Mon ordinateur est infecté, aidez-moi

Bonjour
Voici le rapport.
En ce qui concerne les protections, j'ai toujours eu kerio comme par feu, avg free 7.5 comme antivorus et Ad-Aware SE Personal contre les spyware. Depuis 1 semaine, avg m'a proposé la version d'essai 8.00. Je l'ai téléchargé, kerio a dispau des icônes!! Je me sers d'avg aussi comme par feu.
Je vais changer et installer comodo et antiir.

Voici le rapport
Search Navipromo version 3.5.7 commencé le 27/05/2008 à 8:17:58,37

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Manue Blanc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !
C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-1EE9EDEF.pf trouvé !
C:\WINDOWS\prefetch\INTERNETGAMEBOX_SETUP[1].EXE-10445780.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" :

rwofphaqfa.dat trouvé !
rwofphaqfa_nav.dat trouvé !
rwofphaqfa_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 27/05/2008 à 8:24:34,09 ***

Excuse pas fait attention au non du logiciel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:50, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Comodo\Css\cssurf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GEOGRAPHIE\EUROPE\europe.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?product=ssearch&src_id=370&client_id=B07FFF9001C81B190519E67C&version=4.5.6.0&it=1193765041&loc=&qry=&url=http://www.google.fr/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A376F4DB-C229-4423-A16A-0D5D94C58CF0}: NameServer = 212.27.32.5,213.228.0.168
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Comodo\Css\cssdll32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe

BTFix 1.098 (par bibi26) - 30/05/2008 22:13:55 - Analyse
Lancé depuis C:\Documents and Settings\Manue Blanc\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\AskSBar\
- C:\Documents and Settings\Manue Blanc\Application Data\Starware370\
- C:\Documents and Settings\All Users\Application Data\Starware370\

---> Analyse terminée le 30/05/2008 22:14:00

De quel type de virus mon ordi est infecté, est-ce que c'est 1 trojan, 1 spyware?
Est-ce qu'il y avait réelement beaucoup d'infection. Tout fonctionne bien, ce qui m'a interpelé c qu'il rame et ces fenêtres de pub intempestives.
En tout cas merci pour ton aide

Bonjour
Je te remercie je ne reçois plus de pub;
Par contre j'ai fais la désinfection par navi en ayant oublié de désactiver les points de restauration du système. J'espère que cela n'a pas empêché la complète désinfection.

voici le rapport de désinfection
Clean Navipromo version 3.5.7 commencé le 27/05/2008 à 22:45:07,42

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Manue Blanc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Manue Blanc\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Manue Blanc\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !
C:\WINDOWS\INTERNETGAMEBOX.EXE-1EE9EDEF.pf supprimé !
C:\WINDOWS\INTERNETGAMEBOX_SETUP[1].EXE-10445780.pf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Manue Blanc\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" *

rwofphaqfa.dat trouvé !
Copie rwofphaqfa.dat réalisée avec succès !
rwofphaqfa.dat supprimé !

rwofphaqfa_nav.dat trouvé !
Copie rwofphaqfa_nav.dat réalisée avec succès !
rwofphaqfa_nav.dat supprimé !

rwofphaqfa_navps.dat trouvé !
Copie rwofphaqfa_navps.dat réalisée avec succès !
rwofphaqfa_navps.dat supprimé !

rwofphaqfa.exe trouvé !
Copie rwofphaqfa.exe réalisée avec succès !
rwofphaqfa.exe supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 27/05/2008 à 22:49:15,26 ***



Voici le rapport d'antivir après le nettoyage de Navi
Il a détecté le fichier navi comme 1 fichier dangereux !!!!
D:\Downloads\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.94


Avira AntiVir Personal
Report file date: jeudi 29 mai 2008 12:00

Scanning for 1295771 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MANUE

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 19:14:22
ANTIVIR3.VDF : 7.0.4.108 284672 Bytes 28/05/2008 19:12:36
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 27/05/2008 19:14:34
AESCN.DLL : 8.1.0.18 119156 Bytes 27/05/2008 19:14:33
AERDL.DLL : 8.1.0.20 418165 Bytes 27/05/2008 19:14:32
AEPACK.DLL : 8.1.1.5 364918 Bytes 27/05/2008 19:14:31
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/05/2008 19:14:29
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 27/05/2008 19:14:28
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/05/2008 19:14:26
AEGEN.DLL : 8.1.0.21 303477 Bytes 27/05/2008 19:14:26
AEEMU.DLL : 8.1.0.6 430451 Bytes 27/05/2008 19:14:25
AECORE.DLL : 8.1.0.29 168311 Bytes 27/05/2008 19:14:23
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: medium
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: jeudi 29 mai 2008 12:00

Starting search for hidden objects.
'47184' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'fdm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Begin scan in 'C:\' <Disque local>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\TightVNC\WinVNC.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd6989.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <divers>
D:\archive programme\nero\Nero_Burning_ROM_6.6.0.8_MultiLang_incl_KeyGen.rar
[0] Archive type: RAR
--> Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/00233
[NOTE] The file was moved to '48ae6cc8.qua'!
<gras>D:\Downloads\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.94
[WARNING] The file was ignored!

End of the scan: jeudi 29 mai 2008 17:34
Used time: 5:34:57 min

The scan has been done completely.

6301 Scanning directories
220193 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
33 Files cannot be scanned
220191 Files not concerned
1690 Archives were scanned
33 Warnings
2 Notes
47184 Objects were scanned with rootkit scan
0 Hidden objects were found

Search Navipromo version 3.5.7 commencé le 30/05/2008 à 20:40:24,18

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Manue Blanc"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Manue Blanc\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Manue Blanc\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 30/05/2008 à 20:46:31,03 ***

ok pour répondre dans l'ordre des posts, je ne suis pas habituée à répondre dans ce forum.

J'ai cru avoir désinstallé AVG et KERIO, apparamment ca a foiré,
je ne trouvé pas AVG dans "ajout/suppressions de logiciel" ,
impossible de désinstaller kerio car il ne trouve pas 1 fichier kerio personal firewal.msi

Salut

ComboFix 08-06-03.1 - Manue Blanc 2008-06-04 9:17:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.158 [GMT 2:00]
Endroit: D:\Downloads\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Manue Blanc\ResErrors.log
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\setup.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 09:14 . 2008-06-04 09:14 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-06-03 08:49 . 2008-06-03 21:09 <REP> d-------- C:\Documents and Settings\internet\Contacts
2008-06-02 22:41 . 2008-06-02 22:41 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\Malwarebytes
2008-06-02 22:38 . 2008-06-02 22:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 22:38 . 2008-06-02 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 22:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 22:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 20:36 . 2008-06-02 20:36 <REP> d-------- C:\Program Files\Sun
2008-06-02 20:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 09:41 . 2008-06-02 09:41 370,792 --a------ C:\WINDOWS\system32\perfh040.dat
2008-06-02 09:41 . 2008-06-02 09:41 49,642 --a------ C:\WINDOWS\system32\perfc040.dat
2008-06-01 22:37 . 2003-09-22 15:01 11,520 --------- C:\WINDOWS\system32\drivers\WDMSTUB.sys
2008-06-01 22:36 . 2000-08-04 14:25 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2008-05-31 00:01 . 2008-05-31 00:01 <REP> d-------- C:\Documents and Settings\internet\Application Data\Talkback
2008-05-30 22:51 . 2008-05-30 22:51 <REP> d-------- C:\Documents and Settings\internet\Application Data\Comodo
2008-05-30 22:50 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\internet\Voisinage réseau
2008-05-30 22:50 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\internet\Voisinage d'impression
2008-05-30 22:50 . 2005-10-29 00:25 <REP> d--h----- C:\Documents and Settings\internet\Modèles
2008-05-30 22:50 . 2008-06-03 08:49 <REP> dr------- C:\Documents and Settings\internet\Mes documents
2008-05-30 22:50 . 2005-10-29 07:18 <REP> dr------- C:\Documents and Settings\internet\Menu Démarrer
2008-05-30 22:50 . 2008-05-30 22:51 <REP> dr------- C:\Documents and Settings\internet\Favoris
2008-05-30 22:50 . 2008-05-31 00:03 <REP> d-------- C:\Documents and Settings\internet\Bureau
2008-05-30 22:50 . 2008-06-04 08:57 <REP> d-------- C:\Documents and Settings\internet
2008-05-27 21:11 . 2008-05-27 21:11 <REP> d-------- C:\Program Files\Avira
2008-05-27 21:11 . 2008-05-27 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 11:06 . 2008-05-27 11:11 <REP> d-------- C:\Program Files\COMODO
2008-05-27 11:06 . 2008-05-27 11:06 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\Comodo
2008-05-27 11:06 . 2008-05-27 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 11:06 . 2008-05-27 11:06 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 11:06 . 2008-05-27 11:06 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 11:06 . 2008-05-27 11:06 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 10:58 . 2008-05-27 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-27 08:16 . 2008-05-30 20:46 <REP> d-------- C:\Program Files\Navilog1
2008-05-26 20:00 . 2008-05-26 20:00 <REP> d-------- C:\Program Files\Garmin
2008-05-26 19:09 . 2008-05-26 19:09 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-05-26 19:08 . 2008-05-26 19:08 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\GARMIN
2008-05-26 19:02 . 2008-06-01 23:16 <REP> d-------- C:\Garmin
2008-05-26 19:02 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-05-26 19:02 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-05-26 17:38 . 2008-05-26 17:38 <REP> d-------- C:\Program Files\Trend Micro
2008-05-26 15:41 . 2008-05-26 17:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-26 13:05 . 2008-05-26 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-26 11:12 . 2005-10-29 00:25 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-26 11:12 . 2005-10-29 07:18 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-26 11:12 . 2008-05-26 13:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-26 11:12 . 2008-06-02 10:41 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-24 18:40 . 2008-05-27 09:56 <REP> d--h----- C:\$AVG8.VAULT$
2008-05-24 18:22 . 2008-05-24 18:22 <REP> d-------- C:\Program Files\AVG
2008-05-24 18:22 . 2008-05-25 11:44 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR
2008-05-22 22:46 . 2008-05-22 22:46 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\Grisoft
2008-05-21 22:16 . 2008-05-27 09:30 <REP> d-------- C:\Program Files\Panda Security
2008-05-20 00:38 . 2008-05-20 00:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 00:38 . 2008-05-20 00:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 00:37 . 2008-05-20 00:37 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-20 00:37 . 2008-05-20 00:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-19 22:52 . 2008-05-19 22:52 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-19 10:27 . 2008-05-19 10:27 268 --ah----- C:\sqmdata12.sqm
2008-05-19 10:27 . 2008-05-19 10:27 244 --ah----- C:\sqmnoopt12.sqm
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-09 09:43 . 2008-05-09 09:43 <REP> d-------- C:\Program Files\WinLemm
2008-05-08 09:45 . 2008-05-08 09:45 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\PlayFirst
2008-05-08 09:45 . 2008-05-08 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-08 09:35 . 2008-05-08 20:48 <REP> d-------- C:\My Games
2008-05-08 09:35 . 2008-05-08 09:35 <REP> d-------- C:\My Download Files
2008-05-08 09:33 . 2008-05-08 09:32 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-05-04 01:03 . 2008-05-04 01:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 07:19 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\Free Download Manager
2008-06-03 20:26 --------- d-----w C:\Program Files\Wanadoo
2008-06-02 18:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 18:36 --------- d-----w C:\Program Files\Java
2008-06-02 18:36 --------- d-----w C:\Program Files\ArcSoft
2008-06-02 18:34 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\Lavasoft
2008-05-27 20:53 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-27 20:53 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\AdobeUM
2008-05-27 19:02 --------- d-----w C:\Program Files\eMule
2008-05-27 09:05 --------- d-----w C:\Program Files\Kerio
2008-05-26 13:31 --------- d-----w C:\Program Files\CCleaner
2008-05-25 21:17 --------- d-----w C:\Program Files\Multi_Media_France
2008-05-25 21:07 --------- d-----w C:\Program Files\DivX
2008-05-24 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-19 22:38 --------- d-----w C:\Program Files\QuickTime
2008-05-19 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-18 20:50 --------- d-----w C:\Program Files\Google
2008-05-18 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-18 19:13 --------- d-----w C:\Program Files\Yahoo!
2008-05-08 07:32 --------- d-----w C:\Program Files\Real
2008-05-08 07:31 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-07 07:22 --------- d-----w C:\Program Files\Winamp
2008-05-03 09:08 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-04 20:59 5,681 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 18:23 724,992 ----a-w C:\WINDOWS\iun6002.exe
2005-12-03 15:38 56 --sh--r C:\WINDOWS\system32\8C7386C57F.sys
2005-12-03 15:38 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-16 00:00 2089007]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 14:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2003-08-01 19:28 474624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 16:16 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:32 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 11:07 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"MSACM.MI-SC4"= MI-SC4.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\system32\drivers\MrFilter.sys [2003-03-26 20:17]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-27 11:06]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-27 11:06]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys []
S1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys []
S2 Ca533av;Dual Mode Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 09:07]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 10:51]
S3 USBCamera;Dual Mode Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-12-04 14:38]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-24 19:23:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 07:00:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{62FE1AF9-67F8-4EFE-AF82-39D8D2A5D0DE}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 09:19:37
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-04 9:22:33
ComboFix-quarantined-files.txt 2008-06-04 07:21:37

Pre-Run: 12,332,052,480 octets libres
Post-Run: 12,426,113,024 octets libres

215 --- E O F --- 2008-06-01 21:09:40

Salut
ComboFix 08-06-03.1 - Manue Blanc 2008-06-04 22:40:42.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.200 [GMT 2:00]
Endroit: D:\Downloads\ComboFix.exe
Command switches used :: D:\Downloads\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\drivers\fwdrv.sys
C:\WINDOWS\system32\drivers\khips.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\avglinks.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\avglogo.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\avgstatus.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\avgstatus_error.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\brandlogo.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\COMBOSEARCH.acs
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\p_yahoo.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesearch.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesearch_off.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesearch_on.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesurf.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesurf_off.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\safesurf_on.bmp
C:\Documents and Settings\Manue Blanc\Application Data\AVGTOOLBAR\slider.bmp
C:\Documents and Settings\Manue Blanc\Application Data\Grisoft
C:\Documents and Settings\Manue Blanc\Application Data\Grisoft\AVG Antispyware 7.5\Reports\Report-Scan-20080522-234727.txt
C:\PROGRA~1\Grisoft
C:\PROGRA~1\Grisoft\AVG Free\avgupd(2)(2)(2).dll
C:\Program Files\AVG
C:\Program Files\AVG\AVG8\aAvgApi.exe.install_backup
C:\Program Files\AVG\AVG8\avgas8fr.chm.install_backup
C:\Program Files\AVG\AVG8\avgas8us.chm.install_backup
C:\Program Files\AVG\AVG8\avgcmgr.exe.install_backup
C:\Program Files\AVG\AVG8\avgemc.exe.install_backup
C:\Program Files\AVG\AVG8\avgoff2k.dll.install_backup
C:\Program Files\AVG\AVG8\avgpp.dll.install_backup
C:\Program Files\AVG\AVG8\avgspmui.dll.install_backup
C:\Program Files\AVG\AVG8\avgssie.dll.install_backup
C:\Program Files\AVG\AVG8\avgtbapi.dll.install_backup
C:\Program Files\AVG\AVG8\avgtbas.tbp.install_backup
C:\Program Files\AVG\AVG8\avgtoolbar.dll.install_backup
C:\Program Files\AVG\AVG8\avgwebui.dll.install_backup
C:\Program Files\AVG\AVG8\avgxch32.dll.install_backup
C:\Program Files\AVG\AVG8\buylnk.dat.install_backup
C:\Program Files\AVG\AVG8\Firefox\chrome.manifest.install_backup
C:\Program Files\AVG\AVG8\Firefox\Chrome\searchshield.jar.install_backup
C:\Program Files\AVG\AVG8\Firefox\Components\avgssff.dll.install_backup
C:\Program Files\AVG\AVG8\Firefox\Components\ISearchShield.xpt.install_backup
C:\Program Files\AVG\AVG8\Firefox\install.rdf.install_backup
C:\Program Files\AVG\AVG8\Icons\background_middle_gray.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_middle_green.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_middle_orange.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_middle_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_middle_yellow.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_top_gray.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_top_green.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_top_orange.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_top_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\background_top_yellow.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\block-doc.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\blocked.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_bottom_gray.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_bottom_green.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_bottom_orange.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_bottom_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_bottom_yellow.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_top_gray.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_top_green.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_top_orange.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_top_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\border_top_yellow.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\box_bottom_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\box_top_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\caution.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\click_here_gray.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\click_here_green.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\click_here_orange.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\click_here_red.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\click_here_yellow.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\clock.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\close.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_blocked.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_caution.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_close.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_safe.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_unknown.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\icons_warning.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\LS_Logo_Results.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\safe.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\unknown.gif.install_backup
C:\Program Files\AVG\AVG8\Icons\warning.gif.install_backup
C:\Program Files\AVG\AVG8\libsasl.dll.install_backup
C:\Program Files\AVG\AVG8\saslcrammd5.dll.install_backup
C:\Program Files\AVG\AVG8\sasldigestmd5.dll.install_backup
C:\Program Files\AVG\AVG8\sasllogin.dll.install_backup
C:\Program Files\AVG\AVG8\saslplain.dll.install_backup
C:\Program Files\AVG\AVG8\Scripts\class.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Dictionary\english.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Dictionary\french.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Dictionary\portuguese.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Dictionary\spanish.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Dictionary\swedish.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\Kernel.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\Account.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\NotificationConnection.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\NotificationConnection13.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\PendingConnection.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\SwitchBoardConnection.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\MSN\SwitchBoardConnection13.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\Protocol.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\SocketQ.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\IM\utility.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\imcontrol.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Logging\console.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Logging\file.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Logging\localized.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Logging\logging.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\Logging\null.bin.install_backup
C:\Program Files\AVG\AVG8\Scripts\soaptest.bin.install_backup
C:\Program Files\AVG\AVG8\setup.cfg.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\chrome.manifest.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\avg.jar.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay.dtd.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay.xml.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\overlay_noavg.xml.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\quicksearch.xml.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\update.xml.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Chrome\Cache\yahoo.xml.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\dtfox-autocomplete.js.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\dtfox-service.js.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmAVGConnector.dll.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmIAVGConnector.xpt.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmIAVGDatabaseVersion.xpt.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmIAVGProgramVersion.xpt.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmIAVGSearchRatingsConfig.xpt.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\Components\vmIAVGSurfResult.xpt.install_backup
C:\Program Files\AVG\AVG8\ToolbarFF\install.rdf.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\avglinks.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\avglogo.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesearch.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesurf.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp.install_backup
C:\Program Files\AVG\AVG8\ToolbarIEcache\slider.bmp.install_backup
C:\Program Files\AVG\AVG8\updatecomps.cfg.install_backup
C:\Program Files\Kerio
C:\Program Files\Panda Security

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FWDRV
-------\Legacy_KHIPS
-------\Service_fwdrv
-------\Service_khips


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 10:23 . 2008-06-04 10:24 <REP> d-------- C:\jeux
2008-06-04 09:14 . 2008-06-04 09:14 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-06-03 08:49 . 2008-06-03 21:09 <REP> d-------- C:\Documents and Settings\internet\Contacts
2008-06-02 22:41 . 2008-06-02 22:41 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\Malwarebytes
2008-06-02 22:38 . 2008-06-02 22:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 22:38 . 2008-06-02 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 22:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 22:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-02 20:36 . 2008-06-02 20:36 <REP> d-------- C:\Program Files\Sun
2008-06-02 20:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 09:41 . 2008-06-02 09:41 370,792 --a------ C:\WINDOWS\system32\perfh040.dat
2008-06-02 09:41 . 2008-06-02 09:41 49,642 --a------ C:\WINDOWS\system32\perfc040.dat
2008-06-01 22:37 . 2003-09-22 15:01 11,520 --------- C:\WINDOWS\system32\drivers\WDMSTUB.sys
2008-06-01 22:36 . 2000-08-04 14:25 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2008-05-31 00:01 . 2008-05-31 00:01 <REP> d-------- C:\Documents and Settings\internet\Application Data\Talkback
2008-05-30 22:51 . 2008-05-30 22:51 <REP> d-------- C:\Documents and Settings\internet\Application Data\Comodo
2008-05-30 22:50 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\internet\Voisinage r‚seau
2008-05-30 22:50 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\internet\Voisinage d'impression
2008-05-30 22:50 . 2005-10-29 00:25 <REP> d--h----- C:\Documents and Settings\internet\ModŠles
2008-05-30 22:50 . 2008-06-03 08:49 <REP> dr------- C:\Documents and Settings\internet\Mes documents
2008-05-30 22:50 . 2005-10-29 07:18 <REP> dr------- C:\Documents and Settings\internet\Menu D‚marrer
2008-05-30 22:50 . 2008-05-30 22:51 <REP> dr------- C:\Documents and Settings\internet\Favoris
2008-05-30 22:50 . 2008-05-31 00:03 <REP> d-------- C:\Documents and Settings\internet\Bureau
2008-05-30 22:50 . 2008-06-04 08:57 <REP> d-------- C:\Documents and Settings\internet
2008-05-27 21:11 . 2008-05-27 21:11 <REP> d-------- C:\Program Files\Avira
2008-05-27 21:11 . 2008-05-27 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 11:06 . 2008-05-27 11:11 <REP> d-------- C:\Program Files\COMODO
2008-05-27 11:06 . 2008-05-27 11:06 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\Comodo
2008-05-27 11:06 . 2008-05-27 11:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-27 11:06 . 2008-05-27 11:06 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-27 11:06 . 2008-05-27 11:06 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-27 11:06 . 2008-05-27 11:06 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-27 08:16 . 2008-05-30 20:46 <REP> d-------- C:\Program Files\Navilog1
2008-05-26 20:00 . 2008-05-26 20:00 <REP> d-------- C:\Program Files\Garmin
2008-05-26 19:09 . 2008-05-26 19:09 <REP> d-------- C:\Program Files\Garmin GPS Plugin
2008-05-26 19:08 . 2008-05-26 19:08 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\GARMIN
2008-05-26 19:02 . 2008-06-01 23:16 <REP> d-------- C:\Garmin
2008-05-26 19:02 . 2007-03-08 17:18 18,432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2008-05-26 19:02 . 2007-03-08 17:18 8,320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2008-05-26 17:38 . 2008-05-26 17:38 <REP> d-------- C:\Program Files\Trend Micro
2008-05-26 15:41 . 2008-05-26 17:14 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-26 13:05 . 2008-05-26 13:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-26 11:12 . 2005-10-29 00:25 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-26 11:12 . 2005-10-29 07:18 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-05-26 11:12 . 2005-10-29 07:18 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-26 11:12 . 2008-05-26 13:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-26 11:12 . 2008-06-02 10:41 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-24 18:40 . 2008-05-27 09:56 <REP> d--h----- C:\$AVG8.VAULT$
2008-05-20 00:38 . 2008-05-20 00:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 00:38 . 2008-05-20 00:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 00:37 . 2008-05-20 00:37 <REP> d-------- C:\Program Files\Apple Software Update
2008-05-20 00:37 . 2008-05-20 00:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-19 22:52 . 2008-05-19 22:52 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-19 10:27 . 2008-05-19 10:27 268 --ah----- C:\sqmdata12.sqm
2008-05-19 10:27 . 2008-05-19 10:27 244 --ah----- C:\sqmnoopt12.sqm
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-09 09:43 . 2008-05-09 09:43 <REP> d-------- C:\Program Files\WinLemm
2008-05-08 09:45 . 2008-05-08 09:45 <REP> d-------- C:\Documents and Settings\Manue Blanc\Application Data\PlayFirst
2008-05-08 09:45 . 2008-05-08 09:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-08 09:33 . 2008-05-08 09:32 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-05-04 01:03 . 2008-05-04 01:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 21:01 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\Free Download Manager
2008-06-04 08:29 --------- d-----w C:\Program Files\eMule
2008-06-03 20:26 --------- d-----w C:\Program Files\Wanadoo
2008-06-02 18:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 18:36 --------- d-----w C:\Program Files\Java
2008-06-02 18:36 --------- d-----w C:\Program Files\ArcSoft
2008-06-02 18:34 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\Lavasoft
2008-05-27 20:53 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-27 20:53 --------- d-----w C:\Documents and Settings\Manue Blanc\Application Data\AdobeUM
2008-05-26 13:31 --------- d-----w C:\Program Files\CCleaner
2008-05-25 21:17 --------- d-----w C:\Program Files\Multi_Media_France
2008-05-25 21:07 --------- d-----w C:\Program Files\DivX
2008-05-19 22:38 --------- d-----w C:\Program Files\QuickTime
2008-05-19 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-18 20:50 --------- d-----w C:\Program Files\Google
2008-05-18 20:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-05-18 19:13 --------- d-----w C:\Program Files\Yahoo!
2008-05-08 07:32 --------- d-----w C:\Program Files\Real
2008-05-08 07:31 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-07 07:22 --------- d-----w C:\Program Files\Winamp
2008-05-03 09:08 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-04 20:59 5,681 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 18:23 724,992 ----a-w C:\WINDOWS\iun6002.exe
2005-12-03 15:38 56 --sh--r C:\WINDOWS\system32\8C7386C57F.sys
2005-12-03 15:38 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2001-08-28 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe

2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-20 01:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2001-08-28 14:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll

2005-09-03 02:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-10-21 05:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 13:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-19 17:23 669696 1bde6d5dba35797eca8db8fcb80fc015 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-11 01:22 825344 871ae10d6ae8877e9636ae5017953d52 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-07 03:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2005-06-18 00:26 580608 f9fe3d6849bebe3914c7cf89f260408f C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2007-08-22 15:13 663040 18048557aa56de4b1955fdf7a21f9b24 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-11 01:49 824832 bc5119c53bdd48dabc628d448a3bdccb C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-07 04:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2004-08-20 01:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-08-20 11:59 824832 f6dfceed3a7aa4c9eeb966d3f1adc70a C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2GDR\wininet.dll
2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\SoftwareDistribution\Download\36e241a7c6880a9ebdbe78b98d36306d\SP2QFE\wininet.dll
2007-04-18 14:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\system32\wininet.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 C:\WINDOWS\system32\dllcache\wininet.dll

2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-05-25 21:41 339968 228b0385bbfca24332fa22db45a8b684 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 08:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2005-10-29 10:55 520704 77aac90047a79367f4c72e9f147fe736 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe

2002-08-29 11:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-04_ 9.21.16,73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 06:46:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:44:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-16 00:00 2089007]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 14:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [2003-08-01 19:28 474624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"css"="C:\Program Files\Comodo\Css\cssurf.exe" [2008-05-22 16:16 188160]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-30 23:32 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-03 11:07 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"MSACM.MI-SC4"= MI-SC4.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-24 19:23:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 07:00:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{62FE1AF9-67F8-4EFE-AF82-39D8D2A5D0DE}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:59:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 0:17:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 22:17:16
ComboFix2.txt 2008-06-04 07:22:34

Pre-Run: 12,405,313,536 octets libres
Post-Run: 12,337,250,304 octets libres

416 --- E O F --- 2008-06-01 21:09:40




HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:08, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Comodo\Css\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A376F4DB-C229-4423-A16A-0D5D94C58CF0}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe