Pub CID

Salut!


J'ai essayé d'installer Navilog, mais pas capable de l'installer mon anti-virus c'est affoller, je l'ai désactiver, mais il m'a fait comme réponse '' une référence a été envoyé au serveur''.

Allo!

J'ai installé A-squared free 3.5, j'ai fais l'analyse, ils ont détecté 8 éléments, est-ce qu'il faut que je les supprime?

Allo!


Oui, j'ai fais l'analyse, sauf, que l'analyse avec Bitfender n'a pas fonctionné il me dit: échec de la mise à jour, mais Panda active ça là marché.
Pour Navilog, je viens de réessayer, il me répète encore la même chose.

Allo!

Je reviens de 2 semaines de vacances.

J'ai imprimé le tuto de combofix, j'ai l'icône de combofix sur mon bureau, mais avant d'installer combo, dans le tuto, il ya quelques opérations préliminaires à installer comme: la console de récupération Windows, pour Vista ça me prendrais mon CD Windows, pour partir en mode Vista recovery environnement, j'ai juste 2 CD de restauration.

Qu'est-ce que je fais?

Allo!
ComboFix 08-07-29.1 - Martine 2008-08-03 19:13:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.222 [GMT -4:00]
Endroit: C:\Users\Martine\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 19:08 . 2008-08-03 19:08 268 --ah----- C:\sqmdata04.sqm
2008-08-03 19:08 . 2008-08-03 19:08 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 11:13 . 2008-07-31 11:13 13,753 --a------ C:\Windows\is-3T95F.msg
2008-07-31 11:13 . 2008-07-31 11:13 422 --a------ C:\Windows\is-3T95F.lst
2008-07-31 11:12 . 2008-07-31 11:13 685,056 --a------ C:\Windows\is-3T95F.exe
2008-07-31 10:42 . 2008-07-31 10:42 268 --ah----- C:\sqmdata03.sqm
2008-07-31 10:42 . 2008-07-31 10:42 244 --ah----- C:\sqmnoopt03.sqm
2008-07-31 10:01 . 2008-07-31 10:01 268 --ah----- C:\sqmdata02.sqm
2008-07-31 10:01 . 2008-07-31 10:01 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 20:04 . 2008-07-30 20:04 268 --ah----- C:\sqmdata01.sqm
2008-07-30 20:04 . 2008-07-30 20:04 244 --ah----- C:\sqmnoopt01.sqm
2008-07-20 21:02 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-16 11:18 . 2008-07-16 11:18 <REP> d-------- C:\Windows\BDOSCAN8
2008-07-16 10:21 . 2008-07-16 10:21 <REP> d-------- C:\Program Files\Panda Security
2008-07-16 10:21 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-15 22:29 . 2008-07-31 13:13 <REP> d-------- C:\Program Files\a-squared Free
2008-07-13 16:58 . 2008-07-13 19:08 691 --a------ C:\Users\Martine\AppData\Roaming\GetValue.vbs
2008-07-13 16:58 . 2008-07-13 19:08 35 --a------ C:\Users\Martine\AppData\Roaming\SetValue.bat
2008-07-12 21:48 . 2008-07-13 19:08 5,734 --a------ C:\Windows\System32\tmp.reg
2008-07-12 21:47 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-12 21:47 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-12 21:47 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-12 21:47 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-12 21:47 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-12 21:47 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-12 21:40 . 2008-07-12 21:40 268 --ah----- C:\sqmdata00.sqm
2008-07-12 21:40 . 2008-07-12 21:40 244 --ah----- C:\sqmnoopt00.sqm
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\Martine\AppData\Roaming\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-12 10:09 . 2008-07-31 11:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 10:09 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Users\All Users\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\ProgramData\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Program Files\NOS
2008-07-11 09:17 . 2008-07-11 09:57 <REP> d-------- C:\Program Files\Trend Micro
2008-07-11 08:01 . 2006-11-05 21:12 167,936 --a------ C:\Windows\System32\igfxres.dll
2008-07-11 07:38 . 2008-07-16 10:16 <REP> d-------- C:\Lop SD
2008-07-11 07:33 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 07:33 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 07:32 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 23:03 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 23:03 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-08 23:03 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-08 23:03 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-08 23:03 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-08 23:03 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-08 23:03 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-08 23:02 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-08 23:02 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-08 23:02 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-08 23:02 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-08 23:02 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-03 13:48 . 2008-07-03 13:48 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-07-03 13:48 . 2008-07-03 13:48 286,720 --a------ C:\Windows\PATCH.EXE
2008-07-03 13:48 . 2008-07-03 13:48 69,689 --a------ C:\Windows\UNZIP.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:08 --------- d-----w C:\Users\Martine\AppData\Roaming\OpenOffice.org2
2008-08-03 23:02 30,818,848 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-03 22:46 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-03 22:43 415,796 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-02 02:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-24 11:46 96,559 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-24 11:46 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-11 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 16:08 --------- d-----w C:\Program Files\Java
2008-07-09 03:12 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 20:21 --------- d-----w C:\Users\Martine\AppData\Roaming\toshiba
2008-06-27 12:21 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-06-27 03:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-27 00:37 --------- d-----w C:\ProgramData\part wait name
2008-06-09 00:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-28 03:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 02:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-28 02:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 15:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 01:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 06:41 188416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 21:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 21:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 21:02 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 02:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4133370953-3895996926-4258686426-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A30C72D-F237-4591-BBCD-8A9DB8D07A09}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{2A641021-EE37-4252-877B-536D1EE5F135}C:\\mp3quebec_mircv12d\\mirc.exe"= UDP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"UDP Query User{5BEC67E9-6FB9-4C4E-9CB4-EF63AFB24C84}C:\\mp3quebec_mircv12d\\mirc.exe"= TCP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"{72071C23-8ABF-4366-8064-E5767CDCB236}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C0AA0C16-AC9D-4A6F-9A14-2886D1708BE3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-03 C:\Windows\Tasks\User_Feed_Synchronization-{18CBD209-0B4D-4A04-B249-A0FBB7CD9448}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]
.
.
------- Supplementary Scan -------
.

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 19:17:55
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????M???&???(???P?????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-03 19:19:11
ComboFix-quarantined-files.txt 2008-08-03 23:19:04

Pre-Run: 33,548,341,248 octets libres
Post-Run: 33,414,426,624 octets libres

187 --- E O F --- 2008-08-01 21:40:43

le rapport de combofix

Allo!
ComboFix 08-07-29.1 - Martine 2008-08-03 19:13:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.222 [GMT -4:00]
Endroit: C:\Users\Martine\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 19:08 . 2008-08-03 19:08 268 --ah----- C:\sqmdata04.sqm
2008-08-03 19:08 . 2008-08-03 19:08 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 11:13 . 2008-07-31 11:13 13,753 --a------ C:\Windows\is-3T95F.msg
2008-07-31 11:13 . 2008-07-31 11:13 422 --a------ C:\Windows\is-3T95F.lst
2008-07-31 11:12 . 2008-07-31 11:13 685,056 --a------ C:\Windows\is-3T95F.exe
2008-07-31 10:42 . 2008-07-31 10:42 268 --ah----- C:\sqmdata03.sqm
2008-07-31 10:42 . 2008-07-31 10:42 244 --ah----- C:\sqmnoopt03.sqm
2008-07-31 10:01 . 2008-07-31 10:01 268 --ah----- C:\sqmdata02.sqm
2008-07-31 10:01 . 2008-07-31 10:01 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 20:04 . 2008-07-30 20:04 268 --ah----- C:\sqmdata01.sqm
2008-07-30 20:04 . 2008-07-30 20:04 244 --ah----- C:\sqmnoopt01.sqm
2008-07-20 21:02 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-16 11:18 . 2008-07-16 11:18 <REP> d-------- C:\Windows\BDOSCAN8
2008-07-16 10:21 . 2008-07-16 10:21 <REP> d-------- C:\Program Files\Panda Security
2008-07-16 10:21 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-15 22:29 . 2008-07-31 13:13 <REP> d-------- C:\Program Files\a-squared Free
2008-07-13 16:58 . 2008-07-13 19:08 691 --a------ C:\Users\Martine\AppData\Roaming\GetValue.vbs
2008-07-13 16:58 . 2008-07-13 19:08 35 --a------ C:\Users\Martine\AppData\Roaming\SetValue.bat
2008-07-12 21:48 . 2008-07-13 19:08 5,734 --a------ C:\Windows\System32\tmp.reg
2008-07-12 21:47 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-12 21:47 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-12 21:47 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-12 21:47 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-12 21:47 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-12 21:47 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-12 21:40 . 2008-07-12 21:40 268 --ah----- C:\sqmdata00.sqm
2008-07-12 21:40 . 2008-07-12 21:40 244 --ah----- C:\sqmnoopt00.sqm
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\Martine\AppData\Roaming\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-12 10:09 . 2008-07-31 11:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 10:09 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Users\All Users\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\ProgramData\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Program Files\NOS
2008-07-11 09:17 . 2008-07-11 09:57 <REP> d-------- C:\Program Files\Trend Micro
2008-07-11 08:01 . 2006-11-05 21:12 167,936 --a------ C:\Windows\System32\igfxres.dll
2008-07-11 07:38 . 2008-07-16 10:16 <REP> d-------- C:\Lop SD
2008-07-11 07:33 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 07:33 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 07:32 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 23:03 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 23:03 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-08 23:03 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-08 23:03 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-08 23:03 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-08 23:03 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-08 23:03 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-08 23:02 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-08 23:02 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-08 23:02 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-08 23:02 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-08 23:02 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-03 13:48 . 2008-07-03 13:48 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-07-03 13:48 . 2008-07-03 13:48 286,720 --a------ C:\Windows\PATCH.EXE
2008-07-03 13:48 . 2008-07-03 13:48 69,689 --a------ C:\Windows\UNZIP.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:08 --------- d-----w C:\Users\Martine\AppData\Roaming\OpenOffice.org2
2008-08-03 23:02 30,818,848 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-03 22:46 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-03 22:43 415,796 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-02 02:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-24 11:46 96,559 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-24 11:46 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-11 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 16:08 --------- d-----w C:\Program Files\Java
2008-07-09 03:12 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 20:21 --------- d-----w C:\Users\Martine\AppData\Roaming\toshiba
2008-06-27 12:21 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-06-27 03:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-27 00:37 --------- d-----w C:\ProgramData\part wait name
2008-06-09 00:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-28 03:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 02:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-28 02:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 15:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 01:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 06:41 188416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 21:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 21:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 21:02 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 02:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4133370953-3895996926-4258686426-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A30C72D-F237-4591-BBCD-8A9DB8D07A09}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{2A641021-EE37-4252-877B-536D1EE5F135}C:\\mp3quebec_mircv12d\\mirc.exe"= UDP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"UDP Query User{5BEC67E9-6FB9-4C4E-9CB4-EF63AFB24C84}C:\\mp3quebec_mircv12d\\mirc.exe"= TCP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"{72071C23-8ABF-4366-8064-E5767CDCB236}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C0AA0C16-AC9D-4A6F-9A14-2886D1708BE3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-03 C:\Windows\Tasks\User_Feed_Synchronization-{18CBD209-0B4D-4A04-B249-A0FBB7CD9448}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]
.
.
------- Supplementary Scan -------
.

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 19:17:55
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????M???&???(???P?????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-03 19:19:11
ComboFix-quarantined-files.txt 2008-08-03 23:19:04

Pre-Run: 33,548,341,248 octets libres
Post-Run: 33,414,426,624 octets libres

187 --- E O F --- 2008-08-01 21:40:43

le rapport de combofix

Allo!

Allo!
ComboFix 08-07-29.1 - Martine 2008-08-03 19:13:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.222 [GMT -4:00]
Endroit: C:\Users\Martine\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-03 to 2008-08-03 ))))))))))))))))))))))))))))))))))))
.

2008-08-03 19:08 . 2008-08-03 19:08 268 --ah----- C:\sqmdata04.sqm
2008-08-03 19:08 . 2008-08-03 19:08 244 --ah----- C:\sqmnoopt04.sqm
2008-07-31 11:13 . 2008-07-31 11:13 13,753 --a------ C:\Windows\is-3T95F.msg
2008-07-31 11:13 . 2008-07-31 11:13 422 --a------ C:\Windows\is-3T95F.lst
2008-07-31 11:12 . 2008-07-31 11:13 685,056 --a------ C:\Windows\is-3T95F.exe
2008-07-31 10:42 . 2008-07-31 10:42 268 --ah----- C:\sqmdata03.sqm
2008-07-31 10:42 . 2008-07-31 10:42 244 --ah----- C:\sqmnoopt03.sqm
2008-07-31 10:01 . 2008-07-31 10:01 268 --ah----- C:\sqmdata02.sqm
2008-07-31 10:01 . 2008-07-31 10:01 244 --ah----- C:\sqmnoopt02.sqm
2008-07-30 20:04 . 2008-07-30 20:04 268 --ah----- C:\sqmdata01.sqm
2008-07-30 20:04 . 2008-07-30 20:04 244 --ah----- C:\sqmnoopt01.sqm
2008-07-20 21:02 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswiss­army.sys
2008-07-16 11:18 . 2008-07-16 11:18 <REP> d-------- C:\Windows\BDOSCAN8
2008-07-16 10:21 . 2008-07-16 10:21 <REP> d-------- C:\Program Files\Panda Security
2008-07-16 10:21 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-15 22:29 . 2008-07-31 13:13 <REP> d-------- C:\Program Files\a-squared Free
2008-07-13 16:58 . 2008-07-13 19:08 691 --a------ C:\Users\Martine\AppData\Roaming\GetValue.vbs
2008-07-13 16:58 . 2008-07-13 19:08 35 --a------ C:\Users\Martine\AppData\Roaming\SetValue.bat
2008-07-12 21:48 . 2008-07-13 19:08 5,734 --a------ C:\Windows\System32\tmp.reg
2008-07-12 21:47 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-07-12 21:47 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-07-12 21:47 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-07-12 21:47 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-07-12 21:47 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-07-12 21:47 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-07-12 21:40 . 2008-07-12 21:40 268 --ah----- C:\sqmdata00.sqm
2008-07-12 21:40 . 2008-07-12 21:40 244 --ah----- C:\sqmnoopt00.sqm
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\Martine\AppData\Roaming\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-12 10:09 . 2008-07-12 10:09 <REP> d-------- C:\ProgramData\Malwarebytes
2008-07-12 10:09 . 2008-07-31 11:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 10:09 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Users\All Users\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\ProgramData\NOS
2008-07-11 12:14 . 2008-07-11 13:06 <REP> d-------- C:\Program Files\NOS
2008-07-11 09:17 . 2008-07-11 09:57 <REP> d-------- C:\Program Files\Trend Micro
2008-07-11 08:01 . 2006-11-05 21:12 167,936 --a------ C:\Windows\System32\igfxres.dll
2008-07-11 07:38 . 2008-07-16 10:16 <REP> d-------- C:\Lop SD
2008-07-11 07:33 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-11 07:33 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-11 07:32 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 23:03 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 23:03 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-08 23:03 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-08 23:03 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-08 23:03 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-08 23:03 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-08 23:03 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-08 23:02 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-08 23:02 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-08 23:02 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-08 23:02 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-08 23:02 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-08 23:02 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-03 13:48 . 2008-07-03 13:48 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-07-03 13:48 . 2008-07-03 13:48 286,720 --a------ C:\Windows\PATCH.EXE
2008-07-03 13:48 . 2008-07-03 13:48 69,689 --a------ C:\Windows\UNZIP.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 23:08 --------- d-----w C:\Users\Martine\AppData\Roaming\OpenOffice.org2
2008-08-03 23:02 30,818,848 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-08-03 22:46 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-08-03 22:43 415,796 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-08-02 02:53 --------- d-----w C:\Program Files\Lavasoft
2008-07-24 11:46 96,559 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-24 11:46 87,855 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-11 16:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 16:08 --------- d-----w C:\Program Files\Java
2008-07-09 03:12 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 20:21 --------- d-----w C:\Users\Martine\AppData\Roaming\toshiba
2008-06-27 12:21 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-06-27 03:20 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-27 00:37 --------- d-----w C:\ProgramData\part wait name
2008-06-09 00:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-28 03:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 02:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-28 02:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 15:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 14:01 413696]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 01:50 815104]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 06:41 188416]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 21:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 21:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 21:02 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 02:50 3772416 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4133370953-3895996926-4258686426-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A30C72D-F237-4591-BBCD-8A9DB8D07A09}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{2A641021-EE37-4252-877B-536D1EE5F135}C:\\mp3quebec_mircv12d\\mirc.exe"= UDP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"UDP Query User{5BEC67E9-6FB9-4C4E-9CB4-EF63AFB24C84}C:\\mp3quebec_mircv12d\\mirc.exe"= TCP:C:\mp3quebec_mircv12d\mirc.exe:mIRC
"{72071C23-8ABF-4366-8064-E5767CDCB236}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C0AA0C16-AC9D-4A6F-9A14-2886D1708BE3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 23:11]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-03 C:\Windows\Tasks\User_Feed_Synchronization-{18CBD209-0B4D-4A04-B249-A0FBB7CD9448}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]
.
.
------- Supplementary Scan -------
.

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 19:17:55
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????M???&???(???P?????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-03 19:19:11
ComboFix-quarantined-files.txt 2008-08-03 23:19:04

Pre-Run: 33,548,341,248 octets libres
Post-Run: 33,414,426,624 octets libres

187 --- E O F --- 2008-08-01 21:40:43

le rapport de combofix