Pb avec malwarrior

voici la rapport
SmitFraudFix v2.320

Rapport fait à 17:42:20,20, 15/05/2008
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\TEMP\DB5B.tmp
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchFilter.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !
C:\Program Files\IntCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Neuf Box 4 (BCM USB/NDIS) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{41CD6BB1-EA7C-4E25-BCB3-135A3E71151B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{41CD6BB1-EA7C-4E25-BCB3-135A3E71151B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{41CD6BB1-EA7C-4E25-BCB3-135A3E71151B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

ci-joint rapport


pour info :
pas de nouvelles de mal warrior mais j'ai un message me disant que le PC est infecté
MERCI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:39, on 15/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\TEMP\CCF4.tmp
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\RUIMAR~1\LOCALS~1\Temp\bwgo000185d4.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ec3b3ce6] rundll32.exe "C:\WINDOWS\system32\smyoslme.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Oaup] "C:\WINDOWS\FNTS~1\scanregw.exe" -vt ndrv
O4 - HKCU\..\Run: [Deysx] C:\WINDOWS\?dobe\l?ass.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\RUI MARQUES\NewVersion\setup-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?54276ee545f140c5a11f9bd0c2c2e9b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?54276ee545f140c5a11f9bd0c2c2e9b
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.ea.com/ea-studios/popcap
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

ci-joint rapport

ComboFix 08-05-15.2 - 2008-05-16 14:22:10.2 - NTFSx86
Endroit: C:\Documents and Settings\RUI MARQUES\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\ycKlUvut.ini
C:\WINDOWS\system32\ycKlUvut.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 14:29 . 2008-05-16 14:29 12,288 --a------ C:\WINDOWS\system32\WinNt32.dl_
2008-05-16 12:01 . 2008-05-16 12:01 317,824 --a------ C:\WINDOWS\system32\tuvUlKcy.dll
2008-05-16 11:57 . 2008-05-16 14:30 414 ---hs---- C:\WINDOWS\system32\xnwadiae.ini
2008-05-16 10:12 . 2008-05-16 10:12 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-16 10:04 . 2008-05-16 10:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 09:57 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-16 09:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-16 09:57 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-16 09:57 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-16 09:57 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-16 09:57 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-16 09:57 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-16 09:57 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-16 09:57 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-16 09:50 . 2008-05-16 09:50 91,264 --a------ C:\WINDOWS\system32\eaidawnx.dll
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-15 18:30 . 2006-04-14 15:46 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-15 18:30 . 2006-04-14 15:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-15 18:30 . 2008-05-15 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-15 18:30 . 2008-05-15 18:30 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-15 18:30 . 2008-05-16 11:05 1,024 --ah----- C:\Documents and Settings\Administrateur\NTUSER.dat.LOG
2008-05-15 17:42 . 2008-05-15 18:53 2,426 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 17:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 17:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 17:41 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 17:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 17:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 17:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-15 17:16 . 2008-05-15 17:23 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-05-15 08:58 . 2008-05-15 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:33 . 2008-05-15 08:33 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 20:53 . 2008-05-13 20:53 90,240 --a------ C:\WINDOWS\system32\vedrmglt.dll
2008-05-12 07:40 . 2008-05-12 07:40 91,776 --------- C:\WINDOWS\system32\xxxsxyxr.dll
2008-05-11 18:35 . 2008-05-12 08:00 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 18:11 . 2008-05-11 18:11 <REP> d-------- C:\Program Files\BitDefender
2008-05-11 18:11 . 2008-05-11 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 18:09 . 2008-05-12 08:09 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-11 12:32 . 2008-05-11 12:32 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 10:01 . 2008-05-15 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-11 10:01 . 2008-05-11 10:01 80,384 --a------ C:\mltaxc.exe
2008-05-11 10:01 . 2008-05-11 10:01 29,312 --a------ C:\WINDOWS\system32\pmnnKDvu.dll
2008-05-11 10:01 . 2008-05-16 14:29 27,136 --a------ C:\WINDOWS\system32\drivers\Wmw52.sys
2008-05-11 10:01 . 2008-05-11 10:01 2 --a------ C:\-331662263
2008-05-11 10:01 . 2008-05-11 10:01 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 16:05 . 2008-05-10 16:05 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-10 16:05 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-26 19:06 . 2008-04-26 19:06 <REP> d-------- C:\Documents and Settings\RUI MARQUES\WINDOWS
2008-04-26 19:06 . 1996-02-08 10:54 284,160 --a------ C:\WINDOWS\unin040c.exe
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a------ C:\WINDOWS\system32\drivers\es1370mp.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a--c--- C:\WINDOWS\system32\dllcache\es1370mp.sys
2008-04-25 21:41 . 2008-04-25 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-24 20:52 . 2008-04-24 20:53 <REP> d-------- C:\Program Files\Mio Technology
2008-04-20 15:54 . 2008-04-20 15:54 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-20 11:19 . 2008-05-10 15:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-19 21:22 . 2008-04-19 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-19 20:43 . 2008-04-19 20:43 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2008-04-19 20:42 . 2008-04-26 19:19 <REP> d-------- C:\Documents and Settings\RUI MARQUES\Application Data\Ahead
2008-04-19 20:40 . 2008-04-19 20:40 <REP> d-------- C:\Program Files\Nero
2008-04-19 20:40 . 2008-05-10 15:50 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 06:01 --------- d-----w C:\Program Files\BoontyGames
2008-05-15 06:00 --------- d-----w C:\Program Files\Java
2008-05-13 20:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 16:44 --------- d-----w C:\Program Files\PopCap Games
2008-05-11 16:13 --------- d-----w C:\Documents and Settings\RUI MARQUES\Application Data\BitDefender
2008-05-10 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 19:35 22,878,192 ----a-w C:\setupfrepro.exe
2008-04-28 18:04 0 ----a-w C:\Program Files\temp01
2008-04-26 17:07 --------- d-----w C:\Program Files\Creative
2008-04-12 16:48 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-12 16:48 --------- d-----w C:\Program Files\DivX
2008-04-11 18:58 --------- d-----w C:\Program Files\Neuf
2008-04-05 14:34 10,323,664 ----a-w C:\Bejeweled2Setup-fr.exe
2008-04-03 18:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 21:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 21:11 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-02 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 20:47 --------- d-----w C:\Program Files\Alwil Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-08-05 12:50 1,479 -c--a-w C:\Program Files\INSTALL.LOG
2006-08-03 18:22 3,803,646 -c--a-w C:\Program Files\WinZip.zip
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_11.21.16.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 09:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 12:28:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-16 09:17:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-16 12:30:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-16 09:17:33 196,608 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-16 12:30:00 196,608 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-16 09:17:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
+ 2008-05-16 12:30:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
- 2008-05-16 09:17:37 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 12:30:00 1,097,728 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-16 08:42:01 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-16 10:01:01 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-16 08:42:01 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-16 10:01:01 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-16 08:42:01 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-16 10:01:01 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-16 08:42:01 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 10:01:01 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 12:29:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E5CB112-2D82-0D5A-F0ED-05D58C75B09D}]
C:\WINDOWS\system32\dbsa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C88F420-778C-1C5B-BABC-430F13BD51F1}]
C:\WINDOWS\system32\osl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9A5C420-5ABF-296F-978C-7322238D7CC1}]
C:\WINDOWS\system32\osl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9AB28FA-ED73-4E5E-BA11-0925D85120D1}]
2008-05-11 10:01 29312 --a------ C:\WINDOWS\system32\pmnnKDvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C146C13F-58F8-242F-8AFF-2117C0825C91}]
C:\WINDOWS\system32\iinbkfyl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F46BF13F-75CB-111B-A7CF-113AF0B271A1}]
C:\WINDOWS\system32\iinbkfyl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB452BB9-C1F0-4BA0-B41E-19AB490C3327}]
2008-05-16 12:01 317824 --a------ C:\WINDOWS\system32\tuvUlKcy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"TaskTray"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 01:00 163840]
"TaskBar"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 01:00 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-27 21:16 67128]
"Oaup"="C:\WINDOWS\FNTS~1\scanregw.exe" [ ]
"Deysx"="C:\WINDOWS\?dobe\l?ass.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"Logitech Desktop Messenger"="C:\Program Files\Logitech\Desktop Messenger\8876480\Users\RUI MARQUES\NewVersion\setup-8876480.exe" [2007-03-27 20:55 481992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-03 20:44 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-22 10:11 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ec3b3ce6"="C:\WINDOWS\system32\eaidawnx.dll" [2008-05-16 09:50 91264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B9AB28FA-ED73-4E5E-BA11-0925D85120D1}"= C:\WINDOWS\system32\pmnnKDvu.dll [2008-05-11 10:01 29312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvu]
pmnnKDvu.dll 2008-05-11 10:01 29312 C:\WINDOWS\system32\pmnnKDvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinNt32]
WinNt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.enc"= ITIG726.acm
"wave8"= audpci40.dll
"midi6"= audpci40.dll
"mixer8"= audpci40.dll
"aux4"= audpci40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwr77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wmw52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\assimilation.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\server.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 wmw52;wmw52;C:\WINDOWS\system32\Drivers\Wmw52.sys [2008-05-16 14:29]
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-12 18:36]
R1 eapci40;ENSONIQ AudioPCI;C:\WINDOWS\system32\drivers\eapci40.SYS [1998-08-31 02:31]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 KeyP;KeyP;C:\WINDOWS\system32\Drivers\KeyP.sys [2002-09-25 15:58]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 20:19]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys []
S0 fwr77;fwr77;C:\WINDOWS\system32\Drivers\Fwr77.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-06 22:11]

*Newly Created Service* - TCPSR
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 14:30:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????L&2???9~??9~????????\???\???????????U?9~??9~\???\??????? =a??????C@?\???\??????s????\??????s\???0&2?A??s0&2??C@?x???`|?w\?????@

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\pmnnKDvu.dll
-> C:\WINDOWS\system32\WinNt32.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\eaidawnx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\LOCALS~1\temp\bwgo000169d1.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 14:34:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 12:34:20
ComboFix2.txt 2008-05-16 09:22:14

Pre-Run: 1,447,776,256 octets libres
Post-Run: 1,445,306,368 octets libres

282 --- E O F --- 2008-05-15 07:58:26

résultat des analyses

Fichier WinNt32.dl__ reçu le 2008.05.16 15:34:08 (CET)
Résultat: 13/32 (40.63%)
AntiVir 7.8.0.19 2008.05.16 TR/Crypt.XPACK.Gen
AVG 7.5.0.516 2008.05.16 Win32/Agent
DrWeb 4.44.0.09170 2008.05.16 Trojan.DownLoader.59773
GData 2.0.7306.1023 2008.05.16 Trojan-Downloader.Win32.Mutant.xe
Ikarus T3.1.1.26.0 2008.05.16 Trojan-Downloader.Win32.Mutant.xe
Kaspersky 7.0.0.125 2008.05.16 Trojan-Downloader.Win32.Mutant.xe
NOD32v2 3104 2008.05.16 Win32/Wigon
Norman 5.80.02 2008.05.15 W32/Pandex.gen29
Prevx1 V2 2008.05.16 Email Worm
Rising 20.44.32.00 2008.05.15 Trojan.Win32.Undef.gjs
Sophos 4.29.0 2008.05.16 Mal/Generic-A
Webwasher-Gateway 6.6.2 2008.05.16 Trojan.Crypt.XPACK.Gen

Fichier eaidawnx.dll_ reçu le 2008.05.16 15:12:17 (CET)
Résultat: 2/32 (6.25%)
Prevx1 V2 2008.05.16 Cloaked Malware
Webwasher-Gateway 6.6.2 2008.05.16 Win32.Malware.gen (suspicious)

Fichier vedrmglt.dll_ reçu le 2008.05.16 15:15:34 (CET)
Résultat: 3/32 (9.38%)
Ikarus T3.1.1.26.0 2008.05.16 Trojan.Win32.Vundo.AS
Prevx1 V2 2008.05.16 Cloaked Malware
Webwasher-Gateway 6.6.2 2008.05.16 Win32.Malware.gen (suspicious)

Fichier xxxsxyxr.dll_ reçu le 2008.05.16 15:19:24 (CET)
Résultat: 4/32 (12.5%)
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.GH
Prevx1 V2 2008.05.16 Cloaked Malware
Symantec 10 2008.05.13 Trojan.Vundo
Webwasher-Gateway 6.6.2 2008.05.13 Win32.Malware.gen!90 (suspicious)

Fichier pmnnKDvu.dll_ reçu le 2008.05.16 15:21:47 (CET)
Résultat: 14/32 (43.75%)
AntiVir 7.8.0.19 2008.05.16 TR/Dldr.ConHook.PB
AVG 7.5.0.516 2008.05.16 Dropper.Agent.HZC
BitDefender 7.2 2008.05.16 Trojan.Vundo.ELK
F-Secure 6.70.13260.0 2008.05.16 Trojan-Downloader.Win32.ConHook.pb
Fortinet 3.14.0.0 2008.05.15 W32/ConHook.PB!tr.dldr
GData 2.0.7306.1023 2008.05.16 Trojan-Downloader.Win32.ConHook.pb
Ikarus T3.1.1.26.0 2008.05.16 Trojan.Win32.Vundo.AN
Kaspersky 7.0.0.125 2008.05.16 Trojan-Downloader.Win32.ConHook.pb
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AN
Prevx1 V2 2008.05.16 Cloaked Malware
Rising 20.44.32.00 2008.05.15 Trojan.DL.Win32.Small.tts
Sophos 4.29.0 2008.05.16 Mal/Generic-A
VBA32 3.12.6.6 2008.05.16 Trojan-Downloader.Win32.ConHook.pb
Webwasher-Gateway 6.6.2 2008.05.16 Trojan.Dldr.ConHook.PB

Fichier eaidawnx.dll_ reçu le 2008.05.16 15:26:14 (CET)
Résultat: 2/32 (6.25%)
Prevx1 V2 2008.05.16 Cloaked Malware
Webwasher-Gateway 6.6.2 2008.05.16 Win32.Malware.gen (suspicious)

Fichier CableRouting.dll_ reçu le 2008.05.16 15:29:39 (CET)
Résultat: 16/32 (50%)
AntiVir 7.8.0.19 2008.05.16 TR/Agent.247296
AVG 7.5.0.516 2008.05.16 Proxy.AAQV
BitDefender 7.2 2008.05.16 Adware.BHO.WRF
CAT-QuickHeal 9.50 2008.05.15 Trojan.Agent.qok
eSafe 7.0.15.0 2008.05.16 Win32.Womble
F-Prot 4.4.2.54 2008.05.16 W32/Downloader.F.gen!Eldorado
F-Secure 6.70.13260.0 2008.05.16 W32/Horst.gen29
Fortinet 3.14.0.0 2008.05.15 W32/Agent.QOK!tr
Ikarus T3.1.1.26.0 2008.05.16 Trojan.Win32.BHO
Microsoft 1.3408 2008.05.13 Trojan:Win32/BHO
NOD32v2 3104 2008.05.16 Win32/BHO.NEB
Norman 5.80.02 2008.05.15 W32/Horst.gen29
Panda 9.0.0.4 2008.05.15 Generic Trojan
Prevx1 V2 2008.05.16 Malicious Software
Symantec 10 2008.05.16 Trojan Horse
Webwasher-Gateway 6.6.2 2008.05.16 Trojan.Agent.247296


pour certains le message suivant apparait
"0 bytes size received / Se ha recibido un archivo vacio"

rapport 1
ComboFix 08-05-15.2 - 2008-05-16 18:44:00.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.107 [GMT 2:00]
Endroit: C:\Documents and Settings\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\CableRouting\CableRouting.dll
C:\WINDOWS\FNTS~1\scanregw.exe
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\dbsa.dll
C:\WINDOWS\system32\eaidawnx.dll
C:\WINDOWS\system32\iinbkfyl.dll
C:\WINDOWS\system32\osl.dll
C:\WINDOWS\system32\pmnnKDvu.dll
C:\WINDOWS\system32\tuvUlKcy.dll
C:\WINDOWS\system32\vedrmglt.dll
C:\WINDOWS\system32\WinNt32.dl_
C:\WINDOWS\system32\wmpns.dll
C:\WINDOWS\system32\xnwadiae.ini
C:\WINDOWS\system32\xxxsxyxr.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CableRouting\CableRouting.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eaidawnx.dll
C:\WINDOWS\system32\nlvngaku.ini
C:\WINDOWS\system32\nXwHknnn.ini
C:\WINDOWS\system32\nXwHknnn.ini2
C:\WINDOWS\system32\pmnnKDvu.dll
C:\WINDOWS\system32\tuvUlKcy.dll
C:\WINDOWS\system32\vedrmglt.dll
C:\WINDOWS\system32\WinNt32.dl_
C:\WINDOWS\system32\wmpns.dll
C:\WINDOWS\system32\xnwadiae.ini
C:\WINDOWS\system32\xxxsxyxr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 18:50 . 2008-05-16 18:50 12,288 --a------ C:\WINDOWS\system32\WinNt32.dll
2008-05-16 18:50 . 2008-05-16 18:50 6,400 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-05-16 14:41 . 2008-05-16 14:41 91,776 --a------ C:\WINDOWS\system32\ukagnvln.dll
2008-05-16 14:40 . 2008-05-16 14:40 317,824 --a------ C:\WINDOWS\system32\nnnkHwXn.dll
2008-05-16 10:12 . 2008-05-16 10:12 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-16 10:04 . 2008-05-16 10:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 09:57 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-16 09:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-16 09:57 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-16 09:57 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-16 09:57 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-16 09:57 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-16 09:57 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-16 09:57 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-16 09:57 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-15 18:30 . 2006-04-14 15:46 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-15 18:30 . 2006-04-14 15:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-15 18:30 . 2008-05-15 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-15 18:30 . 2008-05-15 18:30 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-15 18:30 . 2008-05-16 11:05 1,024 --ah----- C:\Documents and Settings\Administrateur\NTUSER.dat.LOG
2008-05-15 17:42 . 2008-05-15 18:53 2,426 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 17:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 17:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 17:41 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 17:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 17:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 17:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-15 17:16 . 2008-05-15 17:23 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-05-15 08:58 . 2008-05-15 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:33 . 2008-05-15 08:33 <REP> d-------- C:\Program Files\Trend Micro
2008-05-11 18:35 . 2008-05-12 08:00 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 18:11 . 2008-05-11 18:11 <REP> d-------- C:\Program Files\BitDefender
2008-05-11 18:11 . 2008-05-11 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 18:09 . 2008-05-12 08:09 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-11 12:32 . 2008-05-16 18:44 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 10:01 . 2008-05-15 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-11 10:01 . 2008-05-11 10:01 80,384 --a------ C:\mltaxc.exe
2008-05-11 10:01 . 2008-05-16 18:50 27,136 --a------ C:\WINDOWS\system32\drivers\Wmw52.sys
2008-05-11 10:01 . 2008-05-11 10:01 2 --a------ C:\-331662263
2008-05-11 10:01 . 2008-05-11 10:01 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 16:05 . 2008-05-10 16:05 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 19:06 . 2008-04-26 19:06 <REP> d-------- C:\Documents and Settings\WINDOWS
2008-04-26 19:06 . 1996-02-08 10:54 284,160 --a------ C:\WINDOWS\unin040c.exe
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a------ C:\WINDOWS\system32\drivers\es1370mp.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a--c--- C:\WINDOWS\system32\dllcache\es1370mp.sys
2008-04-25 21:41 . 2008-04-25 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-24 20:52 . 2008-04-24 20:53 <REP> d-------- C:\Program Files\Mio Technology
2008-04-20 15:54 . 2008-04-20 15:54 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-20 11:19 . 2008-05-10 15:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-19 21:22 . 2008-04-19 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-19 20:43 . 2008-04-19 20:43 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2008-04-19 20:42 . 2008-04-26 19:19 <REP> d-------- C:\Documents and Settings\Application Data\Ahead
2008-04-19 20:40 . 2008-04-19 20:40 <REP> d-------- C:\Program Files\Nero
2008-04-19 20:40 . 2008-05-10 15:50 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 06:01 --------- d-----w C:\Program Files\BoontyGames
2008-05-15 06:00 --------- d-----w C:\Program Files\Java
2008-05-13 20:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 16:44 --------- d-----w C:\Program Files\PopCap Games
2008-05-11 16:13 --------- d-----w C:\Documents and Settings\Application Data\BitDefender
2008-05-10 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 19:35 22,878,192 ----a-w C:\setupfrepro.exe
2008-04-28 18:04 0 ----a-w C:\Program Files\temp01
2008-04-26 17:07 --------- d-----w C:\Program Files\Creative
2008-04-12 16:48 --------- d-----w C:\Program Files\DivX
2008-04-11 18:58 --------- d-----w C:\Program Files\Neuf
2008-04-05 14:34 10,323,664 ----a-w C:\Bejeweled2Setup-fr.exe
2008-04-03 18:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 21:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 21:11 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-02 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 20:47 --------- d-----w C:\Program Files\Alwil Software
2006-08-05 12:50 1,479 -c--a-w C:\Program Files\INSTALL.LOG
2006-08-03 18:22 3,803,646 -c--a-w C:\Program Files\WinZip.zip
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_11.21.16.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 09:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 16:50:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-16 09:17:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-16 16:50:47 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-16 09:17:33 196,608 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-16 16:50:47 212,992 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-16 09:17:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
+ 2008-05-16 16:50:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
- 2008-05-16 09:17:37 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 16:50:47 1,114,112 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-16 08:42:01 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-16 12:34:23 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-16 08:42:01 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-16 12:34:23 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-16 08:42:01 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-16 12:34:23 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-16 08:42:01 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 12:34:23 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 16:50:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_634.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF301E3B-DB44-4197-8578-DC253BF412C5}]
2008-05-16 14:40 317824 --a------ C:\WINDOWS\system32\nnnkHwXn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"TaskTray"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 01:00 163840]
"TaskBar"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 01:00 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-27 21:16 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"Logitech Desktop Messenger"="C:\Program Files\Logitech\Desktop Messenger\8876480\Users\NewVersion\setup-8876480.exe" [2007-03-27 20:55 481992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-03 20:44 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-22 10:11 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvu]
pmnnKDvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.enc"= ITIG726.acm
"wave8"= audpci40.dll
"midi6"= audpci40.dll
"mixer8"= audpci40.dll
"aux4"= audpci40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwr77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wmw52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\assimilation.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\server.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 wmw52;wmw52;C:\WINDOWS\system32\Drivers\Wmw52.sys [2008-05-16 18:50]
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-12 18:36]
R1 eapci40;ENSONIQ AudioPCI;C:\WINDOWS\system32\drivers\eapci40.SYS [1998-08-31 02:31]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 KeyP;KeyP;C:\WINDOWS\system32\Drivers\KeyP.sys [2002-09-25 15:58]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 20:19]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys [2008-05-16 18:50]
S0 fwr77;fwr77;C:\WINDOWS\system32\Drivers\Fwr77.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-06 22:11]

*Newly Created Service* - TCPSR
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 18:51:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???????L&2???9~??9~????????\???\???????????U?9~??9~\???\?????????`??????C@?\???\??????s????\??????s\???0&2?A??s0&2??C@?x???`|?w\?????@

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\WinNt32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\DOCUME~1\RUIMAR~1\LOCALS~1\temp\bwgo0000f1c2.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 18:54:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 16:53:56
ComboFix2.txt 2008-05-16 12:34:37
ComboFix3.txt 2008-05-16 09:22:14

Pre-Run: 1,403,768,832 octets libres
Post-Run: 1,407,270,912 octets libres

271 --- E O F --- 2008-05-15 07:58:26


rapport 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:45, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\DOCUME~1\RUIMAR~1\LOCALS~1\Temp\bwgo0000f1c2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF301E3B-DB44-4197-8578-DC253BF412C5} - C:\WINDOWS\system32\nnnkHwXn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\RUI MARQUES\NewVersion\setup-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?54276ee545f140c5a11f9bd0c2c2e9b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?54276ee545f140c5a11f9bd0c2c2e9b
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.ea.com/ea-studios/popcap
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmnnKDvu - pmnnKDvu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

rapport combo

ComboFix 08-05-15.2 - 2008-05-16 19:30:28.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.146 [GMT 2:00]
Endroit: C:\Documents and Settings\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\nnnkHwXn.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\nnnkHwXn.dll
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TCPSR
-------\Service_tcpsr


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 19:33 . 2008-05-16 19:33 12,288 --a------ C:\WINDOWS\system32\WinNt32.dl_
2008-05-16 14:41 . 2008-05-16 14:41 91,776 --a------ C:\WINDOWS\system32\ukagnvln.dll
2008-05-16 10:12 . 2008-05-16 10:12 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-05-16 10:04 . 2008-05-16 10:09 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-05-16 09:57 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-16 09:57 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-16 09:57 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-16 09:57 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-16 09:57 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-16 09:57 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-16 09:57 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-16 09:57 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-16 09:57 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-15 18:30 . 2006-04-14 15:46 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-15 18:30 . 2006-04-14 15:27 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-15 18:30 . 2008-05-15 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-15 18:30 . 2006-04-14 15:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-15 18:30 . 2008-05-15 18:30 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-15 18:30 . 2008-05-16 11:05 1,024 --ah----- C:\Documents and Settings\Administrateur\NTUSER.dat.LOG
2008-05-15 17:42 . 2008-05-15 18:53 2,426 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 17:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 17:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 17:41 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 17:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 17:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 17:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 17:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-15 17:16 . 2008-05-15 17:23 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-05-15 08:58 . 2008-05-15 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-15 08:33 . 2008-05-15 08:33 <REP> d-------- C:\Program Files\Trend Micro
2008-05-11 18:35 . 2008-05-12 08:00 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 18:11 . 2008-05-11 18:11 <REP> d-------- C:\Program Files\BitDefender
2008-05-11 18:11 . 2008-05-11 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 18:09 . 2008-05-12 08:09 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-11 12:32 . 2008-05-16 18:44 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 10:01 . 2008-05-15 17:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-11 10:01 . 2008-05-11 10:01 80,384 --a------ C:\mltaxc.exe
2008-05-11 10:01 . 2008-05-16 19:33 27,136 --a------ C:\WINDOWS\system32\drivers\Wmw52.sys
2008-05-11 10:01 . 2008-05-11 10:01 2 --a------ C:\-331662263
2008-05-11 10:01 . 2008-05-11 10:01 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 16:05 . 2008-05-10 16:05 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 19:06 . 2008-04-26 19:06 <REP> d-------- C:\Documents and Settings\WINDOWS
2008-04-26 19:06 . 1996-02-08 10:54 284,160 --a------ C:\WINDOWS\unin040c.exe
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-04-26 18:36 . 2004-08-03 22:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a------ C:\WINDOWS\system32\drivers\es1370mp.sys
2008-04-26 18:35 . 2001-08-17 20:19 37,120 --a--c--- C:\WINDOWS\system32\dllcache\es1370mp.sys
2008-04-25 21:41 . 2008-04-25 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-24 20:52 . 2008-04-24 20:53 <REP> d-------- C:\Program Files\Mio Technology
2008-04-20 15:54 . 2008-04-20 15:54 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-20 11:19 . 2008-05-10 15:44 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-19 21:22 . 2008-04-19 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-19 20:43 . 2008-04-19 20:43 <REP> d-------- C:\Program Files\Fichiers communs\LightScribe
2008-04-19 20:42 . 2008-04-26 19:19 <REP> d-------- C:\Documents and Settings\Application Data\Ahead
2008-04-19 20:40 . 2008-04-19 20:40 <REP> d-------- C:\Program Files\Nero
2008-04-19 20:40 . 2008-05-10 15:50 <REP> d-------- C:\Program Files\Fichiers communs\Ahead

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-15 06:01 --------- d-----w C:\Program Files\BoontyGames
2008-05-15 06:00 --------- d-----w C:\Program Files\Java
2008-05-13 20:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 16:44 --------- d-----w C:\Program Files\PopCap Games
2008-05-11 16:13 --------- d-----w C:\Documents and Settings\RUI MARQUES\Application Data\BitDefender
2008-05-10 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 19:35 22,878,192 ----a-w C:\setupfrepro.exe
2008-04-28 18:04 0 ----a-w C:\Program Files\temp01
2008-04-26 17:07 --------- d-----w C:\Program Files\Creative
2008-04-12 16:48 --------- d-----w C:\Program Files\DivX
2008-04-11 18:58 --------- d-----w C:\Program Files\Neuf
2008-04-05 14:34 10,323,664 ----a-w C:\Bejeweled2Setup-fr.exe
2008-04-03 18:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-02 21:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 21:11 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-02 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 20:47 --------- d-----w C:\Program Files\Alwil Software
2006-08-05 12:50 1,479 -c--a-w C:\Program Files\INSTALL.LOG
2006-08-03 18:22 3,803,646 -c--a-w C:\Program Files\WinZip.zip
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_11.21.16.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 09:16:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 17:33:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-16 09:17:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-16 17:33:34 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-16 09:17:33 196,608 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-05-16 17:33:34 212,992 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-05-16 09:17:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
+ 2008-05-16 17:33:39 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051620080517\index.dat
- 2008-05-16 09:17:37 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 17:33:34 1,114,112 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-16 08:42:01 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-16 16:55:07 53,744 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-16 08:42:01 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-05-16 16:55:07 64,732 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-05-16 08:42:01 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-16 16:55:07 383,390 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-16 08:42:01 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 16:55:07 448,190 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-05-16 17:33:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"TaskTray"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 01:00 163840]
"TaskBar"="C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 01:00 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-27 21:16 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"Logitech Desktop Messenger"="C:\Program Files\Logitech\Desktop Messenger\8876480\Users\RUI MARQUES\NewVersion\setup-8876480.exe" [2007-03-27 20:55 481992]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-03 20:44 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-03 21:10 339968]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-22 10:11 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"combofix"="C:\WINDOWS\system32\CF7529.exe" [2004-08-05 14:00 400896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnKDvu]
pmnnKDvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"msacm.enc"= ITIG726.acm
"wave8"= audpci40.dll
"midi6"= audpci40.dll
"mixer8"= audpci40.dll
"aux4"= audpci40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fwr77.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wmw52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\assimilation.exe"=
"C:\\Program Files\\BoontyGames\\Assimilation\\server.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 wmw52;wmw52;C:\WINDOWS\system32\Drivers\Wmw52.sys [2008-05-16 19:33]
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-05-12 18:36]
R1 eapci40;ENSONIQ AudioPCI;C:\WINDOWS\system32\drivers\eapci40.SYS [1998-08-31 02:31]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 KeyP;KeyP;C:\WINDOWS\system32\Drivers\KeyP.sys [2002-09-25 15:58]
R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 20:19]
R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 21:16]
R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys []
S0 fwr77;fwr77;C:\WINDOWS\system32\Drivers\Fwr77.sys []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-06 22:11]

*Newly Created Service* - TCPSR
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 19:34:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???|???L&2???9~??9~|???????\???\???????????U?9~??9~\???\????????Ha??????C@?\???\??????s|???\??????s\???0&2?A??s0&2??C@?x???`|?w\?????@

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\WinNt32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\RUIMAR~1\LOCALS~1\temp\bwgo0000e7b0.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Toolbar Suite\SL\[u]0[/u]2.05.0001.1119\fr-fr\msn_sl.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-16 19:36:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 17:36:30
ComboFix2.txt 2008-05-16 16:54:03
ComboFix3.txt 2008-05-16 12:34:37
ComboFix4.txt 2008-05-16 09:22:14

Pre-Run: 1,381,658,624 octets libres
Post-Run: 1,385,467,904 octets libres

245 --- E O F --- 2008-05-15 07:58:26

rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:51, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\DOCUME~1\RUIMAR~1\LOCALS~1\Temp\bwgo0000e7b0.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\RUI MARQUES\NewVersion\setup-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?54276ee545f140c5a11f9bd0c2c2e9b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?54276ee545f140c5a11f9bd0c2c2e9b
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.ea.com/ea-studios/popcap
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmnnKDvu - pmnnKDvu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

merci
mais j'ai du faire une erreur car depuis que j'ai telechargé SPYBOT et fait un scan je n'arrive plus à me connecter par l'ADSL cegetel comme avant je suis toujours en travail hors connexion

annule le précédent message il semble que çarefonctionne