Alerte virus WMA:Wimad [Drp]

salut , merci de prendre en compte mon probleme .
alors le fichier
################## log.txt :###################
Logfile of random's system information tool 1.06 (written by random/random)
Run by KAB at 2009-03-30 13:08:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 37 GB (53%) free of 70 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:16, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\KAB\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\KAB\Bureau\KAB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://lotus.cdg13.com/iNotes6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\davclnt32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 9c69f62f565 - C:\WINDOWS\System32\davclnt32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98d353e550674) (gupdate1c98d353e550674) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

malwarebyte me trouve bien les fichiers mais au redemarrage rien n'est supprime , toujours une alerte avast .
et la apres redemarrage suite a combofix, alerte sur 6.tmp ...


ComboFix 09-03-29.02 - KAB 2009-03-30 13:27:06.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1557 [GMT 2:00]
Lancé depuis: c:\documents and settings\KAB\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\KAB\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090329-0] *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\KAB\LOCALS~1\Temp\mc21.tmp
C:\RECYCLER
c:\windows\system32\NetworkService32\4.tmp
c:\windows\system32\NetworkService32\4.tmp\83.music.au
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\[u]0[/u]20000006bafc7d1565C.manifest
c:\documents and settings\Administrateur\Application Data\[u]0[/u]20000006bafc7d1565O.manifest
c:\documents and settings\Administrateur\Application Data\[u]0[/u]20000006bafc7d1565P.manifest
c:\documents and settings\Administrateur\Application Data\[u]0[/u]20000006bafc7d1565S.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565C.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565O.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565P.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565S.manifest
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\NetworkService32\4.tmp

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 13:34 . 374,272 c:\windows\system32\4.tmp
2009-03-30 13:08 . 2009-03-30 13:08 <REP> d-------- C:\rsit
2009-03-30 12:52 . 2009-03-30 13:35 <REP> d--hs---- c:\windows\system32\NetworkService32
2009-03-30 12:48 . 2009-03-30 12:48 <REP> d-------- c:\program files\CleanUp!
2009-03-30 12:37 . 2009-03-30 12:37 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-30 12:37 . 2009-03-30 12:37 <REP> d-------- c:\documents and settings\KAB\Application Data\SUPERAntiSpyware.com
2009-03-30 12:03 . 2009-03-30 12:03 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\documents and settings\KAB\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 11:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 13:54 . 2009-03-29 13:55 <REP> d-------- c:\program files\CyberLink
2009-03-29 13:26 . 2009-03-29 13:26 139,264 --a------ c:\windows\system32\davclnt32.dll
2009-03-17 23:08 . 2009-03-17 23:08 <REP> d-------- c:\program files\Notepad++
2009-03-17 23:08 . 2009-03-17 23:42 <REP> d-------- c:\documents and settings\KAB\Application Data\Notepad++
2009-03-17 21:28 . 2009-03-17 21:28 <REP> d-------- C:\TYPO3_4.2.3
2009-02-22 20:02 . 2009-02-22 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 19:58 . 2009-02-03 22:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-02-22 19:58 . 2009-01-07 04:30 106,496 --a------ c:\windows\system32\atinppt2.ax
2009-02-22 19:41 . 2009-02-22 19:41 10 --a------ c:\windows\WININIT.INI
2009-02-18 22:33 . 2009-02-19 22:07 3,532 --a------ C:\drmHeader.bin
2009-02-18 21:30 . 2009-02-18 21:30 <REP> d-------- c:\program files\Runtime Software
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\QuickTime
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\iTunes
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\iPod
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\Bonjour
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\KAB\Application Data\Apple Computer
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 22:20 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-15 22:20 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-15 22:19 . 2009-02-15 22:20 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-02-15 22:19 . 2009-02-15 22:19 <REP> d-------- c:\program files\Apple Software Update
2009-02-15 22:19 . 2009-02-15 22:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-15 21:56 . 2008-11-19 22:50 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-15 21:56 . 2008-11-19 23:39 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-15 21:56 . 2009-03-29 13:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-15 21:56 . 2009-02-15 21:56 <REP> d-------- c:\documents and settings\Administrateur
2009-02-12 19:12 . 2009-02-16 22:09 <REP> d-------- c:\program files\Google
2009-02-12 19:12 . 2009-03-28 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 19:02 . 2009-02-08 19:02 <REP> d-------- c:\windows\Sun
2009-02-08 16:53 . 2009-02-08 16:53 <REP> d-------- c:\program files\VisiPics
2009-02-08 16:23 . 2009-03-29 20:40 <REP> d-------- c:\documents and settings\KAB\Application Data\FileZilla
2009-02-08 16:22 . 2009-03-16 22:54 <REP> d-------- c:\program files\FileZilla FTP Client
2009-02-06 18:43 . 2009-02-06 18:44 <REP> d-------- c:\program files\Winamp
2009-02-06 18:43 . 2009-02-06 20:55 <REP> d-------- c:\documents and settings\KAB\Application Data\Winamp
2009-02-06 18:43 . 2007-03-08 01:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-04 07:57 . 2009-02-04 07:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 07:03 . 2009-02-04 07:03 290,816 --a------ c:\windows\system32\atiok3x2.dll
2009-02-04 06:56 . 2009-02-04 06:56 442,368 --a------ c:\windows\system32\ATIDEMGX.dll
2009-02-04 06:44 . 2009-02-04 06:44 196,608 --a------ c:\windows\system32\atipdlxx.dll
2009-02-04 06:44 . 2009-02-04 06:44 155,648 --a------ c:\windows\system32\Oemdspif.dll
2009-02-04 06:43 . 2009-02-04 06:43 155,648 --a------ c:\windows\system32\ati2evxx.dll
2009-02-04 06:43 . 2009-02-04 06:43 43,520 --a------ c:\windows\system32\ati2edxx.dll
2009-02-04 06:43 . 2009-02-04 06:43 26,112 --a------ c:\windows\system32\Ati2mdxx.exe
2009-02-04 06:41 . 2009-02-04 06:41 602,112 --a------ c:\windows\system32\ati2evxx.exe
2009-02-04 06:40 . 2009-02-04 06:40 53,248 --a------ c:\windows\system32\ATIDDC.DLL
2009-02-04 06:13 . 2009-02-04 06:13 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2009-02-04 06:13 . 2009-02-04 06:13 887,724 --a------ c:\windows\system32\ativva6x.dat
2009-02-04 06:13 . 2009-02-04 06:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 05:58 . 2009-02-04 05:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 05:54 . 2009-02-04 05:54 471,040 --a------ c:\windows\system32\atikvmag.dll
2009-02-04 05:53 . 2009-02-04 05:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 05:52 . 2009-02-04 05:52 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2009-02-04 05:52 . 2009-02-04 05:52 17,408 --a------ c:\windows\system32\atitvo32.dll
2009-02-04 05:44 . 2009-02-04 05:44 307,200 --a------ c:\windows\system32\atiiiexx.dll
2009-02-04 04:43 . 2009-02-04 04:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 04:42 . 2009-02-04 04:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 04:40 . 2009-02-04 04:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 11:33 --------- d-----w c:\program files\SuperCopier2
2009-03-30 10:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-30 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-30 10:37 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-29 17:57 --------- d-----w c:\documents and settings\KAB\Application Data\GrabIt
2009-03-29 11:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:35 --------- d-----w c:\documents and settings\KAB\Application Data\uTorrent
2009-03-29 11:24 --------- d-----w c:\documents and settings\KAB\Application Data\LimeWire
2009-03-20 17:33 --------- d-----w c:\documents and settings\KAB\Application Data\Skype
2009-03-20 15:59 --------- d-----w c:\documents and settings\KAB\Application Data\skypePM
2009-03-06 20:22 --------- d-----w c:\program files\Steam
2009-03-01 15:42 --------- d-----w c:\program files\CCleaner
2009-02-22 17:59 --------- d-----w c:\program files\ATI Technologies
2009-02-20 07:29 --------- d-----w c:\documents and settings\KAB\Application Data\U3
2009-02-08 19:20 --------- d-----w c:\program files\EasyBox
2009-02-08 15:07 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-06 16:30 --------- d-----w c:\documents and settings\KAB\Application Data\DMCache
2009-02-05 21:35 --------- d-----w c:\documents and settings\KAB\Application Data\Spamihilator
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
.

------- Sigcheck -------

2008-04-13 20:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 20:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\9c69f62f565]
2009-03-29 13:26 139264 c:\windows\system32\davclnt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\davclnt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS\[u]0[/u]lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^KAB^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^KAB^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=c:\documents and settings\KAB\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 08:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 06:46 378224 c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:34 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-03-13 16:38 39264 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
--a------ 2008-12-23 11:28 1321984 c:\program files\Spamihilator\spamihilator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 18:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 c:\windows\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-21 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-11-21 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-21 20560]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2008-11-21 65576]
S2 gupdate1c98d353e550674;Google Update Service (gupdate1c98d353e550674);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1aa756-dbbd-11dd-9748-00148525bc4d}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1aa757-dbbd-11dd-9748-00148525bc4d}]
\Shell\AutoRun\command - m:\portableapps\PortableAppsMenu\PortableAppsMenu.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 17:35]

2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 20:51]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 19:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?hl=fr
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\KAB\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 13:34:55
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\GroupPolicy000.dat 1377 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\KAB\LOCALS~1\Temp\mc23.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):17,c2,c0,82,c7,5f,8a,e3,b0,a8,13,99,31,1a,6d,05,ff,75,b4,44,43,
a8,2b,b4,7b,bc,6c,61,e7,72,ea,21,cd,dc,79,05,fb,5f,48,95,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6b85ab8a-b847-46ae-b850-e04f85e0bf00}]
@Denied: (Full) (Everyone)
"Model"=dword:00000023
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="9C16A645EAD9778957C6851F2567F77FBFA543EBDD370C7DDDCA0F427166FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79338AB9CB246150E33F7BF857AF266D4D2CEF36D9C604654B453CB1E83A5A192D3026DE485C5618152B81A436A10FBA8BD54EE5C390361F21C677E3450256EA9FF21164C4B1205DCEED37B3131F4938C4686E6CDC3D7B6F4A8E1D96D975D2B24C32901486F46CBD5F3D945CEA4D82FE4FFD998BF868228B46BFE8B8F5C5DE647B3271A9758A298776251749E0E6AC5CE5879CFA15403BDCF74E1AAF8EB54C24589083D69E6E8C3F2C843F98B9BB7B4F26CBC9E6D00A1D00A605F153BA1EB2CEF3B99A4034AA0D9BF71291DBDF2B690D1363F6EC6C9AE2C7FE0238EEB7EBEDF244F08D000962E608B7D2951961AE32FD13B87EA0D1DE6AB98F36B643631E1DD09FCCB7A118CA9B242EA3594AF0CED73F708E3C0909D4D48DCA673C8442CA23E042B979277C2CEE44FD34EDDC6229A021597993A143910A330AB09CD97D98274D4E7437057865E76F32886634317113A760E069D7D2BA334A87FDACE05FC414F447115725F06653613877DCA57B6DFD0C7D0427112D8C3E2AE292C727591F996995F546E4EDB4C288E1AEEDFA0277F2BA08713AA16FD5DCDA9F83CDB2FD0C2AF185DD72131C6A0789E2ABB7F2AA7D4554418E15D7577A869AA3B91F7A06837D09475751764DB33CBCD6C3E2BE800211AB4915AD6FC7F175D9BD75A4EB4D130FDB6F46D8C776523CAA399E1584311BAF4B2811FB9D474526409A46C6E553599DCFF65F06B4301CA616ECB67C5E0D73C5EEC6E37F0802175C25CD92763C3B8B2C78B92F58DB3879E0F136DD485B0C49B60875C0B8CBC5181D18CF9425384FF08122F714D2566DE793633FB5AE7C476F2B3A65312E74868FB358FAD8C89479E7A9CA57407D29D5F8A94895B767387C4A12DDAD136988D9DAADDD10435E81C95EF2245EBB63531A51D32FA92FAF788D559B80C616F6FDFA685D5031876123F4DAF0967ADF15C588AA85DCD1BB479A81A03C6191BF683F4AB9570EE530D69253F3FBBB7CDB25E4105378C7C650F3F0804AAE754F67562B486879289A9BC45A5F55AC619733AC8A472BA79AA6367E42D88C6E65A73B56159D9E5D641E7BB67BB8C1638BE53BC68365285336F1093248FC30BD8EA23B89C3141C69BBA25439E9A48B446F6221921049D1FE2E8EB7E03083922200303D8E731C33C05DC181DF0D8B1CB577EC61336671C8F3494785DD9D2427E37F22690E53C7CC4E2AF5AF42C0F6EE63C3CB4FD2AE053B3E03C68C0425BF740F042F3CAF83CCE241361E617AD699943AA4A6921A06CB70AD8C9F362D51D493F7BB7286211E"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\davclnt32.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\ntshrui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\devldr32.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 13:40:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 11:40:07

Avant-CF: 38 911 832 064 octets libres
Après-CF: 38,894,768,128 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

306 --- E O F --- 2009-03-29 18:42:06

j'ai desinstalle avast et installe antivir .
alerte virus :TR/Spy.Gen - Trojan ( system32\davclnt32.dll)


le rapport OTMoveIt
========== FILES ==========
File/Folder c:\windows\system32\4.tmp not found.
c:\windows\system32\GroupPolicy000.dat moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv­\\ not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv­\\"ImagePath"|"\??\c:\docume~1\KAB\LOCALS~1\Temp\mc23.tmp" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KAB\LOCALS~1\Temp\etilqs_jb5dtpukyNj4Jm0mc5b9 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KAB\LOCALS~1\Temp\~DF166E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KAB\LOCALS~1\Temp\~DF9843.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_11c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03302009_135314

Files moved on Reboot...
File C:\DOCUME~1\KAB\LOCALS~1\Temp\etilqs_jb5dtpukyNj4Jm0mc5b9 not found!
C:\DOCUME~1\KAB\LOCALS~1\Temp\~DF166E.tmp moved successfully.
C:\DOCUME~1\KAB\LOCALS~1\Temp\~DF9843.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_11c.dat not found!
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\KAB\Local Settings\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\XUL.mfl moved successfully.

voila le rapport :



Avira AntiVir Personal
Report file date: lundi 30 mars 2009 15:15

Scanning for 1331737 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : KAB
Computer name : MASTER-5374FBB0

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 22/03/2009 12:26:31
ANTIVIR3.VDF : 7.1.2.233 294400 Bytes 30/03/2009 12:26:34
Engineversion : 8.2.0.129
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.70 369019 Bytes 30/03/2009 12:26:45
AESCN.DLL : 8.1.1.8 127346 Bytes 30/03/2009 12:26:44
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.11 397687 Bytes 30/03/2009 12:26:43
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.111 1679736 Bytes 30/03/2009 12:26:41
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.31 340341 Bytes 30/03/2009 12:26:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 12:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 30 mars 2009 15:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
C:\WINDOWS\system32\davclnt32.dll
[DETECTION] Is the TR/Spy.Gen Trojan

The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <SYSTEME>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090330-142938-80D77969\ARK47.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
C:\WINDOWS\system32\davclnt32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>

Beginning disinfection:
C:\WINDOWS\system32\davclnt32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4a46d455.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090330-142938-80D77969\ARK47.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4bb9c77f.qua'!
C:\WINDOWS\system32\davclnt32.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4a46d456.qua'!


End of the scan: lundi 30 mars 2009 16:15
Used time: 30:09 Minute(s)

The scan has been done completely.

14909 Scanned directories
421784 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
421779 Files not concerned
8744 Archives were scanned
3 Warnings
4 Notes

>>voila le rapport OT moveit :

LoadLibrary failed for c:\windows\System32\davclnt32.dll
c:\windows\System32\davclnt32.dll NOT unregistered.
c:\windows\System32\davclnt32.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\9c69f62f565\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03302009_163156


>>le log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by KAB at 2009-03-30 16:32:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 37 GB (53%) free of 70 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:48, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\KAB\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\KAB\Bureau\KAB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?hl=fr&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://lotus.cdg13.com/iNotes6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 9c69f62f565 - C:\WINDOWS\System32\davclnt32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98d353e550674) (gupdate1c98d353e550674) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

oui il est costaud ...

le rapport combofix :
ComboFix 09-03-29.02 - KAB 2009-03-30 16:54:33.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1361 [GMT 2:00]
Lancé depuis: c:\documents and settings\KAB\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\KAB\Bureau\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: Sunbelt Personal Firewall *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\KAB\LOCALS~1\Temp\mc22.tmp
C:\RECYCLER
c:\windows\system32\davclnt32.dll
c:\windows\system32\drivers\ak0h7bqp.sys
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565C.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565O.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565P.manifest
c:\documents and settings\KAB\Application Data\[u]0[/u]20000006bafc7d1565S.manifest
c:\windows\system32\davclnt32.dll
c:\windows\system32\GroupPolicy000.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 14:06 . 2009-03-30 14:06 <REP> d-------- c:\program files\Avira
2009-03-30 14:06 . 2009-03-30 14:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-30 14:06 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-03-30 13:53 . 2009-03-30 13:53 <REP> d-------- C:\_OTMoveIt
2009-03-30 13:08 . 2009-03-30 13:08 <REP> d-------- C:\rsit
2009-03-30 12:52 . 2009-03-30 15:13 <REP> d--hs---- c:\windows\system32\NetworkService32
2009-03-30 12:48 . 2009-03-30 12:48 <REP> d-------- c:\program files\CleanUp!
2009-03-30 12:37 . 2009-03-30 12:37 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-30 12:37 . 2009-03-30 12:37 <REP> d-------- c:\documents and settings\KAB\Application Data\SUPERAntiSpyware.com
2009-03-30 12:03 . 2009-03-30 12:03 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\documents and settings\KAB\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-30 11:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 11:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 11:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 13:54 . 2009-03-29 13:55 <REP> d-------- c:\program files\CyberLink
2009-03-17 23:08 . 2009-03-17 23:08 <REP> d-------- c:\program files\Notepad++
2009-03-17 23:08 . 2009-03-17 23:42 <REP> d-------- c:\documents and settings\KAB\Application Data\Notepad++
2009-03-17 21:28 . 2009-03-17 21:28 <REP> d-------- C:\TYPO3_4.2.3
2009-02-22 20:02 . 2009-02-22 20:02 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 19:58 . 2009-02-03 22:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-02-22 19:58 . 2009-01-07 04:30 106,496 --a------ c:\windows\system32\atinppt2.ax
2009-02-22 19:41 . 2009-02-22 19:41 10 --a------ c:\windows\WININIT.INI
2009-02-18 22:33 . 2009-02-19 22:07 3,532 --a------ C:\drmHeader.bin
2009-02-18 21:30 . 2009-02-18 21:30 <REP> d-------- c:\program files\Runtime Software
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\QuickTime
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\iTunes
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\iPod
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\program files\Bonjour
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\KAB\Application Data\Apple Computer
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-15 22:20 . 2009-02-15 22:20 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 22:20 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-15 22:20 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-15 22:19 . 2009-02-15 22:20 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-02-15 22:19 . 2009-02-15 22:19 <REP> d-------- c:\program files\Apple Software Update
2009-02-15 22:19 . 2009-02-15 22:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-02-15 21:56 . 2008-11-19 22:50 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-02-15 21:56 . 2008-11-19 23:39 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-02-15 21:56 . 2008-11-19 23:39 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-02-15 21:56 . 2009-03-29 13:55 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-02-15 21:56 . 2009-02-15 21:56 <REP> d-------- c:\documents and settings\Administrateur
2009-02-12 19:12 . 2009-02-16 22:09 <REP> d-------- c:\program files\Google
2009-02-12 19:12 . 2009-03-28 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 19:02 . 2009-02-08 19:02 <REP> d-------- c:\windows\Sun
2009-02-08 16:53 . 2009-02-08 16:53 <REP> d-------- c:\program files\VisiPics
2009-02-08 16:23 . 2009-03-29 20:40 <REP> d-------- c:\documents and settings\KAB\Application Data\FileZilla
2009-02-08 16:22 . 2009-03-16 22:54 <REP> d-------- c:\program files\FileZilla FTP Client
2009-02-06 18:43 . 2009-02-06 18:44 <REP> d-------- c:\program files\Winamp
2009-02-06 18:43 . 2009-02-06 20:55 <REP> d-------- c:\documents and settings\KAB\Application Data\Winamp
2009-02-06 18:43 . 2007-03-08 01:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-04 07:57 . 2009-02-04 07:57 11,702,272 --a------ c:\windows\system32\atioglxx.dll
2009-02-04 07:03 . 2009-02-04 07:03 290,816 --a------ c:\windows\system32\atiok3x2.dll
2009-02-04 06:56 . 2009-02-04 06:56 442,368 --a------ c:\windows\system32\ATIDEMGX.dll
2009-02-04 06:44 . 2009-02-04 06:44 196,608 --a------ c:\windows\system32\atipdlxx.dll
2009-02-04 06:44 . 2009-02-04 06:44 155,648 --a------ c:\windows\system32\Oemdspif.dll
2009-02-04 06:43 . 2009-02-04 06:43 155,648 --a------ c:\windows\system32\ati2evxx.dll
2009-02-04 06:43 . 2009-02-04 06:43 43,520 --a------ c:\windows\system32\ati2edxx.dll
2009-02-04 06:43 . 2009-02-04 06:43 26,112 --a------ c:\windows\system32\Ati2mdxx.exe
2009-02-04 06:41 . 2009-02-04 06:41 602,112 --a------ c:\windows\system32\ati2evxx.exe
2009-02-04 06:40 . 2009-02-04 06:40 53,248 --a------ c:\windows\system32\ATIDDC.DLL
2009-02-04 06:13 . 2009-02-04 06:13 3,107,788 --a------ c:\windows\system32\ativva5x.dat
2009-02-04 06:13 . 2009-02-04 06:13 887,724 --a------ c:\windows\system32\ativva6x.dat
2009-02-04 06:13 . 2009-02-04 06:13 121,808 --a------ c:\windows\system32\ativvaxx.cap
2009-02-04 05:58 . 2009-02-04 05:58 49,664 --a------ c:\windows\system32\amdpcom32.dll
2009-02-04 05:54 . 2009-02-04 05:54 471,040 --a------ c:\windows\system32\atikvmag.dll
2009-02-04 05:53 . 2009-02-04 05:53 122,880 --a------ c:\windows\system32\atiadlxx.dll
2009-02-04 05:52 . 2009-02-04 05:52 53,248 --a------ c:\windows\system32\drivers\ati2erec.dll
2009-02-04 05:52 . 2009-02-04 05:52 17,408 --a------ c:\windows\system32\atitvo32.dll
2009-02-04 05:44 . 2009-02-04 05:44 307,200 --a------ c:\windows\system32\atiiiexx.dll
2009-02-04 04:43 . 2009-02-04 04:43 45,056 --a------ c:\windows\system32\aticalrt.dll
2009-02-04 04:42 . 2009-02-04 04:42 45,056 --a------ c:\windows\system32\aticalcl.dll
2009-02-04 04:40 . 2009-02-04 04:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 15:00 --------- d-----w c:\program files\SuperCopier2
2009-03-30 10:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-30 10:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-30 10:37 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-29 17:57 --------- d-----w c:\documents and settings\KAB\Application Data\GrabIt
2009-03-29 11:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:35 --------- d-----w c:\documents and settings\KAB\Application Data\uTorrent
2009-03-29 11:24 --------- d-----w c:\documents and settings\KAB\Application Data\LimeWire
2009-03-20 17:33 --------- d-----w c:\documents and settings\KAB\Application Data\Skype
2009-03-20 15:59 --------- d-----w c:\documents and settings\KAB\Application Data\skypePM
2009-03-06 20:22 --------- d-----w c:\program files\Steam
2009-03-01 15:42 --------- d-----w c:\program files\CCleaner
2009-02-22 17:59 --------- d-----w c:\program files\ATI Technologies
2009-02-20 07:29 --------- d-----w c:\documents and settings\KAB\Application Data\U3
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 19:20 --------- d-----w c:\program files\EasyBox
2009-02-08 15:07 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-02-06 16:30 --------- d-----w c:\documents and settings\KAB\Application Data\DMCache
2009-02-05 21:35 --------- d-----w c:\documents and settings\KAB\Application Data\Spamihilator
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-23 09:24 665,088 ----a-w c:\windows\system32\spsplib1.dll
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll
.

------- Sigcheck -------

2008-04-13 20:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 20:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-30_13.38.15.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-30 12:00:42 262,144 ----a-w c:\windows\system32\config\systemprofile\NtUser.dat
+ 2009-02-13 09:17:49 45,416 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2009-02-13 09:29:11 22,360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2009-02-13 12:22:54 95,576 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2009-02-13 09:50:02 28,376 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2009-03-30 09:44:51 1,991,608 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-30 12:20:34 1,991,608 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-07-29 06:05:06 161,784 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05:08 3,768,312 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 06:05:10 3,783,672 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07:42 59,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:05:06 38,912 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05:06 39,936 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05:08 66,560 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05:08 56,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05:06 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05:08 65,024 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05:06 66,048 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05:08 64,512 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05:08 46,592 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05:08 46,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05:08 62,976 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2007-11-07 00:19:20 54,272 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS\[u]0[/u]lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^KAB^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^KAB^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=c:\documents and settings\KAB\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 08:58 611712 c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 06:46 378224 c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:34 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2007-03-13 16:38 39264 c:\progra~1\FICHIE~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
--a------ 2008-12-23 11:28 1321984 c:\program files\Spamihilator\spamihilator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 18:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 c:\windows\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-11-21 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-30 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2008-11-21 65576]
S2 gupdate1c98d353e550674;Google Update Service (gupdate1c98d353e550674);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1aa756-dbbd-11dd-9748-00148525bc4d}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba1aa757-dbbd-11dd-9748-00148525bc4d}]
\Shell\AutoRun\command - m:\portableapps\PortableAppsMenu\PortableAppsMenu.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 17:35]

2009-03-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-27 20:51]

2009-03-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 19:13]
.
- - - - ORPHELINS SUPPRIMES - - - -

Notify-9c69f62f565 - c:\windows\System32\davclnt32.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?hl=fr
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\KAB\Application Data\Mozilla\Firefox\Profiles\cd5emi1u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 17:02:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\KAB\LOCALS~1\Temp\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv­]
"ImagePath"="\??\c:\docume~1\KAB\LOCALS~1\Temp\mc23.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):17,c2,c0,82,c7,5f,8a,e3,b0,a8,13,99,31,1a,6d,05,ff,75,b4,44,43,
a8,2b,b4,7b,bc,6c,61,e7,72,ea,21,cd,dc,79,05,fb,5f,48,95,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6b85ab8a-b847-46ae-b850-e04f85e0bf00}]
@Denied: (Full) (Everyone)
"Model"=dword:00000023
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="9C16A645EAD9778957C6851F2567F77FBFA543EBDD370C7DDDCA0F427166FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC79338AB9CB246150E33F7BF857AF266D4D2CEF36D9C604654B453CB1E83A5A192D3026DE485C5618152B81A436A10FBA8BD54EE5C390361F21C677E3450256EA9FF21164C4B1205DCEED37B3131F4938C4686E6CDC3D7B6F4A8E1D96D975D2B24C32901486F46CBD5F3D945CEA4D82FE4FFD998BF868228B46BFE8B8F5C5DE647B3271A9758A298776251749E0E6AC5CE5879CFA15403BDCF74E1AAF8EB54C24589083D69E6E8C3F2C843F98B9BB7B4F26CBC9E6D00A1D00A605F153BA1EB2CEF3B99A4034AA0D9BF71291DBDF2B690D1363F6EC6C9AE2C7FE0238EEB7EBEDF244F08D000962E608B7D2951961AE32FD13B87EA0D1DE6AB98F36B643631E1DD09FCCB7A118CA9B242EA3594AF0CED73F708E3C0909D4D48DCA673C8442CA23E042B979277C2CEE44FD34EDDC6229A021597993A143910A330AB09CD97D98274D4E7437057865E76F32886634317113A760E069D7D2BA334A87FDACE05FC414F447115725F06653613877DCA57B6DFD0C7D0427112D8C3E2AE292C727591F996995F546E4EDB4C288E1AEEDFA0277F2BA08713AA16FD5DCDA9F83CDB2FD0C2AF185DD72131C6A0789E2ABB7F2AA7D4554418E15D7577A869AA3B91F7A06837D09475751764DB33CBCD6C3E2BE800211AB4915AD6FC7F175D9BD75A4EB4D130FDB6F46D8C776523CAA399E1584311BAF4B2811FB9D474526409A46C6E553599DCFF65F06B4301CA616ECB67C5E0D73C5EEC6E37F0802175C25CD92763C3B8B2C78B92F58DB3879E0F136DD485B0C49B60875C0B8CBC5181D18CF9425384FF08122F714D2566DE793633FB5AE7C476F2B3A65312E74868FB358FAD8C89479E7A9CA57407D29D5F8A94895B767387C4A12DDAD136988D9DAADDD10435E81C95EF2245EBB63531A51D32FA92FAF788D559B80C616F6FDFA685D5031876123F4DAF0967ADF15C588AA85DCD1BB479A81A03C6191BF683F4AB9570EE530D69253F3FBBB7CDB25E4105378C7C650F3F0804AAE754F67562B486879289A9BC45A5F55AC619733AC8A472BA79AA6367E42D88C6E65A73B56159D9E5D641E7BB67BB8C1638BE53BC68365285336F1093248FC30BD8EA23B89C3141C69BBA25439E9A48B446F6221921049D1FE2E8EB7E03083922200303D8E731C33C05DC181DF0D8B1CB577EC61336671C8F3494785DD9D2427E37F22690E53C7CC4E2AF5AF42C0F6EE63C3CB4FD2AE053B3E03C68C0425BF740F042F3CAF83CCE241361E617AD699943AA4A6921A06CB70AD8C9F362D51D493F7BB7286211E"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\SHDOCVW.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\ntshrui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\devldr32.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 17:07:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 15:07:37
ComboFix2.txt 2009-03-30 11:40:17

Avant-CF: 38 843 244 544 octets libres
Après-CF: 38,839,705,600 octets libres

329 --- E O F --- 2009-03-29 18:42:06

ca a l'air d'aller mieux !!!

[ Rapport ToolsCleaner version 2.3.3 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\KAB\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\KAB\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\KAB\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\KAB\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\KAB\Bureau\Rsit.exe: trouvé !

Merci pour ton coup de main !./

Salut , desole mais g du m'absenter ...
Oui visiblement plus d'alerte virus .
juste une question, Antivir est il vraiment mieux que avast ?...

En tout cas merci pour ton aide.