Infestée par vundo

Finalement lequel doive-je copier/coller ?

Merci de ton aide ! Voila le rapport.

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793

Type de recherche: Examen complet (C:\|)
Eléments examinés: 127475
Temps écoulé: 51 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 60

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\iifgFXRi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\rjgcqirm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\urqNGyvS.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1042281b-9cb1-43fa-9d4d-9c4c4393b2b9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1042281b-9cb1-43fa-9d4d-9c4c4393b2b9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqngyvs (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8a2b038 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMfb9183a4 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifgfxri -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifgfxri -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\iifgFXRi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iRXFgfii.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iRXFgfii.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjgcqirm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mriqcgjr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNGyvS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcARLDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdCuuv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnllJdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoPjHx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\whAgent.inf (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\whInstaller.ini (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareExpert\ase_fr.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmnlIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Voila le nouveau rapport :
28/05/2008 a 23:24:26,15

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\smdat32m.sys FOUND
C:\WINDOWS\browserxtras\ FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
C:\PROGRA~1\PERFEC~1\ FOUND
"C:\Program Files\MediaGateway\" FOUND
"C:\Program Files\PerfectNav\" FOUND
"C:\Program Files\perfectnav\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !

Franchement je te remercie pour toute l'aide que tu m'apportes
Voilà le rapport de clean :
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 29/05/2008 a 0:19:39,85

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\smdat32m.sys
tentative de suppression de C:\WINDOWS\browserxtras\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de C:\PROGRA~1\PERFEC~1\
tentative de suppression de "C:\Program Files\MediaGateway\"
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Et voilà le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:56, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\APPS\OD2\OD2State.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Gernevie\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - (no file)
O2 - BHO: (no name) - {0DE13607-4CF6-48D6-AAD3-38A246EDCF02} - C:\WINDOWS\system32\winshfic.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6453D161-19F3-4389-9015-93ACD1BD021D} - C:\WINDOWS\system32\fccyyAtu.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94BFE20D-6BC2-4F52-AC07-9F5D021846BC} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9D3D250-0FEE-37C8-E2D5-0F0FC6B36394} - C:\DOCUME~1\Gernevie\APPLIC~1\PUREPO~1\DALE SOFT.exe (file missing)
O2 - BHO: (no name) - {C1E844D8-FC9B-4DC9-8021-028CC7B496FB} - C:\WINDOWS\system32\kbdcz132.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Nero Engine] C:\WINDOWS\system32\winnt4sys.exe
O4 - HKLM\..\Run: [PC Health] C:\WINDOWS\system32\win32ntsys.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Nero Engine] C:\WINDOWS\system32\winnt4sys.exe
O4 - HKCU\..\Run: [PC Health] C:\WINDOWS\system32\win32ntsys.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.od2.com
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - https://www.fnacmusic.com/telechargementFnacmusic/FnacComposant.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://singles.sfr.fr/dlm/ax/fireev.2.4.0.0.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Voilà le rapport Btfix

BTFix 1.098 (par bibi26) - 29/05/2008 00:49:14 - Analyse
Lancé depuis C:\Documents and Settings\Gernevie\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\bsplayer_whenusave_installer\

---> Analyse terminée le 29/05/2008 00:49:15
t

Le voilà enfin !

ComboFix 08-05-28.4 - Gernevie 2008-05-29 2:32:03.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.347 [GMT 2:00]
Endroit: C:\Documents and Settings\Gernevie\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gernevie\Application Data\inst.exe
C:\WINDOWS\BMfb9183a4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkftlknn.ini
C:\WINDOWS\system32\bqhbfqga.exe
C:\WINDOWS\system32\cjsgpsrd.ini
C:\WINDOWS\system32\iRXFgfii.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\utAyyccf.ini
C:\WINDOWS\system32\utAyyccf.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 23:35 . 2008-02-12 22:06 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2008-05-28 23:35 . 2008-02-12 22:05 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2008-05-28 23:24 . 2008-05-28 23:24 11,035,303 --a------ C:\upload_moi_SN402327160007.tar.gz
2008-05-28 14:26 . 2008-05-28 14:26 <REP> d-------- C:\VundoFix Backups
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Documents and Settings\Gernevie\Application Data\Malwarebytes
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 11:14 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 11:14 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 00:30 . 2008-05-28 00:30 <REP> d-------- C:\fsaua.data
2008-05-27 11:14 . 2008-05-27 11:14 <REP> d-------- C:\Program Files\Avira
2008-05-27 11:14 . 2008-05-27 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 10:47 . 2008-05-27 10:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-26 00:03 . 2008-05-26 00:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 00:03 . 2008-05-26 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-22 21:58 . 2008-05-22 22:02 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-05-22 21:57 . 2008-05-22 22:01 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-17 09:24 . 2008-05-17 09:24 439,808 --a------ C:\Documents and Settings\Gernevie\GoToAssist_phone__317_fr.exe
2008-05-17 09:06 . 2008-05-17 09:06 <REP> d-------- C:\6a2dde3523c5272da3a41f
2008-05-05 21:26 . 2008-05-05 21:26 <REP> d-------- C:\Documents and Settings\Gernevie\Application Data\Druide
2008-05-05 21:21 . 2008-05-14 12:39 145 --a------ C:\WINDOWS\Antidote.ini
2008-05-05 21:20 . 2008-05-05 21:24 <REP> d-------- C:\Program Files\Druide
2008-05-04 14:03 . 2008-05-04 14:28 <REP> d-------- C:\Program Files\Orange
2008-05-04 14:03 . 2008-05-04 14:03 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-05-04 14:03 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-05-04 14:03 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-05-03 19:43 . 2008-05-03 19:43 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-05-03 19:31 . 2008-05-03 19:43 <REP> d-------- C:\Program Files\Inventel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 00:31 --------- d-----w C:\Documents and Settings\Gernevie\Application Data\Azureus
2008-05-28 22:47 --------- d-----w C:\Program Files\QuickTime
2008-05-28 22:47 --------- d-----w C:\Program Files\HardwareDetection
2008-05-28 09:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-22 19:10 --------- d-----w C:\Program Files\eMule
2008-05-20 07:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-04 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 18:39 --------- d-----w C:\Program Files\ADSL Autoconnect
2008-05-04 12:03 --------- d-----w C:\Program Files\Wanadoo
2008-04-29 20:50 --------- d-----w C:\Program Files\AxBx
2008-04-17 17:03 --------- d-----w C:\Program Files\Azureus
2008-04-04 17:02 --------- d-----w C:\Program Files\MSN Messenger
2008-04-04 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 12:58 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-01 12:58 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-01 12:58 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 12:58 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 12:58 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-01 12:58 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-25 09:43 47,360 -c--a-w C:\Documents and Settings\Gernevie\Application Data\pcouffin.sys
2005-05-08 08:13 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2004-12-20 11:04 56 -csh--r C:\WINDOWS\system32\94F43A3A67.sys
2004-12-20 11:04 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 11:29 913408]
"Nero Engine"="C:\WINDOWS\system32\winnt4sys.exe" [ ]
"PC Health"="C:\WINDOWS\system32\win32ntsys.exe" [ ]
"Sonic RecordNow!"="" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 04:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-08-13 20:17 58488]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-27 15:58 70760]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 16:20 81920]
"DOWNLOAD MANAGER"="C:\APPS\OD2\OD2DLEngine.exe" [2004-06-07 17:03 606208]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-11-07 18:19 95456]
"Nero Engine"="C:\WINDOWS\system32\winnt4sys.exe" [ ]
"PC Health"="C:\WINDOWS\system32\win32ntsys.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
"StarSkin"="C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.exe" [ ]
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 10:00 22528]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fenˆtre d'‚tat de Canon LASER SHOT LBP-1120.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2002-07-30 10:00:00 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\mcoinstall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19168:TCP"= 19168:TCP:*:Disabled:BitComet 19168 TCP
"19168:UDP"= 19168:UDP:*:Disabled:BitComet 19168 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\Gernevie\LOCALS~1\Temp\iMSPQMn.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F81D88C-C298-9935-C5D1-40AA4DB91155}]
C:\WINDOWS\system32\winnt4sys.exe s
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-21 22:00:20 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOfferSilence@16
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 02:34:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-05-29 2:38:00
ComboFix-quarantined-files.txt 2008-05-29 00:36:57

Pre-Run: 29,387,018,240 octets libres
Post-Run: 29,372,870,656 octets libres

178 --- E O F --- 2008-05-20 07:50:08

Voila le rapport combofix :

ComboFix 08-05-28.4 - Gernevie 2008-05-30 0:11:34.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.390 [GMT 2:00]
Endroit: C:\Documents and Settings\Gernevie\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gernevie\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\6a2dde3523c5272da3a41f
C:\Documents and Settings\Gernevie\GoToAssist_phone__317_fr.exe
C:\WINDOWS\system32\94F43A3A67.sys
C:\WINDOWS\system32\win32ntsys.exe
C:\WINDOWS\system32\winnt4sys.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gernevie\GoToAssist_phone__317_fr.exe
C:\VundoFix Backups
C:\WINDOWS\system32\94F43A3A67.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.

2008-05-29 06:29 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-28 23:35 . 2008-02-12 22:06 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2008-05-28 23:35 . 2008-02-12 22:05 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2008-05-28 23:24 . 2008-05-28 23:24 11,035,303 --a------ C:\upload_moi_SN402327160007.tar.gz
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Documents and Settings\Gernevie\Application Data\Malwarebytes
2008-05-28 11:14 . 2008-05-28 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 11:14 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 11:14 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-28 00:30 . 2008-05-28 00:30 <REP> d-------- C:\fsaua.data
2008-05-27 11:14 . 2008-05-27 11:14 <REP> d-------- C:\Program Files\Avira
2008-05-27 11:14 . 2008-05-27 11:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 10:47 . 2008-05-27 10:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-27 10:44 . 2008-05-29 11:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-26 00:03 . 2008-05-26 00:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-26 00:03 . 2008-05-26 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-22 21:58 . 2008-05-22 22:02 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-05-22 21:57 . 2008-05-22 22:01 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-05-17 09:06 . 2008-05-17 09:06 <REP> d-------- C:\6a2dde3523c5272da3a41f
2008-05-05 21:26 . 2008-05-05 21:26 <REP> d-------- C:\Documents and Settings\Gernevie\Application Data\Druide
2008-05-05 21:21 . 2008-05-14 12:39 145 --a------ C:\WINDOWS\Antidote.ini
2008-05-05 21:20 . 2008-05-05 21:24 <REP> d-------- C:\Program Files\Druide
2008-05-04 14:03 . 2008-05-04 14:28 <REP> d-------- C:\Program Files\Orange
2008-05-04 14:03 . 2008-05-04 14:03 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-05-04 14:03 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-05-04 14:03 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-05-03 19:43 . 2008-05-03 19:43 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-05-03 19:31 . 2008-05-03 19:43 <REP> d-------- C:\Program Files\Inventel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 09:45 --------- d-----w C:\Documents and Settings\Gernevie\Application Data\Azureus
2008-05-28 22:47 --------- d-----w C:\Program Files\QuickTime
2008-05-28 22:47 --------- d-----w C:\Program Files\HardwareDetection
2008-05-28 09:14 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-22 19:10 --------- d-----w C:\Program Files\eMule
2008-05-20 07:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-04 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 18:39 --------- d-----w C:\Program Files\ADSL Autoconnect
2008-05-04 12:03 --------- d-----w C:\Program Files\Wanadoo
2008-04-29 20:50 --------- d-----w C:\Program Files\AxBx
2008-04-17 17:03 --------- d-----w C:\Program Files\Azureus
2008-04-04 17:02 --------- d-----w C:\Program Files\MSN Messenger
2008-04-04 17:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 12:58 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-01 12:58 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-01 12:58 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 12:58 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 12:58 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-01 12:58 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-25 09:43 47,360 -c--a-w C:\Documents and Settings\Gernevie\Application Data\pcouffin.sys
2005-05-08 08:13 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2004-12-20 11:04 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_ 2.36.39.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:57 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:57 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
- 2008-05-29 00:24:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 21:42:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-10-23 15:34:35 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:31:57 1,024,512 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-10-23 15:34:35 152,064 -c--a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-10-23 15:34:36 1,056,768 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-10-23 15:34:35 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:31:57 1,024,512 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-10-23 15:34:35 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:31:57 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-10-23 15:34:36 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:31:58 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-10-23 15:34:36 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-10-23 15:34:36 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-10-23 15:34:36 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-10-23 11:02:37 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-10-23 15:34:36 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-10-23 15:34:36 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-10-23 15:34:36 15,872 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-10-23 15:34:38 3,082,240 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-10-23 15:34:37 448,512 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-10-23 15:34:37 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-23 15:34:37 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-10-23 15:34:37 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-10-23 15:34:38 1,497,600 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:00 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-10-23 15:34:38 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:32:00 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-10-23 15:34:38 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:41:59 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-09-18 14:15:51 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:56:54 851,968 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-10-23 15:34:38 668,672 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-23 15:34:36 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:31:58 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-10-23 15:34:36 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:31:58 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-10-23 15:34:36 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:31:58 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-23 15:34:36 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:31:58 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-10-23 15:34:36 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:31:58 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:41:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-10-23 15:34:36 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:31:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-10-23 15:34:38 3,082,240 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 09:31:59 3,087,872 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-10-23 15:34:37 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:31:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-23 15:34:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:31:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-10-23 15:34:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:31:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-10-23 15:34:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:31:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-10-23 15:34:38 1,497,600 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:32:00 1,499,648 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-10-23 15:34:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:32:00 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-23 15:34:38 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:32:00 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-19 23:09:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:41:59 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2006-10-23 15:34:38 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:32:00 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 2.6"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 11:29 913408]
"Sonic RecordNow!"="" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 04:55 533944]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-08-13 20:17 58488]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-01-27 15:58 70760]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 16:20 81920]
"DOWNLOAD MANAGER"="C:\APPS\OD2\OD2DLEngine.exe" [2004-06-07 17:03 606208]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-11-07 18:19 95456]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304]
"StarSkin"="C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.exe" [ ]
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 10:00 22528]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fenˆtre d'‚tat de Canon LASER SHOT LBP-1120.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2002-07-30 10:00:00 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\mcoinstall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19168:TCP"= 19168:TCP:*:Disabled:BitComet 19168 TCP
"19168:UDP"= 19168:UDP:*:Disabled:BitComet 19168 UDP
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 11:38]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []
S3 iMSPQMn;iMSPQMn;C:\DOCUME~1\Gernevie\LOCALS~1\Temp\iMSPQMn.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-21 22:00:20 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOfferSilence@16
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 00:13:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
Temps d'accomplissement: 2008-05-30 0:17:24
ComboFix-quarantined-files.txt 2008-05-29 22:16:21
ComboFix2.txt 2008-05-29 00:38:02

Pre-Run: 27,719,024,640 octets libres
Post-Run: 27,706,572,800 octets libres

270 --- E O F --- 2008-05-29 16:17:4

Et le hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:21, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\APPS\OD2\OD2State.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gernevie\Bureau\antivirus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [DOWNLOAD MANAGER] C:\APPS\OD2\OD2DLEngine.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: https://www.orange.fr/portail
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Et voilà ce qui semble le dernier rapport ;)
Encore merci pour toute ton aide, et merci aussi à Siou

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Gernevie\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Gernevie\Bureau\antivirus\HijackThis.exe: trouvé !
C:\Documents and Settings\Gernevie\Bureau\antivirus\Btfix: trouvé !
C:\Documents and Settings\Gernevie\Recent\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Gernevie\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Gernevie\Bureau\antivirus\HijackThis.exe: supprimé !
C:\Documents and Settings\Gernevie\Recent\HijackThis.lnk: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Gernevie\Bureau\antivirus\Btfix: supprimé !