Cheval de troie: packed.win32.Tdss.c

ya pas D:\Program Files\Bifrost\server.exe chez moi ya D:\Program Files\Bifrost\logg.data je fais quoi ?

merci voila le rapport:
Rapport de ZHPDiag v1.20 par Nicolas Coolman
Enregistré le 10/05/2009 18:56:59
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox (3.0.4)

---\\ Processus lancés
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\spoolsv.exe

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31D1305D-195C-4836-AB15-CE560FA8C578} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
O4 - HKLM\..\Run: [regdiit] D:\WINDOWS\system32\winxp.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &NeoTrace It! - D:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra 'Tools' menuitem: Statistiques de la protection du trafic Internet - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll,101
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe,302

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: D:\WINDOWS\System32\cbXNHyaA.dll
O20 - Winlogon Notify: DfEventStartup - D:\WINDOWS\System32\LogonDll.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\fccbXonN.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\hgGwTlLb.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\igfxdev.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\khfCtuvu.dll
O20 - Winlogon Notify: WLEventStart - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\pmnnkLFX.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\rqRHyxvw.dll
O20 - Winlogon Notify: D:\WINDOWS\System32\tuvUNedD.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Kaspersky Internet Security (AVP) - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r
O23 - Service: DF5Serv (DF5Serv) - D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
O23 - Service: Spouleur d'impression (Spooler) - D:\WINDOWS\system32\spoolsv.exe

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - D:\WINDOWS\system32\danim.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - D:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall D:\WINDOWS\system32\themeui.dll
O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Logiciel de navigation hors connexion - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Aide sur Internet Explorer - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Outils d'installation Internet Explorer - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Améliorations pour la navigation - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub
O40 - ASIC: Accès au site MSN - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer 6 - {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe
O40 - ASIC: Liaison de données Dynamic HTML - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {9D71D88C-C598-4935-C5D1-43AA4DB90836} - D:\Program Files\Bifrost\server.exe s
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Polices de base Internet Explorer - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player 9 ActiveX - {D27CDB6E-AE6D-11cf-96B8-444553540000} - D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
O40 - ASIC: Aide HTML - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: Broadcom NetXtreme Gigabit Ethernet (b57w2k) - C:\WINDOWS\system32\DRIVERS\b57xp32.sys
O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: Pilote de fonction Microsoft UAA pour Service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: Pilote de bus Microsoft UAA pour High Definition Audio (HDAudBus) - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
O41 - Driver: Pilote de classe HID Microsoft (hidusb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys
O41 - Driver: (no object) (ialm) - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
O41 - Driver: Pilote de processeur Intel (intelppm) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: Pilote du pare-feu Windows IPv6 (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: Kl1 (kl1) - C:\WINDOWS\system32\drivers\kl1.sys
O41 - Driver: Kaspersky Lab Boot Guard Driver (klbg) - C:\WINDOWS\system32\drivers\klbg.sys
O41 - Driver: Kaspersky Lab KLFltDev (KLFLTDEV) - C:\WINDOWS\system32\DRIVERS\klfltdev.sys
O41 - Driver: Kaspersky Lab Driver (KLIF) - C:\WINDOWS\system32\DRIVERS\klif.sys
O41 - Driver: Kaspersky Anti-Virus NDIS Filter (klim5) - C:\WINDOWS\system32\DRIVERS\klim5.sys
O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: LF30FS (LF30FS) - D:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys
O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\system32\DRIVERS\mouhid.sys
O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: Pilote du Moniteur réseau (nm) - C:\WINDOWS\system32\DRIVERS\NMnt.sys
O41 - Driver: NetGroup Packet Filter Driver (NPF) - C:\WINDOWS\system32\drivers\npf.sys
O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: Logitech QuickCam Communicate (QCMerced) - C:\WINDOWS\system32\DRIVERS\LVCM.sys
O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\system32\DRIVERS\rdpdr.sys
O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys
O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys
O41 - Driver: Pilote de filtre de restauration système (sr) - D:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys
O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: Concentrateur USB2 (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Logitech Virtual Bus Enumerator Driver (WmBEnum) - C:\WINDOWS\system32\drivers\WmBEnum.sys
O41 - Driver: Logitech Gaming HID Filter Driver (WmFilter) - C:\WINDOWS\system32\drivers\WmFilter.sys
O41 - Driver: Logitech Gaming USB Filter Driver (WmHidLo) - C:\WINDOWS\system32\drivers\WmHidLo.sys
O41 - Driver: Logitech Virtual Hid Device Driver (WmVirHid) - C:\WINDOWS\system32\drivers\WmVirHid.sys
O41 - Driver: Logitech Translation Layer Driver (WmXlCore) - C:\WINDOWS\system32\drivers\WmXlCore.sys
O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: CCleaner (remove only)
O42 - Logiciel: F1 WCP 2009
O42 - Logiciel: Foxit Reader
O42 - Logiciel: High Definition Audio - KB888111
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: Internet Download Manager
O42 - Logiciel: KP-Anti Mosquitoes
O42 - Logiciel: Kaspersky Internet Security 2009
O42 - Logiciel: Lock Folder XP 3.6
O42 - Logiciel: Logiciel QuickCam de Logitech
O42 - Logiciel: Logitech Gaming Software 5.02
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Mozilla Firefox (3.0.4)
O42 - Logiciel: NeoTrace Express 3.25
O42 - Logiciel: PhotoFiltre
O42 - Logiciel: Programme de gestion Camera de Logitech®
O42 - Logiciel: RealPlayer
O42 - Logiciel: SWF Opener
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: SnagIt 7
O42 - Logiciel: Storm Codec
O42 - Logiciel: TeLL me More
O42 - Logiciel: VDownloader 0.82
O42 - Logiciel: VideoLAN VLC media player 0.8.6b
O42 - Logiciel: WinPcap 4.0.2
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Wireshark 1.0.7

---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Everstrike Software
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\InstallShield
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Logitech
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\MSSoap
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Real
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\Skype
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\System
O43 - CFD:Common File Directory - D:\Program Files\Fichiers Communs\xing shared

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - D:\WINDOWS\System32\$winnt$.inf -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\0f05b679-.txt -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\adednbas.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aevagwtk.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\amcompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\anqntdrb.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\aqberdfp.ini -->19/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\auraqlgn.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\awnadtrf.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bcyihljq.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bgtokhjn.ini -->08/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bhdsdrsu.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bthwjeme.ini -->13/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\bvhvjlse.ini -->15/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cdplayer.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\cjboikln.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CmdLineExt.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\CONFIG.NT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ddgjnchy.ini -->11/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dlillmrb.ini -->18/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\dpyprvdu.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ejbskpry.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\emptyregdb.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\EMSAdMoq.ini2 -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ewotpgxk.ini -->02/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ezsidmv.dat -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fhbrmaya.ini -->16/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\FNTCACHE.DAT -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\fwswmpla.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ghdsoycb.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\gijkoxgd.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\grjmaqfq.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\h323log.txt -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hpvuerdc.ini -->07/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\hqpynqfn.ini -->11/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\iavtohhf.ini -->01/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jecboyte.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jhmchm.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\jyoubmst.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kdcohgnx.ini -->13/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\kqesusio.ini -->05/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ljhqpoop.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lmqiivjp.ini -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\logonui.exe.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lvcoinst.log -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\lwpuojuu.ini -->22/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mcmupqax.ini -->31/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mjpddnow.ini -->12/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\mqehhdbj.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ncpa.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nhpbakvy.ini -->06/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nrcnfauk.ini -->06/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nscompat.tlb -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ntfjsoks.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nwc.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\nydavynm.ini -->14/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oinlmylo.ini -->21/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ojetkhso.ini -->05/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oxtfxtoe.ini -->20/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\oydcki.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfc00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh009.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\perfh00C.dat -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\PerfStringBackup.INI -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pkfnfnev.ini -->27/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pncrt.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5016.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\pndx5032.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\qxudfbss.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rislonph.ini -->04/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\rmoc3260.dll -->27/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sagrpgwc.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sapi.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\sgxdviyq.ini -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tjftubkk.ini -->25/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\tunnxqaj.ini -->12/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uabrtokf.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\umaekiqv.ini -->28/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\usleuyeq.ini -->10/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\uxtheme.dll -->04/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqiwnnof.ini -->07/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\vqjsbovx.ini -->26/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wcpyxfru.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\WindowsLogon.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\winjpg.jpg -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wpa.dbl -->10/05/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wuaucpl.cpl.manifest -->03/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\wwsixjmh.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xbbakdxl.ini -->03/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xceyihmw.ini -->29/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xheabuxb.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\xtjpbu.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ygqllvur.dll -->14/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ynmdslxp.ini -->30/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\ypsfpmci.ini -->23/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yrucjmif.ini -->08/03/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yskeccll.ini -->09/04/2009
O44 - LFC:Last File Created - D:\WINDOWS\System32\yudemyro.ini -->15/03/2009
...........................suite................................. 2eme page......................

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 19:43:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwAdjustPrivilegesToken [0xA9A6C1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwClose [0xA9A6C7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwConnectPort [0xA9A6E1EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateFile [0xA9A6DB9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateKey [0xA9A6B950]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA9A6FB7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwCreateThread [0xA9A6C5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteKey [0xA9A6BD92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeleteValueKey [0xA9A6BF92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDeviceIoControlFile [0xA9A6DEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwDuplicateObject [0xA9A70084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateKey [0xA9A6C0A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwEnumerateValueKey [0xA9A6C110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwFsControlFile [0xA9A6DD5E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwLoadDriver [0xA9A6F620]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenFile [0xA9A6D9F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenKey [0xA9A6BAB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenProcess [0xA9A6C3B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenSection [0xA9A6FBA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwOpenThread [0xA9A6C2FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryKey [0xA9A6C178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryMultipleValueKey [0xA9A6BE7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueryValueKey [0xA9A6BC5A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwQueueApcThread [0xA9A6F888]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwReplaceKey [0xA9A6B5D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRequestWaitReplyPort [0xA9A6EA74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwRestoreKey [0xA9A6B734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwResumeThread [0xA9A6FF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSaveKey [0xA9A6B3D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSecureConnectPort [0xA9A6E08C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetContextThread [0xA9A6C6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSecurityObject [0xA9A6F71A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetSystemInformation [0xA9A6FBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSetValueKey [0xA9A6BB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendProcess [0xA9A6FCB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSuspendThread [0xA9A6FDE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwSystemDebugControl [0xA9A6F54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwTerminateProcess [0xA9A6C47E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) ZwWriteVirtualMemory [0xA9A6C4F0]

INT 0x62 ? 8A02CBF8
INT 0x74 ? 89931BF8
INT 0x82 ? 8A02CBF8
INT 0x84 ? 89931BF8
INT 0x94 ? 89931BF8
INT 0xA4 ? 89931BF8

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9E14 5 Bytes JMP A9A83626 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE54E 5 Bytes JMP A9A839E0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter fre_wnet_x86/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 23A8 805010AC 4 Bytes JMP D0A9A6E1
.text ntkrnlpa.exe!ZwCallbackReturn + 264C 80501350 4 Bytes JMP CBAEA9A6
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [B4, FC, A6, A9, E0, FD, A6, ...]
? spcm.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B9DEA62C 5 Bytes JMP 899311D8
.text alesp9yg.SYS B9D49386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text alesp9yg.SYS B9D493AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text alesp9yg.SYS B9D493C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text alesp9yg.SYS B9D493C9 1 Byte [2E]
.text alesp9yg.SYS B9D493C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 28001CC0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW 7C80AB10 4 Bytes JMP 28001B00 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExW + 5 7C80AB15 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 28001A80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 28001D80 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!LockResource 7C80C6CF 5 Bytes JMP 28001DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceA 7C80C7B1 7 Bytes JMP 28001B90 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 D:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 28001840 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!FindResourceExA 7C822C2D 7 Bytes JMP 28001C20 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] kernel32.dll!OutputDebugStringW 7C85A215 5 Bytes JMP 28001E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [24, B0, CC, CC] {AND AL, 0xb0; INT 3 ; INT 3 }
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!PeekMessageW 77D19278 5 Bytes JMP 280040D0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateWindowExW 77D21AD5 5 Bytes JMP 28003860 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowRgn 77D21DE0 7 Bytes JMP 280059B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadIconW 77D22174 5 Bytes JMP 280062E0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!LoadImageW 77D242A4 5 Bytes JMP 280060F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!CreateDialogParamW 77D3629F 5 Bytes JMP 28005AF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!SetWindowPlacement 77D3FBEA 5 Bytes JMP 28005870 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!MessageBoxIndirectW 77D660B7 5 Bytes JMP 28005CE0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] USER32.dll!TrackPopupMenuEx 77D6CAFE 5 Bytes JMP 280049B0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A210 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 28009FF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009E50 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A3F0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A630 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] SHELL32.dll!Shell_NotifyIconW 7CA47CE1 5 Bytes JMP 28003020 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoInitializeEx 774B42F3 5 Bytes JMP 28002100 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 1 Byte [E9]
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] ole32.dll!CoRegisterClassObject 77501BFC 5 Bytes JMP 28002200 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpOpenRequestA 77AB4AC5 5 Bytes JMP 28008C60 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetCloseHandle 77AB61DC 5 Bytes JMP 28008FA0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!HttpSendRequestA 77AB76B8 5 Bytes JMP 28008ED0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\MSN Messenger\msnmsgr.exe[264] WININET.dll!InternetReadFile 77AB9555 5 Bytes JMP 28008DF0 D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[2872] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }
? D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] D:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe[3504] USER32.dll!VRipOutput + FFFA5010 77D12A78 4 Bytes [70, 11, 41, 6D] {JO 0x13; INC ECX; INSD }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spcm.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spcm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spcm.sys
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\alesp9yg.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [BA002530] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A02B1F8
Device \FileSystem\Fastfat \FatCdrom 89532368

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\PCI_PNP6288 \Device\00000042 spcm.sys
Device \Driver\usbuhci \Device\USBPDO-0 8987A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89FBF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89FBF1F8
Device \Driver\usbuhci \Device\USBPDO-1 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8987A1F8
Device \Driver\usbuhci \Device\USBPDO-3 8987A1F8
Device \Driver\usbehci \Device\USBPDO-4 898631F8

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\NetBT \Device\NetBT_Tcpip_{7D0D74E4-3C9A-4A12-809A-6ED17FF83AC2} 896D1500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A02D1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A02D1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 DeepFrz.sys (Deep Freeze 6 driver/Faronics Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ntkrnlpa.exe (Noyau et système NT/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 mouclass.sys (Pilote de la classe Souris/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 899111F8
Device \Driver\Cdrom \Device\CdRom1 899111F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8A02C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A02C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A02C1F8
Device \Driver\Cdrom \Device\CdRom2 899111F8
Device \Driver\Cdrom \Device\CdRom3 899111F8
Device \Driver\Cdrom \Device\CdRom4 899111F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896D1500
Device \Driver\sptd \Device\3866230038 spcm.sys
Device \Driver\NetBT \Device\NetbiosSmb 896D1500

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\NetBT \Device\NetBT_Tcpip_{3DE1C12C-295B-4ED4-93C7-92DEFB761E72} 896D1500
Device \Driver\usbuhci \Device\USBFDO-0 8987A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-2 8987A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8953C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8987A1F8
Device \Driver\usbehci \Device\USBFDO-4 898631F8
Device \Driver\Ftdisk \Device\FtControl 8A02D1F8
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target2Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target1Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target3Lun0 89767500
Device \Driver\alesp9yg \Device\Scsi\alesp9yg1Port2Path0Target0Lun0 89767500
Device \FileSystem\Fastfat \Fat 89532368

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 894921F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0x95 0x3A 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x63 0xED 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x30 0xE1 0x4A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xEE 0x93 0x26 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC9 0x03 0x49 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0x5D 0x92 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x39 0x4D 0x33 0x70 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC3 0x06 0x0D 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x48 0xA8 0x26 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0x80 0x1B 0x50 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Model 129
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@Therad 9
Reg HKLM\SOFTWARE\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}@MData 0xCB 0x9B 0xAD 0xEF ...

---- Files - GMER 1.0.15 ----

File D:\WINDOWS\Temp\cch~5ba38ac85.htp 0 bytes
File D:\WINDOWS\Temp\cch~5ba38b15b.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baea81fb.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baea86c9.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb4de4.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb52be.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7741.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baeb7c30.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebd6b3.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baebdba0.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5baec714e.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bb19deb0.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb19e416.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91dcb6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb91e1b6.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb934e1d.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bb935331.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6ad5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbbb6fce.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd53aa5.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbd540c4.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbdbe7ca.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bbde609f.htp 0 bytes
File D:\WINDOWS\Temp\cch~5bdbc78de.htp 8192 bytes
File D:\WINDOWS\Temp\cch~5bdbc7de7.htp 0 bytes
File D:\WINDOWS\Temp\cch~5baec764b.htp 8192 bytes

---- EOF - GMER 1.0.15 ----

NB: J'AI PAS PLACé DE PLASH DISK NI DE DISQUE EXTERNE CAR J4EN AI PAS QUI SONT INFECTés.
rapport:


############################## [ UsbFix V3.017 # Scan ]

# User : KIMI (Administrateurs) # RAIKKONEN
# Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:18:04 | 10/05/2009

# Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ Enabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]8.0.0.506

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 27,26 Go (6,51 Go free) [AMIR] # NTFS
# D:\ # Disque fixe local # 10 Go (1,11 Go free) # NTFS
# E:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [hasen] # CDFS
# F:\ # Disque CD-ROM # 421,12 Mo (0 Mo free) [SETUP5] # CDFS
# G:\ # Disque CD-ROM # 590,6 Mo (0 Mo free) [TMM_SPA2] # CDFS
# H:\ # Disque CD-ROM # 646,03 Mo (0 Mo free) [TMM_SPA3] # CDFS
# I:\ # Disque CD-ROM # 547,12 Mo (0 Mo free) [TMM_ES1] # CDFS

############################## [ Processus actifs ]

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wscript.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\Wscript.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\Wscript.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/?gws_rd=ssl"
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="KIMI"
HKLM_logon: "AltDefaultUserName"="KIMI"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: AVP="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: Start WingMan Profiler=D:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
HKLM_Run: TkBellExe="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: CTFMON=D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
HKLM_Run: regdiit=D:\WINDOWS\system32\winxp.exe
HKCU_Run: IDMan=D:\Program Files\Internet Download Manager\IDMan.exe /onboot
HKCU_Run: DAEMON Tools Lite="D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! D:\WINDOWS\system32\winjpg.jpg
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! C:\zPharaoh.exe
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! F:\Setup.exe
Found ! F:\autorun.inf
Found ! G:\autorun.inf
Found ! H:\autorun.inf
Found ! I:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf0-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{05c0fbf3-07ea-11de-b0d7-806d6172696f}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd2-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd3-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd4-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{0a531dd5-3d79-11de-9620-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca0f511-3a4e-11de-961c-003005c6503c}\Shell\ouvrir\Command
HKCU\Software\Microsoft\....\MountPoints2\{fcb432df-1890-11de-95f9-003005c6503c}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.017 ! ]

rapport combofix:
ComboFix 09-05-09.05 - KIMI 10/05/2009 22:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.859 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\RECYCLER .exe
d:\documents and settings\KIMI\Application Data\addons.dat
d:\windows\system32\adednbas.ini
d:\windows\system32\aevagwtk.ini
d:\windows\system32\anqntdrb.ini
d:\windows\system32\aqberdfp.ini
d:\windows\system32\auraqlgn.ini
d:\windows\system32\awnadtrf.ini
d:\windows\system32\bcyihljq.ini
d:\windows\system32\bgtokhjn.ini
d:\windows\system32\bhdsdrsu.ini
d:\windows\system32\bthwjeme.ini
d:\windows\system32\bvhvjlse.ini
d:\windows\system32\cjboikln.ini
d:\windows\system32\ddgjnchy.ini
d:\windows\system32\dlillmrb.ini
d:\windows\system32\dpyprvdu.ini
d:\windows\system32\ejbskpry.ini
d:\windows\system32\EMSAdMoq.ini
d:\windows\system32\EMSAdMoq.ini2
d:\windows\system32\ewotpgxk.ini
d:\windows\system32\fhbrmaya.ini
d:\windows\system32\fwswmpla.ini
d:\windows\system32\ghdsoycb.ini
d:\windows\system32\gijkoxgd.ini
d:\windows\system32\grjmaqfq.ini
d:\windows\system32\hpvuerdc.ini
d:\windows\system32\hqpynqfn.ini
d:\windows\system32\iavtohhf.ini
d:\windows\system32\jecboyte.ini
d:\windows\system32\jhmchm.dll
d:\windows\system32\jyoubmst.ini
d:\windows\system32\kdcohgnx.ini
d:\windows\system32\kqesusio.ini
d:\windows\system32\ljhqpoop.dll
d:\windows\system32\lmqiivjp.ini
d:\windows\system32\logondll.dll
d:\windows\system32\lwpuojuu.ini
d:\windows\system32\mcmupqax.ini
d:\windows\system32\mjpddnow.ini
d:\windows\system32\mqehhdbj.ini
d:\windows\system32\nhpbakvy.ini
d:\windows\system32\nrcnfauk.ini
d:\windows\system32\ntfjsoks.ini
d:\windows\system32\nydavynm.ini
d:\windows\system32\oinlmylo.ini
d:\windows\system32\ojetkhso.ini
d:\windows\system32\oxtfxtoe.ini
d:\windows\system32\oydcki.dll
d:\windows\system32\pkfnfnev.ini
d:\windows\system32\qxudfbss.ini
d:\windows\system32\rislonph.ini
d:\windows\system32\sagrpgwc.ini
d:\windows\system32\sgxdviyq.ini
d:\windows\system32\tjftubkk.ini
d:\windows\system32\tunnxqaj.ini
d:\windows\system32\uabrtokf.ini
d:\windows\system32\umaekiqv.ini
d:\windows\system32\usleuyeq.ini
d:\windows\system32\vqiwnnof.ini
d:\windows\system32\vqjsbovx.ini
d:\windows\system32\wcpyxfru.ini
d:\windows\system32\wwsixjmh.ini
d:\windows\system32\xbbakdxl.ini
d:\windows\system32\xceyihmw.ini
d:\windows\system32\xheabuxb.dll
d:\windows\system32\xtjpbu.dll
d:\windows\system32\ygqllvur.dll
d:\windows\system32\ynmdslxp.ini
d:\windows\system32\ypsfpmci.ini
d:\windows\system32\yrucjmif.ini
d:\windows\system32\yskeccll.ini
d:\windows\system32\yudemyro.ini
d:\windows\system32\yuyuxxpc.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-10 au 2009-05-10 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 21:47 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:25 . 2009-03-05 11:25 16299862 ------w D:\Persi0.sys
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=d:\windows\system32\wscript.exe /E:vbs d:\windows\system32\winjpg.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{31D1305D-195C-4836-AB15-CE560FA8C578} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-cbXNHyaA - cbXNHyaA.dll
Notify-DfLogon - LogonDll.dll
Notify-fccbXonN - fccbXonN.dll
Notify-hgGwTlLb - hgGwTlLb.dll
Notify-khfCtuvu - khfCtuvu.dll
Notify-pmnnkLFX - pmnnkLFX.dll
Notify-rqRHyxvw - rqRHyxvw.dll
Notify-tuvUNedD - tuvUNedD.dll


.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
TCP: {3DE1C12C-295B-4ED4-93C7-92DEFB761E72} = 208.67.222.222 193.55.10.102
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
d:\program files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-05-10 22:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-10 21:49

Avant-CF: 1 210 441 728 octets libres
Après-CF: 989 843 456 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

256

rapport bootsete :
Fichier bootstat.dat reçu le 2009.05.08 22:52:22 (CET)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.08 -
AhnLab-V3 5.0.0.2 2009.05.08 -
AntiVir 7.9.0.166 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.08 -
Avast 4.8.1335.0 2009.05.08 -
AVG 8.5.0.327 2009.05.08 -
BitDefender 7.2 2009.05.08 -
CAT-QuickHeal 10.00 2009.05.08 -
ClamAV 0.94.1 2009.05.08 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.08 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6496 2009.05.08 -
F-Prot 4.4.4.56 2009.05.08 -
F-Secure 8.0.14470.0 2009.05.08 -
Fortinet 3.117.0.0 2009.05.08 -
GData 19 2009.05.08 -
Ikarus T3.1.1.49.0 2009.05.08 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.08 -
McAfee 5609 2009.05.08 -
McAfee+Artemis 5609 2009.05.08 -
McAfee-GW-Edition 6.7.6 2009.05.08 -
Microsoft 1.4602 2009.05.08 -
NOD32 4063 2009.05.08 -
Norman 6.01.05 2009.05.08 -
nProtect 2009.1.8.0 2009.05.08 -
Panda 10.0.0.14 2009.05.08 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.08 -
Rising 21.28.41.00 2009.05.08 -
Sophos 4.41.0 2009.05.08 -
Sunbelt 3.2.1858.2 2009.05.08 -
Symantec 1.4.4.12 2009.05.08 -
TheHacker 6.3.4.1.323 2009.05.08 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.07 -
ViRobot 2009.5.8.1725 2009.05.08 -
VirusBuster 4.6.5.0 2009.05.08 -
Information additionnelle
Tamano archivo: 2048 bytes
MD5...: 6a2cb42966136854f4464516fbb4ae72
SHA1..: 8895ff16d9470572b773836e7ceaa6224a54551f
SHA256: 191d1e2d3c13c1b669c4da49a3b33864cd3735eb14c7ec1e1a90eaf01e32c3b2
SHA512: a697b4f4841322cdb5f099f9f57506168b3e4fc64fd87c4462d225fdb6282ee3
74d92cb930062135b415e26dccdd6430f14db4007956fe4a696c346f8edaa930
ssdeep: 3:57k:5
PEiD..: -
TrID..: File type identification
HSC music composer song (83.3%)
Memo File Apollo Database Engine (5.7%)
Lumena CEL bitmap (4.1%)
Corel Photo Paint (2.6%)
VXD Driver (2.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set




l'autres n'existe pas.....................

merci bonne nuit et a demain

rapport combofix:
ComboFix 09-05-09.05 - KIMI 11/05/2009 7:21.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1270.829 [GMT 1:00]
Lancé depuis: d:\documents and settings\KIMI\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\KIMI\Bureau\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

FILE ::
D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt
d:\windows\system32\[u]0/uf05b679.txt
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Persi0.sys
d:\windows\system32\[u]0/uf05b679-.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 22:21 . 2009-05-10 22:20 410984 ----a-w d:\windows\system32\deploytk.dll
2009-05-10 22:20 . 2009-05-10 22:20 -------- d-----w d:\program files\Java
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\KIMI\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-04-06 14:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-10 21:00 . 2009-04-06 14:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 21:00 . 2009-05-10 21:00 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-10 19:17 . 2009-05-10 19:55 -------- d-----w D:\UsbFix
2009-05-10 19:01 . 2009-05-10 19:01 -------- d-----w D:\rsit
2009-05-10 18:58 . 2009-05-10 18:58 -------- d-----w d:\program files\Trend Micro
2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w d:\program files\DAEMON Tools Lite
2009-05-10 15:39 . 2009-05-10 15:39 717296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-05-10 15:39 . 2009-05-10 15:39 -------- d-----w d:\documents and settings\KIMI\Application Data\DAEMON Tools
2009-05-10 11:13 . 1998-06-25 12:13 28160 ----a-w d:\windows\UnSetup.exe
2009-05-10 11:13 . 1998-01-26 19:45 155648 ----a-w d:\windows\FraUinst.exe
2009-05-10 11:13 . 2009-05-10 16:41 -------- d-----w d:\windows\Lhsp
2009-05-06 20:02 . 2009-05-06 20:02 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Identities
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\WINDOWS
2009-05-05 19:18 . 2009-05-05 19:18 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Help
2009-05-03 15:16 . 2009-05-03 15:16 -------- d-----w d:\program files\uTorrent
2009-05-03 15:16 . 2009-05-10 17:15 -------- d-----w d:\documents and settings\KIMI\Application Data\uTorrent
2009-05-03 09:17 . 2009-05-03 09:17 -------- d-----w d:\documents and settings\KIMI\Application Data\dvdcss
2009-05-02 11:46 . 2009-05-02 11:46 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\vdownloader
2009-05-02 11:45 . 2009-05-02 11:46 -------- d-----w d:\program files\VDOWNLOADER
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Fichiers communs\xing shared
2009-04-27 18:05 . 2009-04-27 18:05 -------- d-----w d:\program files\Real
2009-04-26 17:07 . 2009-04-26 17:07 -------- d-----w d:\documents and settings\KIMI\Application Data\Wireshark
2009-04-26 17:04 . 2009-04-26 17:04 -------- d-----w d:\program files\WinPcap
2009-04-26 17:03 . 2009-04-26 17:04 -------- d-----w d:\program files\Wireshark
2009-04-26 16:56 . 2009-04-26 16:56 -------- d-----w d:\program files\NeoTrace Express
2009-04-23 18:48 . 2009-04-23 18:48 -------- d-----w d:\documents and settings\KIMI\Local Settings\Application Data\Logitech
2009-04-22 15:56 . 2009-04-22 16:01 -------- d-----w d:\program files\PhotoFiltre
2009-04-14 09:46 . 2009-04-14 10:18 101287 ----a-w d:\windows\system32\drivers\klin.dat
2009-04-14 09:46 . 2009-04-14 10:18 89601 ----a-w d:\windows\system32\drivers\klick.dat
2009-04-14 09:44 . 2009-05-10 22:07 -------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-14 09:44 . 2009-05-10 21:46 1336864 --sha-w d:\windows\system32\drivers\fidbox.dat
2009-04-14 09:44 . 2009-05-10 21:46 270368 --sha-w d:\windows\system32\drivers\fidbox2.dat
2009-04-13 15:25 . 2009-04-13 15:25 -------- d-----w d:\program files\UnH Solutions
2009-04-11 15:40 . 2009-04-11 15:40 -------- d-----w d:\program files\KP Software
2009-04-11 15:25 . 2009-04-11 15:25 -------- d-----w d:\program files\TechSmith
2009-04-11 14:52 . 2009-04-11 14:52 -------- d-----w d:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 21:46 . 2009-04-14 09:44 3052 --sha-w d:\windows\system32\drivers\fidbox2.idx
2009-05-10 21:46 . 2009-04-14 09:44 12572 --sha-w d:\windows\system32\drivers\fidbox.idx
2009-05-05 18:50 . 2009-05-01 22:27 1536547935 ----a-w d:\program files\Tell Me More Espanol Cd 1,2,3,4 - Learn Spanish Spanish Course-Cours D'espagnol-Corso Di Spagnolo-Spanischkurs.rar
2009-05-01 21:33 . 2009-03-05 11:25 -------- d-----w d:\program files\Faronics
2009-04-27 18:05 . 2009-03-03 11:35 -------- d-----w d:\program files\Fichiers communs\Real
2009-04-23 18:43 . 2009-03-03 11:37 -------- d-----w d:\program files\Fichiers communs\Logitech
2009-04-23 18:43 . 2009-03-03 11:36 -------- d-----w d:\program files\Logitech
2009-04-14 10:18 . 2008-01-29 16:29 33808 ----a-w d:\windows\system32\drivers\klbg.sys
2009-04-06 15:19 . 2009-04-06 15:19 56 ---ha-w d:\windows\system32\ezsidmv.dat
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Skype
2009-04-06 15:18 . 2009-04-06 15:18 -------- d-----w d:\program files\Fichiers communs\Skype
2009-03-15 19:53 . 2009-03-04 19:11 -------- d-----w d:\program files\Internet Download Manager
2009-03-05 11:10 . 2009-03-03 11:20 2048 --s-a-w d:\windows\bootstet.dat
2009-03-04 20:16 . 2004-08-04 04:54 219648 ----a-w d:\windows\system32\uxtheme.dll
2009-03-04 17:19 . 2009-03-04 17:19 107888 ----a-w d:\windows\system32\CmdLineExt.dll
2009-03-04 11:27 . 2009-03-03 11:16 86331 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 11:28 . 2002-09-07 00:00 367658 ----a-w d:\windows\system32\perfh00C.dat
2009-03-03 11:28 . 2002-09-07 00:00 48616 ----a-w d:\windows\system32\perfc00C.dat
2009-03-03 11:24 . 2009-03-03 11:24 12328 ----a-w d:\documents and settings\KIMI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-03 11:16 . 2002-09-07 00:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-03-03 11:13 . 2009-03-03 11:13 21892 ----a-w d:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-05-10_21.48.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 22:21 . 2009-05-10 22:21 16384 d:\windows\temp\Perflib_Perfdata_d9c.dat
+ 2009-05-10 22:21 . 2009-05-10 22:20 148888 d:\windows\system32\javaws.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\javaw.exe
+ 2009-05-10 22:21 . 2009-05-10 22:20 144792 d:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 2573744]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-14 206088]
"Start WingMan Profiler"="d:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-27 185872]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 7.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 7.lnk
backup=d:\windows\pss\SnagIt 7.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [25/10/2007 13:52 131472]
R0 klbg;Kaspersky Lab Boot Guard Driver;d:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R2 LF30FS;LF30FS;d:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19/11/2004 18:07 101488]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;d:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [06/11/2007 21:22 34064]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - WMIAPSRV
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Examen supplémentaire -------
.
IE: &NeoTrace It! - d:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - d:\documents and settings\KIMI\Application Data\Mozilla\Firefox\Profiles\vlpqyo9i.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - component: d:\documents and settings\KIMI\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: d:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 07:22
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):80,1b,50,e0,09,23,90,57,13,b6,d2,51,a0,86,32,27,0a,78,4f,79,0b,
db,8f,2d,40,80,b1,9f,57,e5,ca,2d,7d,5a,b1,e8,5c,ff,9e,b5,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8373e3f2-d69e-4d36-a4cc-e056fef53b2f}]
@Denied: (Full) (Everyone)
"Model"=dword:00000081
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,63,2b,00,4c,e2,45,41,d2,ba,ae,b4,01,47,72,\
.
Heure de fin: 2009-05-11 7:23
ComboFix-quarantined-files.txt 2009-05-11 06:23
ComboFix2.txt 2009-05-10 21:49

Avant-CF: 836 993 024 octets libres
Après-CF: 851 009 536 octets libres

177