FENETRE INTEMPESTIVE VIRUS ET TROJAN

Merci pour cette réponse si rapide.
Voici donc
J’ai d’une façon constante une fenêtre de windows sécurité qui s’ouvre en m’annonçant que je suis infecté par un trojan.

Voici tout d’abord ce que j’ai fait
Hier : j’ai passé Malwarebytes' Anti-Malware 1.26 dont voici le rapport :
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1103
Windows 5.1.2600 Service Pack 3

06/09/2008 07:09:48
mbam-log-2008-09-06 (07-09-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 308294
Temps écoulé: 1 hour(s), 35 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\O9GX6RGT\PLAY_MP3[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Mes documents\Ordinateur\Outils\Adobe\Keygen Adobe Acrobat 8 Pro\Adobe Acrobat 8 Pro Keygen + Activation.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcgl8j0enbn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMef88fc7a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMef88fc7a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgl8j0enbn.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Le ménage a donc été fait mais toujours cette fenêtre qui s’ouvre
Aujourd’hui j’ai passé HIJACKTHIS et voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:15, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
C:\WINDOWS\system32\mvmnkhyl.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
c:\program files\fichiers communs\installshield\updateservice\isuspm.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.elby.ch/products/clonedvd.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

J’ai ensuite passé NAVILOG en recherche et voici le résultat
Search Navipromo version 3.6.5 commencé le 07/09/2008 à 11:06:29,71

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Propriétaire"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.5512
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\SYLVIE\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" :


* Dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\bLTsDfhk.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\JTBJknnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 07/09/2008 à 11:19:12,03 ***

Enfin je suis passé à NAVILOG pour désinfecter voici le rapport
Clean Navipromo version 3.6.5 commencé le 07/09/2008 à 11:22:54,45

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Propriétaire"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.5512
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SYLVIE\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Propriétaire\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\SYLVIE\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *


* Dans "C:\DOCUME~1\SYLVIE\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 07/09/2008 à 11:26:22,35 ***

Voici le rapport mais toujours la fenêtre d'alerte apparait

ComboFix 08-09-05.02 - Propriétaire 2008-09-07 15:57:03.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.196 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\akiaavoo.ini
C:\WINDOWS\system32\bLTsDfhk.ini
C:\WINDOWS\system32\bLTsDfhk.ini2
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\JTBJknnn.ini
C:\WINDOWS\system32\JTBJknnn.ini2
C:\WINDOWS\system32\qjqsmuyu.ini
C:\WINDOWS\system32\twvnkehq.ini
C:\WINDOWS\system32\uswaybja.ini
C:\WINDOWS\system32\ydoiwknc.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 12:11 . 2008-09-07 12:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-07 10:18 . 2008-09-07 10:18 <REP> d-------- C:\Program Files\CCleaner
2008-09-05 19:53 . 2008-09-05 19:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:53 . 2008-09-05 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:53 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:53 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 11:59 . 2008-09-05 11:59 102,400 --a------ C:\WINDOWS\system32\mvmnkhyl.exe
2008-09-05 08:45 . 2008-09-05 08:45 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-09-05 08:45 . 2008-09-05 08:45 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-05 08:44 . 2008-09-05 08:45 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-05 08:23 . 2008-09-05 08:23 <REP> d-------- C:\Program Files\Avanquest update
2008-09-05 08:23 . 2008-09-05 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-05 08:23 . 2008-09-05 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avanquest
2008-09-05 08:22 . 2008-09-05 08:22 <REP> d-------- C:\Program Files\Avanquest
2008-09-05 03:16 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-05 03:15 . 2008-04-14 04:33 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-09-05 03:15 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-05 03:15 . 2008-04-14 04:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-09-04 07:01 . 2008-09-07 12:11 <REP> d-------- C:\Documents and Settings\SYLVIE\Application Data\VMNTOOLBAR
2008-09-03 12:46 . 2008-09-03 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\buhifidi
2008-09-03 12:46 . 2008-09-03 12:46 98,304 --a------ C:\WINDOWS\system32\zsjuvang.exe
2008-09-03 07:15 . 2008-09-03 07:15 <REP> d-------- C:\Program Files\vmntoolbar
2008-09-03 07:14 . 2008-09-03 07:14 <REP> d-------- C:\Program Files\Visicom Media
2008-08-17 20:04 . 2008-08-17 20:04 <REP> d-------- C:\Documents and Settings\SYLVIE\Application Data\ICQ Toolbar
2008-08-16 17:37 . 2006-07-26 14:08 65,536 --------- C:\WINDOWS\system32\mavideo.scr
2008-08-15 06:31 . 2008-09-06 12:10 <REP> d-------- C:\Program Files\RogueRemover PRO
2008-08-15 06:31 . 2008-08-15 06:31 2,015 -r-h----- C:\WINDOWS\system32\drivers\hosts
2008-08-15 06:18 . 2008-08-15 06:18 <REP> d-------- C:\Program Files\VLC
2008-08-15 06:16 . 2008-08-15 06:16 <REP> d-------- C:\Program Files\ItsLabel
2008-08-14 21:34 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 21:19 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 14:08 --------- d-----w C:\Program Files\Wanadoo
2008-09-07 13:55 --------- d-----w C:\Program Files\Ulead.dat
2008-09-07 10:17 --------- d-----w C:\Documents and Settings\SYLVIE\Application Data\OpenOffice.org2
2008-09-07 09:26 --------- d-----w C:\Program Files\Navilog1
2008-09-06 07:45 --------- d-----w C:\Program Files\ICQToolbar
2008-09-05 06:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 16:35 --------- d-----w C:\Program Files\Mozilla Sunbird
2008-08-31 07:58 --------- d-----w C:\Program Files\listac
2008-08-25 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-24 08:05 --------- d-----w C:\Documents and Settings\SYLVIE\Application Data\U3
2008-08-20 21:11 7,680 --sha-w C:\Program Files\Thumbs.db
2008-08-17 18:15 --------- d-----w C:\Program Files\QuickTime
2008-08-17 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-17 18:12 --------- d-----w C:\Program Files\eMule
2008-08-17 18:09 --------- d-----w C:\Program Files\Canon
2008-08-16 15:38 --------- d-----w C:\Program Files\Micro Application
2008-08-15 04:58 --------- d-----w C:\Program Files\EoRezo
2008-08-11 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-05-16 16:15 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-05-16 16:12 88 --sh--r C:\Documents and Settings\All Users\Application Data\1329AEB26B.sys
2007-12-07 08:11 341,488 ----a-w C:\Program Files\uvPL.exe
2007-12-07 08:11 3,089,904 ----a-w C:\Program Files\vstudio.dat
2007-12-07 08:11 1,254,896 ----a-w C:\Program Files\vstudio.exe
2007-05-09 10:41 423,408 ----a-w C:\Program Files\CapMgr.dll
2007-05-08 15:44 87,536 ----a-w C:\Program Files\CapMgrRC.dll
2007-05-08 15:44 570,864 ----a-w C:\Program Files\DVDMFRc.dll
2007-05-08 15:43 48,112 ----a-w C:\Program Files\uTextToolRc.dll
2007-05-07 11:27 1,254,896 ----a-w C:\Program Files\vstudio.exe.bak
2007-05-07 11:18 3,089,904 ----a-w C:\Program Files\vstudio.dat.bak
2007-05-07 11:18 1,404,928 ----a-w C:\Program Files\vstudio.lod
2007-05-07 11:18 1,024 ----a-w C:\Program Files\vstudio.bin
2007-05-04 08:11 34,800 ----a-w C:\Program Files\uImportDVDUIRC.dll
2007-05-02 16:22 30,192 ----a-w C:\Program Files\DV2DVDWizardPage2RC.dll
2007-05-02 09:00 501,232 ----a-w C:\Program Files\u32Prod.dll
2007-05-02 08:59 951,792 ----a-w C:\Program Files\HerWizardRC.dll
2007-05-02 08:59 730,608 ----a-w C:\Program Files\PPPRC.dll
2007-05-02 08:59 456,176 ----a-w C:\Program Files\vftatrc.dll
2007-05-02 08:59 259,568 ----a-w C:\Program Files\herrc.dll
2007-05-02 08:59 177,648 ----a-w C:\Program Files\VfxATRC.dll
2007-05-02 08:59 15,856 ----a-w C:\Program Files\uDVDUSerR.dll
2007-05-02 08:58 22,000 ----a-w C:\Program Files\DeviceSyncUIRC.dll
2007-04-30 10:33 168,360 ----a-w C:\Program Files\SplashScreen.bmp
2007-04-30 10:27 117,224 ----a-w C:\Program Files\AboutBox.bmp
2007-04-27 08:46 361,968 ----a-w C:\Program Files\VioRC.dll
2007-04-27 08:45 50,672 ----a-w C:\Program Files\HerDocRC.dll
2007-04-26 20:19 8,048 ----a-w C:\Program Files\uAboutBox02.xml
2007-04-26 19:07 37,768 ----a-w C:\Program Files\README.htm
2007-04-26 15:19 226,800 ----a-w C:\Program Files\u32video.dll
2007-04-26 09:27 357,872 ----a-w C:\Program Files\vftrc.dll
2007-04-26 09:22 529,904 ----a-w C:\Program Files\umfNormalEditTask.dll
2007-04-24 09:20 99,824 ----a-w C:\Program Files\HerWizPGOutput.dll
2007-04-20 15:29 529,904 ----a-w C:\Program Files\veui32rc.dll
2007-04-20 15:29 50,672 ----a-w C:\Program Files\uwUpdate.dll
2007-04-20 15:29 39,408 ----a-w C:\Program Files\vfxrc.dll
2007-04-20 15:29 140,784 ----a-w C:\Program Files\wWebComp.dll
2007-04-20 15:29 103,920 ----a-w C:\Program Files\Vft32rc.dll
2007-04-20 15:27 620,016 ----a-w C:\Program Files\ufctxeffrc.dll
2007-04-20 15:27 22,000 ----a-w C:\Program Files\uImportDVDUserCtrlRC.dll
2007-04-20 15:27 16,368 ----a-w C:\Program Files\uImportDVDPlugInRC.dll
2007-04-20 15:27 11,248 ----a-w C:\Program Files\uiNetRC.dll
2007-04-20 15:27 108,016 ----a-w C:\Program Files\Ul3dui32.dll
2007-04-20 15:26 27,120 ----a-w C:\Program Files\udlFileRC.dll
2007-04-20 15:26 23,536 ----a-w C:\Program Files\uDVDUserREx.dll
2007-04-20 15:26 20,464 ----a-w C:\Program Files\uAutoEditWrapRC.dll
2007-04-20 15:26 19,952 ----a-w C:\Program Files\ufcGetVFRC.dll
2007-04-20 15:26 18,928 ----a-w C:\Program Files\uDVDCaptureRc.dll
2007-04-20 15:26 18,416 ----a-w C:\Program Files\UFCCOLORRC.dll
2007-04-20 15:26 18,416 ----a-w C:\Program Files\uDVDCommRC.dll
2007-04-20 15:26 17,392 ----a-w C:\Program Files\uDMFGUIRC.dll
2007-04-20 15:26 16,880 ----a-w C:\Program Files\uDVDUserREx40Lite.dll
2007-04-20 15:26 16,368 ----a-w C:\Program Files\UFCCOMMRC.dll
2007-04-20 15:26 16,368 ----a-w C:\Program Files\uBatchCvtRC.dll
2007-04-20 15:26 132,592 ----a-w C:\Program Files\UFCAUDRC.dll
2007-04-20 15:25 91,632 ----a-w C:\Program Files\TitlePlugRC.dll
2007-04-20 15:25 83,440 ----a-w C:\Program Files\u32xView.dll
2007-04-20 15:25 71,152 ----a-w C:\Program Files\u32AudCvtRC.dll
2007-04-20 15:25 574,960 ----a-w C:\Program Files\type_eff.dll
2007-04-20 15:25 288,240 ----a-w C:\Program Files\u32FeUI_s.dll
2007-04-20 15:25 26,608 ----a-w C:\Program Files\save_ani.dll
2007-04-20 15:25 25,584 ----a-w C:\Program Files\u32uscRES.dll
2007-04-20 15:25 20,464 ----a-w C:\Program Files\u32freedbRC.dll
2007-04-20 15:25 16,880 ----a-w C:\Program Files\U32USPRC.dll
2007-04-20 15:25 136,688 ----a-w C:\Program Files\TgeDllRC.dll
2007-04-20 15:24 71,152 ----a-w C:\Program Files\PEXSLIDE_Res.dll
2007-04-20 15:24 56,304 ----a-w C:\Program Files\MPEG_VioRC.dll
2007-04-20 15:24 325,104 ----a-w C:\Program Files\DV2DVDWizardRC.dll
2007-04-20 15:24 25,072 ----a-w C:\Program Files\KEYFRAMEMODULERC.dll
2007-04-20 15:24 15,856 ----a-w C:\Program Files\PEXEXIF_Res.dll
2007-04-20 15:24 15,344 ----a-w C:\Program Files\ModifyMarkTimeRC.dll
2007-04-20 15:24 15,344 ----a-w C:\Program Files\IDvPreScanRC.dll
2007-04-20 15:23 25,584 ----a-w C:\Program Files\CuDAC32.dll
2007-04-20 15:23 24,048 ----a-w C:\Program Files\DV2DVDWizardPage1RC.dll
2007-04-20 15:23 239,088 ----a-w C:\Program Files\AIKRC.dll
2007-04-20 15:23 194,032 ----a-w C:\Program Files\CU3PDVR_HDV_RC.dll
2007-04-20 15:23 19,952 ----a-w C:\Program Files\DrawingRC.dll
2007-04-20 15:23 153,072 ----a-w C:\Program Files\AftRC.dll
2007-04-20 15:23 15,856 ----a-w C:\Program Files\DeviceSyncMgrRC.dll
2007-04-20 15:23 14,320 ----a-w C:\Program Files\Aft32RC.dll
2007-04-20 15:23 10,736 ----a-w C:\Program Files\BatchDLRC.dll
2007-04-20 15:22 99,824 ----a-w C:\Program Files\afCommRC.dll
2005-09-25 18:49 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{06663B56-0D73-4f9f-BCC5-4AA941470AFD}"= "C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL" [2008-01-20 61440]

[HKEY_CLASSES_ROOT\clsid\{06663b56-0d73-4f9f-bcc5-4aa941470afd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-01-20 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-01-20 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-07 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-06-02 6210888]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"RogueMonitor"="C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2008-02-24 421568]
"EnShChk"="C:\WINDOWS\system32\mvmnkhyl.exe" [2008-09-05 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 335872]
"UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"DeviceDiscovery"="C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-07-18 483328]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 94208]
"MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 86016]
"Mediafour Mac Volume Notifications"="C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" [2002-12-17 61440]
"OSSelectorReinstall"="C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe" [2007-03-09 2227601]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"UVS11 Preload"="C:\Program Files\uvPL.exe" [2007-12-07 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-03 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"gIBPgZltt6"="C:\Documents and Settings\All Users\Application Data\buhifidi\hmlstqvg.exe" [2008-09-03 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
2003-11-07 10:24 61440 C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.VP31"= vp31vfw.dll
"VIDC.CSCD"= camcodec.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"MSACM.CEGSM"= mobilev.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\microsoft frontpage\\bin\\fpexplor.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI.SP2\\RpcSandraSrv.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Visicom Media\\FTP Expert 3\\ftpxpert3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56907:TCP"= 56907:TCP:Pando P2P TCP Listening Port
"56907:UDP"= 56907:UDP:Pando P2P UDP Listening Port

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2004-08-31 44404]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2004-09-13 277352]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 350282]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa16512-e790-11dc-8a85-0030f1d91552}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2968f2f4-9047-11dc-bcda-0030f1d91552}]
\Shell\AutoRun\command - L:\Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{0E629383-3B01-439D-856E-3920E37F461B} - (no file)
BHO-{3E114B4F-AC98-4FB4-BBAE-7461D4A6FC78} - (no file)
BHO-{6f5aea64-ea8a-45b7-a9b8-8921d95f61ef} - (no file)
BHO-{8B3E5F5E-784F-4509-BFB5-32CC10C0E629} - (no file)
BHO-{A5FAE565-C28F-42A3-BCB7-1FE17B491F66} - (no file)
BHO-{C048C488-14A0-49AD-BAD6-98BD0A6551DB} - (no file)
BHO-{E7ED0F33-5E19-4B9D-905D-3ADA086FF8CD} - (no file)
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
HKLM-Run-VTTimer - VTTimer.exe
HKLM-Run-EoEngine - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\b8tp8zw5.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 16:05:50
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 16:17:50 - machine was rebooted [Propri‚taire]
ComboFix-quarantined-files.txt 2008-09-07 14:17:39

Pre-Run: 12,005,855,232 octets libres
Post-Run: 11,985,920,000 octets libres

329 --- E O F --- 2008-09-06 01:01:36