Rootik-gen[Rtk] détecté par Avast

Bonjour,

Voici le rapport RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-02-01 21:22:02
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 77 GB (66%) free of 117 GB
Total RAM: 511 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:16, on 01/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

Bonjour Lyonnais92,

Je ne connais pas MAILHELPMEDIAPHONE.
Sinon, tout a l'air de ne pas trop mal fonctionner... Si ce n'est que mon PC met un temps fou à démarrer : Il reste 1mn10 sur l'écran WindowsXP avec le curseur qui défile au démarrage, ensuite l'écran se met en veille pendant 3 ou 4 secondes puis se rallume et apparait normalement le bureau et les programmes de démarrage s'arment les uns après les autres.

Merci.

Bonjour Lyonnais 92,

J'ai exécuté Avenger comme tu l'as décrit dans ton post et suite au redémarrage de windows, après l'écran WINDOWS XP avec le curseur bleu qui défile : Ecran bleu : "STOP: c000021a {Erreur système irrécupérable}
Le processus système windows Logon Process s'est terminé de façon inattendue avec l'état 0x00000402 (0x00000000 0x00000000).
Le système a été arrêté.

Sachant que je n'ai rien de très très important dans cet ordi, on va dire des choses que je suis prêt à perdre...
Que dois-je faire ?

Merci.

Re,

J'ai redémarrer l'ordi sans grande difficultés finalement... Un rapport avenger en bloc notes s'est affiché systématiquement sur le bureau suite au démarrage. Le voici :

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\afn6xg6t" not found!
Deletion of driver "afn6xg6t" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "afn6xg6t"
Disablement of driver "afn6xg6t" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\afn6xg6t.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\afn6xg6t.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\tmp.txt" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\MAILHELPMEDIAPHONE" deleted successfully.

Error: folder "IMPORTANT : Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur." not found!
Deletion of folder "IMPORTANT : Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "Si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système." not found!
Deletion of folder "Si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système." failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Re,

le voici :


Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-02-03 12:37:38
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 77 GB (66%) free of 117 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:59, on 03/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Re,

voici le rapport Combofix :

ComboFix 09-02-02.04 - G 2009-02-03 14:35:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.221 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-02-03 08:23 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:55 56 --sh--r c:\windows\system32\68BCA742D1.sys
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GAROCHE^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GAROCHE^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-11-30 13532]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 14:44:40
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-03 14:48:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-03 13:48:04

Avant-CF: 80 650 604 544 octets libres
Après-CF: 82,018,574,336 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

187 --- E O F --- 2009-01-14 21:47:08

Re,

Voici donc le rapport combofix suivi du rapport RSIT :


ComboFix 09-02-02.04 - G 2009-02-04 14:10:36.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.249 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.odt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\G\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 13:06 --------- d-----w c:\documents and settings\G\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:55 56 --sh--r c:\windows\system32\68BCA742D1.sys
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_14.46.32.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 11:38:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1a8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-11-30 13532]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SJYPKT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 14:13:20
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-04 14:15:55
ComboFix-quarantined-files.txt 2009-02-04 13:15:40
ComboFix2.txt 2009-02-03 13:48:16

Avant-CF: 82 034 974 720 octets libres
Après-CF: 82,020,700,160 octets libres

155 --- E O F --- 2009-01-14 21:47:08





Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-02-04 15:19:23
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 78 GB (67%) free of 117 GB
Total RAM: 511 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:27, on 04/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Bonjour,

Désolé pour la petite bourde...

Revoici donc le rapport combofix suivi d'un rapport RSIT :


ComboFix 09-02-02.04 - GAROCHE 2009-02-05 9:48:48.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.242 [GMT 1:00]
Lancé depuis: c:\documents and settings\G\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\G\Bureau\CFscript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\systeme32\68BCA742D1.sys
.
/wow section - STAGE 33
Le chemin d'accès spécifié est introuvable.
Le chemin d'accès spécifié est introuvable.
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 12:32 . 2009-02-03 12:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\program files\Avira
2009-01-30 09:45 . 2009-01-30 09:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-28 14:57 . 2009-01-28 16:56 <REP> d-------- C:\Lop SD
2009-01-27 12:37 . 2009-01-27 13:35 <REP> d-------- c:\windows\BDOSCAN8
2009-01-26 17:09 . 2009-01-26 17:09 <REP> d-------- c:\program files\CCleaner
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\GAROCHE\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-26 16:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 16:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-26 16:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 12:38 . 2009-01-26 12:47 <REP> d-------- C:\ToolBar SD
2009-01-26 12:03 . 2009-01-26 12:04 <REP> d-------- C:\rsit
2009-01-26 12:03 . 2009-01-26 13:02 <REP> d-------- c:\program files\trend micro
2009-01-22 16:06 . 2009-01-22 16:22 <REP> d-------- c:\program files\Ballance
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\GAROCHE\Application Data\DAEMON Tools Pro
2009-01-22 15:53 . 2009-01-22 15:53 <REP> d-------- c:\documents and settings\GAROCHE\Application Data\DAEMON Tools
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-01-22 15:52 . 2009-01-22 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-22 15:46 . 2009-01-22 15:46 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 15:45 . 2009-01-22 16:19 <REP> d-------- c:\documents and settings\G\Application Data\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 08:46 --------- d-----w c:\documents and settings\GAROCHE\Application Data\OpenOffice.org2
2009-02-03 11:31 --------- d-----w c:\program files\Java
2009-01-23 17:00 --------- d-----w c:\program files\eMule
2009-01-22 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-07 19:45 21,080 ----a-w c:\documents and settings\G\Application Data\GDIPFONTCACHEV1.DAT
2001-11-23 04:08 712,704 ----a-r c:\windows\inf\OTHER\AUDIO3D.DLL
2005-12-10 11:24 1,049,600 ----a-w c:\program files\mozilla firefox\plugins\CilDll.dll
2005-12-10 11:24 274,432 ----a-w c:\program files\mozilla firefox\plugins\ScriptObj.dll
2007-04-22 12:55 56 --sh--r c:\windows\system32\68BCA742D1.sys
2007-04-22 12:56 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_14.46.32.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-05 08:39:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-10 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2007-04-19 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-01 32768]
REALTEK RTL8185 Wireless LAN Utility.lnk - c:\program files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe [2007-09-04 675840]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-07-28 565248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\REALTEK RTL8185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GAROCHE^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^G^Menu Démarrer^Programmes^Démarrage^Registration Brothers In Arms.LNK]
path=c:\documents and settings\G\Menu Démarrer\Programmes\Démarrage\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PathOOOvirg]
--a------ 2004-10-28 00:10 94208 c:\program files\OpenOffice.org1.1.4\program\OOoVirgTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20737:TCP"= 20737:TCP:BitComet 20737 TCP
"20737:UDP"= 20737:UDP:BitComet 20737 UDP

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-04-19 14336]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-11-30 13532]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-11-30 20608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {205B0A0A-6C9F-48B0-8B33-60555AF41911} = 212.27.40.241,212.27.40.240
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\G\Application Data\Mozilla\Firefox\Profiles\xcri6z3d.Utilisateur par défaut\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 09:51:43
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-602162358-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-05 9:54:20
ComboFix-quarantined-files.txt 2009-02-05 08:54:06
ComboFix2.txt 2009-02-04 13:15:58
ComboFix3.txt 2009-02-03 13:48:16

Avant-CF: 82 038 067 200 octets libres
Après-CF: 82,023,874,560 octets libres

160 --- E O F --- 2009-01-14 21:47:08





Logfile of random's system information tool 1.05 (written by random/random)
Run by G at 2009-02-05 09:59:54
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 78 GB (67%) free of 117 GB
Total RAM: 511 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:00, on 05/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWlan.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\G\Bureau\RSIT.exe
C:\Documents and Settings\G\Bureau\GAROCHE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205B0A0A-6C9F-48B0-8B33-60555AF41911}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Re,

Voici le rapport MBAM :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1695
Windows 5.1.2600 Service Pack 2

05/02/2009 16:54:28
mbam-log-2009-02-05 (16-54-27).txt

Type de recherche: Examen rapide
Eléments examinés: 47200
Temps écoulé: 7 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci