:30 603,904 --a------ c:\windows\system32\TUProgSt.exe
2008-12-30 18:14 . 2009-01-04 12:30 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-30 18:14 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2008-12-30 16:22 . 2009-01-11 19:35 <REP> d--h----- c:\windows\Icons
2008-12-30 15:18 . 2008-12-30 19:09 2,287,104 --a------ c:\windows\system32\TUKernel.exe
2008-12-30 10:04 . 2008-12-30 10:04 <REP> d-------- c:\documents and settings\Client\Application Data\Activision
2008-12-30 10:04 . 2008-12-30 10:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Activision
2008-12-29 18:16 . 2008-12-29 18:16 <REP> d-------- C:\MFT 13486
2008-12-29 17:07 . 2008-12-29 17:07 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2008-12-29 17:06 . 2008-12-29 17:06 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-29 16:42 . 2009-01-16 17:19 <REP> d-------- c:\documents and settings\Client\Application Data\GlarySoft
2008-12-27 22:54 . 2009-01-23 22:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-27 18:45 . 2009-01-24 15:47 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-24 20:39 --------- d-----w c:\documents and settings\Client\Application Data\uTorrent
2009-01-24 17:53 77,824 ----a-w c:\windows\esentutl.exe
2009-01-24 14:24 --------- d-----w c:\program files\Fichiers communs\BitDefender
2009-01-23 14:19 --------- d-----w c:\program files\AGEIA Technologies
2009-01-23 14:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 14:18 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-01-23 12:43 --------- d-----w c:\program files\Logitech
2009-01-22 16:09 --------- d-----w c:\program files\EPSON
2009-01-21 16:58 --------- d-----w c:\program files\ATI Technologies
2009-01-16 16:06 --------- d-----w c:\program files\ma-config.com
2009-01-16 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-13 17:35 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-13 14:35 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-04 15:26 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-04 14:38 --------- d-----w c:\program files\Intel
2009-01-03 18:23 --------- d-----w c:\program files\Fichiers communs\Labtec
2009-01-03 18:19 --------- d-----w c:\program files\ABBYY
2008-12-30 21:54 --------- d-----w c:\program files\Lavasoft
2008-12-30 09:00 --------- d-----w c:\program files\Activision
2008-12-28 19:07 --------- d-----w c:\program files\Smart Panel
2008-12-26 14:24 --------- d-----w c:\program files\Ahead
2008-12-21 22:04 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2008-12-18 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-12-17 16:10 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-12 10:44 22,328 ----a-w c:\documents and settings\Client\Application Data\PnkBstrK.sys
2008-12-11 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 17:34 --------- d-----w c:\documents and settings\Client\Application Data\FreshDiagnose
2008-12-09 00:34 --------- d-----w c:\program files\RegCleaner
2008-12-08 10:04 --------- d-----w c:\program files\Goto Software
2008-12-08 10:04 --------- d-----w c:\documents and settings\All Users\Application Data\VadeRetro
2008-12-08 10:00 --------- d-----w c:\documents and settings\Client\Application Data\VadeRetro
2008-12-03 19:10 --------- d-----w c:\documents and settings\Client\Application Data\TuneUp Software
2008-12-02 15:45 --------- d-----w c:\program files\MSBuild
2008-12-02 15:43 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-11-29 20:11 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-29 13:46 --------- d-----w c:\documents and settings\Client\Application Data\Windows Search
2008-11-28 21:11 --------- d-----w c:\documents and settings\Client\Application Data\Leadertech
2008-11-27 16:39 --------- d-----w c:\program files\ATI
2008-11-27 16:03 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-27 16:02 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-28 21:00 295,961 ----a-w c:\windows\Clean.exe
2008-10-27 11:06 52,736 ----a-w c:\windows\ipuninst.exe
2007-09-13 08:12 18,704 ----a-w c:\documents and settings\Client\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"=c:\program files\Unlocker\UnlockerAssistant.exe
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Logitech Utility"=Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\French\\setup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6667:UDP"= 6667:UDP:TOTOCAM UDP
"6666:TCP"= 6666:TCP:TOTOCAM TCP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-05-02 826752]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-12-21 1287296]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-23 14092]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-05-02 7040]
R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-10 14336]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-30 603904]
S0 wcpsi;wcpsi;c:\windows\system32\drivers\swjrdt.sys --> c:\windows\system32\drivers\swjrdt.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1111f499-934b-11db-8295-0016175c9a93}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contenu du dossier 'Tâches planifiées'

2009-01-25 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &Recherche AOL Toolbar
IE: &Windows Live Search
IE: Add to Windows &Live Favorites
IE: Ajouter à Kaspersky Anti-Bannière
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://config.zebulon.fr/plugins/hardwaredetection_3_0_4_0.cab
FF - ProfilePath - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\nyxmt79v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 16:54:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\Ahead\NeroVision\2.0\RecentFiles]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\Ahead\NeroVision\2.0\Settings]
@DACL=(02 0000)
@SACL=
"UIBase"=hex:78,9c,aa,9e,35,eb,33,23,03,0b,03,03,03,23,10,33,03,31,13,94,86,61,
16,28,0d,00,00,00,ff,ff

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\Cyberlink\PowerDVD\BuildInfo]
@DACL=(02 0000)
@SACL=
"SR_No"="DVD050311-08"
"Setup"="050315"
"RC"="050307"
"Help"="050308"
"Readme"="050304"
"Skin"="041220"
"OlReg"="041022"
"RegRC"="041223"
"Ver"="6.00.1417"
"Utility"="1102"
"UI"="1417b"
"UI98"="1417b"
"DShow"="1403d"
"AVSetting"="2513"
"CPXM"="2207"
"Other"="1215"
"CL264"="-"
"Pou"="1423"

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\Cyberlink\PowerDVD\UserReg]
@DACL=(02 0000)
@SACL=
"SR_No"="DVD050311-08"
"Prod_Name"="PowerDVD"
"Prod_Ver"="6.0"
"CustomerNO"="234"
"Hardware"="Desktop PC"
"Channel"="OEM"
"RegVType"="OEM 6CH"

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-2347583152-754950923-1846004742-1005\Software\SecuROM\License information*]
"datasecu"=hex:c7,5c,c9,41,31,d0,88,9e,f4,38,a4,e6,78,b0,4f,c6,3e,a8,65,49,42,
96,8d,c6,3f,8f,66,8f,a4,eb,37,b2,ec,36,d2,c6,6e,5e,9a,a8,86,de,64,b1,c6,66,\
"rkeysecu"=hex:f3,84,15,0b,db,41,ba,c0,11,e8,30,59,8b,e0,51,1e

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{292AE934-4F49-40bb-9E7E-6F6398ED9C31}]
@DACL=(02 0000)
@SACL=
"FriendlyName"="Plug-in Nero Fast CD-Burning"
"Description"="Graver votre CD"
"Capabilities"=dword:40000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]
@DACL=(02 0000)
@SACL=
"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-01-25 16:57:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-25 15:57:41

Avant-CF: 79 613 632 512 octets libres
Après-CF: 77,368,762,368 octets libres

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
393 --- E O F --- 2008-12-07 19:48:42

ALLO? peut tu me dire quel etape je doit poursuivre si infection sur le rapport combofix stp merci