Internet speed monitor

voici le rapport du scan

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2

12/09/2008 23:00:08
mbam-log-2008-09-12 (23-00-08).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 132847
Temps écoulé: 1 hour(s), 42 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 50
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 53

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndshell3.bho (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndshell3.bho.1 (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07851c6a-1c43-41d9-8319-bc89154a8c00} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{875a1348-7674-42aa-adac-b4f36a004a2d} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bchanger (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISM (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerOutlookTools (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpamBlockerWebTools (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\runtime (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule23 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack19 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2p networking (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\WinFixer 2005 (Rogue.WinFixer) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MEDION\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\MEDION\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\ASAPCom.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule18.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\GetPack18.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\bostrupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1764255360-3000441065-63181329-1006\Dc2.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1137\A0174729.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1144\A0175971.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1149\A0177240.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1156\A0182356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1156\A0182357.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1159\A0187459.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1159\A0187461.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1159\A0187471.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1159\A0187733.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1160\A0189261.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1160\A0189263.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP1160\A0189264.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\SbUninst.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\1_Trash.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\2_Balloon.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\3_Shot Gun.wav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\WinFixer 2005\lock.dat (Rogue.WinFixer) -> Quarantined and deleted successfully.
C:\Program Files\Insider\Insider.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Insider\UnInstall.exe (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\dic.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrModule\kwd.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\dicts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trffyupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\trgts.gz (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\QdrPack\zhydupd.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\VnrBlock\xtarga.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger\data.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BChanger\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule23.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\ozadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\pckik.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\zolnupdate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MEDION\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b147.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b148.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.

rapport du scan avec LOPS


--------------------\\ Lop S&D 4.2.4-2 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : MEDION ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080912-1] 4.8.1229 (Not Activated)

"C:\Lop SD" ( MAJ : 08-09-2008|21:40 )
Option : [1] ( 13/09/2008|15:07 )

--------------------\\ Listing des dossiers dans APPLIC~1

[27/05/2005|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[25/06/2004|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[04/07/2005|23:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[25/06/2004|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[11/12/2004|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Four Once Dash Part
[12/03/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/09/2008|15:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[27/11/2005|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/04/2006|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MetaSixthUpMapi
[01/10/2006|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/11/2004|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[24/09/2004|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[04/12/2004|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[25/06/2004|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[08/07/2004|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[29/03/2006|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[20/03/2006|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[25/06/2004|19:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[25/06/2004|19:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[27/06/2004|11:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead
[04/07/2005|23:38] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
[27/06/2004|11:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[27/06/2004|12:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help
[25/06/2004|17:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[25/06/2004|20:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[08/07/2004|17:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/07/2004|17:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[08/07/2004|17:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[25/06/2004|17:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/09/2004|17:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

[20/03/2006|12:15] C:\DOCUME~1\MEDION\APPLIC~1\Adobe
[03/09/2008|11:41] C:\DOCUME~1\MEDION\APPLIC~1\AdobeUM
[28/11/2004|18:12] C:\DOCUME~1\MEDION\APPLIC~1\Ahead
[16/04/2006|17:47] C:\DOCUME~1\MEDION\APPLIC~1\Ante book
[04/07/2005|23:38] C:\DOCUME~1\MEDION\APPLIC~1\AOL
[27/06/2004|11:37] C:\DOCUME~1\MEDION\APPLIC~1\CyberLink
[26/11/2004|22:03] C:\DOCUME~1\MEDION\APPLIC~1\FotoWire
[17/04/2007|14:49] C:\DOCUME~1\MEDION\APPLIC~1\Google
[13/11/2004|11:29] C:\DOCUME~1\MEDION\APPLIC~1\Help
[25/06/2004|17:14] C:\DOCUME~1\MEDION\APPLIC~1\Identities
[14/02/2008|12:04] C:\DOCUME~1\MEDION\APPLIC~1\InstallShield
[16/04/2006|17:48] C:\DOCUME~1\MEDION\APPLIC~1\Kind corn first
[28/12/2004|18:59] C:\DOCUME~1\MEDION\APPLIC~1\Leadertech
[25/06/2004|20:03] C:\DOCUME~1\MEDION\APPLIC~1\Macromedia
[12/09/2008|15:34] C:\DOCUME~1\MEDION\APPLIC~1\Malwarebytes
[10/12/2007|19:16] C:\DOCUME~1\MEDION\APPLIC~1\Microsoft
[22/06/2005|21:08] C:\DOCUME~1\MEDION\APPLIC~1\Microsoft Web Folders
[22/10/2006|19:36] C:\DOCUME~1\MEDION\APPLIC~1\MSN6
[02/10/2004|16:14] C:\DOCUME~1\MEDION\APPLIC~1\Orph‚e D‚veloppement
[01/10/2005|00:07] C:\DOCUME~1\MEDION\APPLIC~1\Real
[02/08/2005|20:52] C:\DOCUME~1\MEDION\APPLIC~1\Registry Cleaner
[21/12/2007|12:16] C:\DOCUME~1\MEDION\APPLIC~1\Samsung
[29/12/2007|00:59] C:\DOCUME~1\MEDION\APPLIC~1\SecuROM
[12/01/2008|20:40] C:\DOCUME~1\MEDION\APPLIC~1\temp
[10/11/2004|19:12] C:\DOCUME~1\MEDION\APPLIC~1\Template
[08/07/2004|17:01] C:\DOCUME~1\MEDION\APPLIC~1\You've Got Pictures Screensaver

[11/07/2007|22:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[01/12/2006|14:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

[28/11/2004|15:22] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[25/09/2004|14:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[13/09/2008 11:32][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000001
"DisplayName"="Messenger Plus! 3 & Sponsor"


--------------------\\ Listing des dossiers dans C:\Program Files

[16/04/2006|17:37] C:\Program Files\Adobe
[28/09/2007|00:42] C:\Program Files\Adverts
[30/09/2005|20:13] C:\Program Files\Ahead
[16/04/2006|17:37] C:\Program Files\Altnet
[27/05/2005|11:22] C:\Program Files\Alwil Software
[25/06/2004|18:21] C:\Program Files\CA
[07/10/2005|11:02] C:\Program Files\Canon
[16/04/2006|17:37] C:\Program Files\Common Files
[25/06/2004|18:22] C:\Program Files\CyberLink
[27/05/2005|11:46] C:\Program Files\DashBar
[29/12/2007|00:47] C:\Program Files\EA SPORTS
[01/10/2005|00:10] C:\Program Files\EasyBurning
[19/01/2007|17:16] C:\Program Files\eMule
[10/01/2006|19:27] C:\Program Files\ErrorSafe
[12/09/2008|23:00] C:\Program Files\Fichiers communs
[23/02/2007|18:41] C:\Program Files\Footistik
[26/02/2007|16:16] C:\Program Files\Footistik 4
[24/02/2007|15:48] C:\Program Files\Footistik 4 Demo
[18/04/2007|09:43] C:\Program Files\Google
[03/11/2004|11:12] C:\Program Files\Hewlett-Packard
[08/07/2004|17:12] C:\Program Files\Home Cinema
[27/05/2005|14:03] C:\Program Files\IncrediMail
[15/02/2008|11:30] C:\Program Files\InstallShield Installation Information
[25/06/2004|17:54] C:\Program Files\Intel
[12/09/2008|11:14] C:\Program Files\Internet Explorer
[16/04/2006|17:37] C:\Program Files\Kazaa
[11/01/2006|19:33] C:\Program Files\Logitech
[27/01/2007|01:41] C:\Program Files\Make bootable flashcards
[12/09/2008|15:34] C:\Program Files\Malwarebytes' Anti-Malware
[12/09/2008|11:17] C:\Program Files\Messenger
[30/04/2006|11:34] C:\Program Files\Messenger Plus! 3
[22/06/2005|21:07] C:\Program Files\microsoft frontpage
[22/06/2005|21:08] C:\Program Files\Microsoft Office
[28/01/2007|21:53] C:\Program Files\Microsoft Picture It! 7
[22/06/2005|21:10] C:\Program Files\Microsoft Visual Studio
[28/01/2007|21:53] C:\Program Files\Microsoft Works
[28/09/2004|19:32] C:\Program Files\Microsoft Works Suite 2003
[22/05/2005|13:52] C:\Program Files\Mindscape
[10/09/2008|16:28] C:\Program Files\Movie Maker
[20/11/2004|14:25] C:\Program Files\MSN
[20/11/2004|14:17] C:\Program Files\MSN Apps
[25/06/2004|17:13] C:\Program Files\MSN Gaming Zone
[10/09/2008|16:26] C:\Program Files\MSN Messenger
[18/11/2006|04:01] C:\Program Files\MSXML 4.0
[25/06/2004|18:24] C:\Program Files\MUSICMATCH
[10/09/2008|16:28] C:\Program Files\NetMeeting
[14/02/2008|12:18] C:\Program Files\Orange HSS
[10/09/2008|16:28] C:\Program Files\Outlook Express
[23/10/2004|17:09] C:\Program Files\Personal Soft
[10/12/2007|19:18] C:\Program Files\Power IE
[01/10/2005|00:10] C:\Program Files\QuickTime
[05/03/2008|11:18] C:\Program Files\RcvSystem
[27/12/2005|11:33] C:\Program Files\Registry Cleaner Trial
[14/02/2008|12:04] C:\Program Files\SAGEM
[12/09/2008|11:46] C:\Program Files\SAGEM WiFi manager
[21/03/2005|15:56] C:\Program Files\SAGEM(2)
[21/12/2007|12:13] C:\Program Files\Samsung
[14/02/2008|11:57] C:\Program Files\Securitoo
[25/06/2004|17:13] C:\Program Files\Services en ligne
[05/02/2005|11:20] C:\Program Files\Softkey
[01/05/2005|11:45] C:\Program Files\Softwin
[28/09/2004|19:18] C:\Program Files\Sony Corporation
[02/06/2006|17:18] C:\Program Files\test
[02/08/2005|20:44] C:\Program Files\TPT Registry_Cleaner (Trial)
[10/12/2007|18:28] C:\Program Files\Trend Micro
[08/07/2004|17:58] C:\Program Files\Uninstall Information
[08/07/2004|17:01] C:\Program Files\Viewpoint
[14/02/2008|11:53] C:\Program Files\Wanadoo
[14/02/2008|11:54] C:\Program Files\Wanadoo Messager
[20/03/2007|15:37] C:\Program Files\WebSecureAlert
[25/06/2004|18:35] C:\Program Files\Windows Journal Viewer
[28/01/2007|21:53] C:\Program Files\Windows Media Connect 2
[10/09/2008|16:28] C:\Program Files\Windows Media Player
[10/09/2008|16:28] C:\Program Files\Windows NT
[25/06/2004|17:14] C:\Program Files\xerox
[20/03/2006|12:15] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/02/2007|19:51] C:\Program Files\Fichiers communs\Adobe
[25/06/2004|18:42] C:\Program Files\Fichiers communs\Ahead
[16/04/2006|17:37] C:\Program Files\Fichiers communs\AOL
[28/09/2007|10:19] C:\Program Files\Fichiers communs\CMEII
[22/06/2005|21:10] C:\Program Files\Fichiers communs\Designer
[27/12/2005|11:31] C:\Program Files\Fichiers communs\ErrorSafe
[26/11/2004|22:03] C:\Program Files\Fichiers communs\FotoWire
[14/02/2008|12:16] C:\Program Files\Fichiers communs\France Telecom
[28/09/2007|10:21] C:\Program Files\Fichiers communs\GMT
[28/09/2004|19:17] C:\Program Files\Fichiers communs\InstallShield
[20/11/2004|19:47] C:\Program Files\Fichiers communs\lapmfrdp
[26/11/2004|22:02] C:\Program Files\Fichiers communs\Logitech
[11/03/2007|20:34] C:\Program Files\Fichiers communs\Microsoft Shared
[25/06/2004|17:13] C:\Program Files\Fichiers communs\MSSoap
[28/09/2004|19:18] C:\Program Files\Fichiers communs\muvee Technologies
[08/07/2004|17:01] C:\Program Files\Fichiers communs\Nullsoft
[01/10/2005|00:08] C:\Program Files\Fichiers communs\Real
[25/06/2004|17:13] C:\Program Files\Fichiers communs\Services
[16/04/2006|17:37] C:\Program Files\Fichiers communs\Softwin
[25/06/2004|18:11] C:\Program Files\Fichiers communs\SpeechEngines
[10/09/2008|16:28] C:\Program Files\Fichiers communs\System
[28/09/2007|10:21] C:\Program Files\Fichiers communs\WinSoftware

--------------------\\ Process

( 52 Processes )

MsgPlus.exe ~ [PID:1888]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\Adverts
C:\DOCUME~1\MEDION\Cookies\medion@advertstream[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@adultfriendfinder[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@advertising[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@bigpoint[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@fr.xblaster.bigpoint[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@banner.cotedazurpalace[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@cotedazurpalace[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@adopt.euroclick[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@pacificpoker[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@partypoker[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@32vegas[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@banner.32vegas[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@2xmoinscher[1].txt
C:\DOCUME~1\MEDION\Cookies\medion@www.2xmoinscher[2].txt
C:\DOCUME~1\MEDION\Cookies\medion@888[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 15:09:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\PROGRA~1\FICHIE~1\ErrorSafe
C:\PROGRA~1\ErrorSafe


Aucune autre infection trouvée !

[F:179][D:20]-> C:\DOCUME~1\MEDION\LOCALS~1\Temp
[F:693][D:0]-> C:\DOCUME~1\MEDION\Cookies
[F:6972][D:46]-> C:\DOCUME~1\MEDION\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 13/09/2008|15:10 - Option : [1]

--------------------\\ Fin du rapport a 15:10:37

voici le rapport avec combofix

ComboFix 08-09-15.01 - MEDION 2008-09-15 21:40:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.697 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MEDION\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MEDION\Cookies\medion@ad.yieldmanager[2].txt
C:\Documents and Settings\MEDION\Cookies\medion@bluestreak[1].txt
C:\Documents and Settings\MEDION\Cookies\medion@edt02[1].txt
C:\Documents and Settings\MEDION\Cookies\medion@spamblockerutility[2].txt
C:\Program Files\Altnet
C:\Program Files\Altnet\DBBackup\file-1001-567.sig
C:\Program Files\Altnet\DBBackup\Sigfiles.db
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll
C:\Program Files\RcvSystem
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\_003424_.tmp.dll
C:\WINDOWS\system32\_003425_.tmp.dll
C:\WINDOWS\system32\_003426_.tmp.dll
C:\WINDOWS\system32\_003427_.tmp.dll
C:\WINDOWS\system32\_003434_.tmp.dll
C:\WINDOWS\system32\_003435_.tmp.dll
C:\WINDOWS\system32\_003436_.tmp.dll
C:\WINDOWS\system32\_003438_.tmp.dll
C:\WINDOWS\system32\_003439_.tmp.dll
C:\WINDOWS\system32\_003442_.tmp.dll
C:\WINDOWS\system32\_003443_.tmp.dll
C:\WINDOWS\system32\_003445_.tmp.dll
C:\WINDOWS\system32\_003446_.tmp.dll
C:\WINDOWS\system32\_003447_.tmp.dll
C:\WINDOWS\system32\_003449_.tmp.dll
C:\WINDOWS\system32\_003450_.tmp.dll
C:\WINDOWS\system32\_003452_.tmp.dll
C:\WINDOWS\system32\_003456_.tmp.dll
C:\WINDOWS\system32\_003457_.tmp.dll
C:\WINDOWS\system32\_003847_.tmp.dll
C:\WINDOWS\system32\_003848_.tmp.dll
C:\WINDOWS\system32\_003849_.tmp.dll
C:\WINDOWS\system32\_003850_.tmp.dll
C:\WINDOWS\system32\_003857_.tmp.dll
C:\WINDOWS\system32\_003858_.tmp.dll
C:\WINDOWS\system32\_003859_.tmp.dll
C:\WINDOWS\system32\_003860_.tmp.dll
C:\WINDOWS\system32\_003862_.tmp.dll
C:\WINDOWS\system32\_003863_.tmp.dll
C:\WINDOWS\system32\_003866_.tmp.dll
C:\WINDOWS\system32\_003867_.tmp.dll
C:\WINDOWS\system32\_003869_.tmp.dll
C:\WINDOWS\system32\_003870_.tmp.dll
C:\WINDOWS\system32\_003871_.tmp.dll
C:\WINDOWS\system32\_003873_.tmp.dll
C:\WINDOWS\system32\_003874_.tmp.dll
C:\WINDOWS\system32\_003876_.tmp.dll
C:\WINDOWS\system32\_003880_.tmp.dll
C:\WINDOWS\system32\_003881_.tmp.dll
C:\WINDOWS\system32\_003883_.tmp.dll
C:\WINDOWS\system32\_003884_.tmp.dll
C:\WINDOWS\system32\_003886_.tmp.dll
C:\WINDOWS\system32\_003888_.tmp.dll
C:\WINDOWS\system32\_003889_.tmp.dll
C:\WINDOWS\system32\_003890_.tmp.dll
C:\WINDOWS\system32\_003891_.tmp.dll
C:\WINDOWS\system32\_003892_.tmp.dll
C:\WINDOWS\system32\_003895_.tmp.dll
C:\WINDOWS\system32\_003897_.tmp.dll
C:\WINDOWS\system32\_003898_.tmp.dll
C:\WINDOWS\system32\_003899_.tmp.dll
C:\WINDOWS\system32\_003903_.tmp.dll
C:\WINDOWS\system32\_004183_.tmp.dll
C:\WINDOWS\system32\_004184_.tmp.dll
C:\WINDOWS\system32\_004185_.tmp.dll
C:\WINDOWS\system32\_004186_.tmp.dll
C:\WINDOWS\system32\_004193_.tmp.dll
C:\WINDOWS\system32\_004194_.tmp.dll
C:\WINDOWS\system32\_004195_.tmp.dll
C:\WINDOWS\system32\_004197_.tmp.dll
C:\WINDOWS\system32\_004198_.tmp.dll
C:\WINDOWS\system32\_004201_.tmp.dll
C:\WINDOWS\system32\_004202_.tmp.dll
C:\WINDOWS\system32\_004204_.tmp.dll
C:\WINDOWS\system32\_004205_.tmp.dll
C:\WINDOWS\system32\_004206_.tmp.dll
C:\WINDOWS\system32\_004208_.tmp.dll
C:\WINDOWS\system32\_004209_.tmp.dll
C:\WINDOWS\system32\_004211_.tmp.dll
C:\WINDOWS\system32\_004215_.tmp.dll
C:\WINDOWS\system32\_004216_.tmp.dll
C:\WINDOWS\system32\_004218_.tmp.dll
C:\WINDOWS\system32\_004219_.tmp.dll
C:\WINDOWS\system32\_004221_.tmp.dll
C:\WINDOWS\system32\_004223_.tmp.dll
C:\WINDOWS\system32\_004224_.tmp.dll
C:\WINDOWS\system32\_004225_.tmp.dll
C:\WINDOWS\system32\_004226_.tmp.dll
C:\WINDOWS\system32\_004229_.tmp.dll
C:\WINDOWS\system32\_004231_.tmp.dll
C:\WINDOWS\system32\_004232_.tmp.dll
C:\WINDOWS\system32\_004233_.tmp.dll
C:\WINDOWS\system32\_004237_.tmp.dll
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.

2008-09-15 20:05 . 2008-09-15 20:05 <REP> d-------- C:\Anuman Interactive
2008-09-15 17:45 . 2008-09-15 17:45 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Anuman Interactive
2008-09-15 12:12 . 2008-09-15 12:12 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-15 12:01 . 2008-09-15 12:01 0 --a----t- C:\WINDOWS\[u]0[/u]06517_.tmp
2008-09-13 11:56 . 2008-09-15 11:27 <REP> d-------- C:\Lop SD
2008-09-12 15:34 . 2008-09-15 17:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 15:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 10:57 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-12 10:54 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-12 10:41 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-03 11:26 . 2008-09-03 11:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 17:30 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\[u]0[/u]04863_.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 19:44 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-15 15:47 --------- d-----w C:\Program Files\MSN Messenger
2008-09-12 09:46 --------- d-----w C:\Program Files\SAGEM WiFi manager
2008-09-03 09:41 --------- d-----w C:\Documents and Settings\MEDION\Application Data\AdobeUM
2005-05-27 09:22 46 -c--a-w C:\Documents and Settings\MEDION\getfile.dat
2004-09-28 17:53 560 -c--a-w C:\Documents and Settings\MEDION\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 3809280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-06-16 61440]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-04-30 190024]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\HDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2004-06-07 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 C:\WINDOWS\mHotkey.exe]
"Dit"="Dit.exe" [2004-04-02 C:\WINDOWS\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-15 13440]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 1390976]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
S3 SIS163u;WL_54USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-09-16 162304]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-Registry Cleaner - C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe
HKLM-Run-Realtime Monitor - C:\PROGRA~1\CA\ETRUST~1\realmon.exe
HKLM-Run-dash part help mix - C:\Documents and Settings\All Users\Application Data\Four Once Dash Part\mail owns.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:44:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-15 21:47:09 - La machine a red‚marr‚ [MEDION]
ComboFix-quarantined-files.txt 2008-09-15 19:47:04

Avant-CF: 78,261,219,328 octets libres
AprŠs-CF: 78,479,855,616 octets libres

255 --- E O F --- 2008-09-15 10:18:47

voici le rapport avec combofix

ComboFix 08-09-15.01 - MEDION 2008-09-15 21:40:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.697 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MEDION\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MEDION\Cookies\medion@ad.yieldmanager[2].txt
C:\Documents and Settings\MEDION\Cookies\medion@bluestreak[1].txt
C:\Documents and Settings\MEDION\Cookies\medion@edt02[1].txt
C:\Documents and Settings\MEDION\Cookies\medion@spamblockerutility[2].txt
C:\Program Files\Altnet
C:\Program Files\Altnet\DBBackup\file-1001-567.sig
C:\Program Files\Altnet\DBBackup\Sigfiles.db
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll
C:\Program Files\RcvSystem
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\_003424_.tmp.dll
C:\WINDOWS\system32\_003425_.tmp.dll
C:\WINDOWS\system32\_003426_.tmp.dll
C:\WINDOWS\system32\_003427_.tmp.dll
C:\WINDOWS\system32\_003434_.tmp.dll
C:\WINDOWS\system32\_003435_.tmp.dll
C:\WINDOWS\system32\_003436_.tmp.dll
C:\WINDOWS\system32\_003438_.tmp.dll
C:\WINDOWS\system32\_003439_.tmp.dll
C:\WINDOWS\system32\_003442_.tmp.dll
C:\WINDOWS\system32\_003443_.tmp.dll
C:\WINDOWS\system32\_003445_.tmp.dll
C:\WINDOWS\system32\_003446_.tmp.dll
C:\WINDOWS\system32\_003447_.tmp.dll
C:\WINDOWS\system32\_003449_.tmp.dll
C:\WINDOWS\system32\_003450_.tmp.dll
C:\WINDOWS\system32\_003452_.tmp.dll
C:\WINDOWS\system32\_003456_.tmp.dll
C:\WINDOWS\system32\_003457_.tmp.dll
C:\WINDOWS\system32\_003847_.tmp.dll
C:\WINDOWS\system32\_003848_.tmp.dll
C:\WINDOWS\system32\_003849_.tmp.dll
C:\WINDOWS\system32\_003850_.tmp.dll
C:\WINDOWS\system32\_003857_.tmp.dll
C:\WINDOWS\system32\_003858_.tmp.dll
C:\WINDOWS\system32\_003859_.tmp.dll
C:\WINDOWS\system32\_003860_.tmp.dll
C:\WINDOWS\system32\_003862_.tmp.dll
C:\WINDOWS\system32\_003863_.tmp.dll
C:\WINDOWS\system32\_003866_.tmp.dll
C:\WINDOWS\system32\_003867_.tmp.dll
C:\WINDOWS\system32\_003869_.tmp.dll
C:\WINDOWS\system32\_003870_.tmp.dll
C:\WINDOWS\system32\_003871_.tmp.dll
C:\WINDOWS\system32\_003873_.tmp.dll
C:\WINDOWS\system32\_003874_.tmp.dll
C:\WINDOWS\system32\_003876_.tmp.dll
C:\WINDOWS\system32\_003880_.tmp.dll
C:\WINDOWS\system32\_003881_.tmp.dll
C:\WINDOWS\system32\_003883_.tmp.dll
C:\WINDOWS\system32\_003884_.tmp.dll
C:\WINDOWS\system32\_003886_.tmp.dll
C:\WINDOWS\system32\_003888_.tmp.dll
C:\WINDOWS\system32\_003889_.tmp.dll
C:\WINDOWS\system32\_003890_.tmp.dll
C:\WINDOWS\system32\_003891_.tmp.dll
C:\WINDOWS\system32\_003892_.tmp.dll
C:\WINDOWS\system32\_003895_.tmp.dll
C:\WINDOWS\system32\_003897_.tmp.dll
C:\WINDOWS\system32\_003898_.tmp.dll
C:\WINDOWS\system32\_003899_.tmp.dll
C:\WINDOWS\system32\_003903_.tmp.dll
C:\WINDOWS\system32\_004183_.tmp.dll
C:\WINDOWS\system32\_004184_.tmp.dll
C:\WINDOWS\system32\_004185_.tmp.dll
C:\WINDOWS\system32\_004186_.tmp.dll
C:\WINDOWS\system32\_004193_.tmp.dll
C:\WINDOWS\system32\_004194_.tmp.dll
C:\WINDOWS\system32\_004195_.tmp.dll
C:\WINDOWS\system32\_004197_.tmp.dll
C:\WINDOWS\system32\_004198_.tmp.dll
C:\WINDOWS\system32\_004201_.tmp.dll
C:\WINDOWS\system32\_004202_.tmp.dll
C:\WINDOWS\system32\_004204_.tmp.dll
C:\WINDOWS\system32\_004205_.tmp.dll
C:\WINDOWS\system32\_004206_.tmp.dll
C:\WINDOWS\system32\_004208_.tmp.dll
C:\WINDOWS\system32\_004209_.tmp.dll
C:\WINDOWS\system32\_004211_.tmp.dll
C:\WINDOWS\system32\_004215_.tmp.dll
C:\WINDOWS\system32\_004216_.tmp.dll
C:\WINDOWS\system32\_004218_.tmp.dll
C:\WINDOWS\system32\_004219_.tmp.dll
C:\WINDOWS\system32\_004221_.tmp.dll
C:\WINDOWS\system32\_004223_.tmp.dll
C:\WINDOWS\system32\_004224_.tmp.dll
C:\WINDOWS\system32\_004225_.tmp.dll
C:\WINDOWS\system32\_004226_.tmp.dll
C:\WINDOWS\system32\_004229_.tmp.dll
C:\WINDOWS\system32\_004231_.tmp.dll
C:\WINDOWS\system32\_004232_.tmp.dll
C:\WINDOWS\system32\_004233_.tmp.dll
C:\WINDOWS\system32\_004237_.tmp.dll
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_PERFORMANCE_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_vspf
-------\Service_vspf_hk


((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.

2008-09-15 20:05 . 2008-09-15 20:05 <REP> d-------- C:\Anuman Interactive
2008-09-15 17:45 . 2008-09-15 17:45 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Anuman Interactive
2008-09-15 12:12 . 2008-09-15 12:12 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-15 12:01 . 2008-09-15 12:01 0 --a----t- C:\WINDOWS\[u]0[/u]06517_.tmp
2008-09-13 11:56 . 2008-09-15 11:27 <REP> d-------- C:\Lop SD
2008-09-12 15:34 . 2008-09-15 17:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 15:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 10:57 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-12 10:54 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-12 10:41 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-03 11:26 . 2008-09-03 11:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 17:30 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\[u]0[/u]04863_.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 19:44 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-15 15:47 --------- d-----w C:\Program Files\MSN Messenger
2008-09-12 09:46 --------- d-----w C:\Program Files\SAGEM WiFi manager
2008-09-03 09:41 --------- d-----w C:\Documents and Settings\MEDION\Application Data\AdobeUM
2005-05-27 09:22 46 -c--a-w C:\Documents and Settings\MEDION\getfile.dat
2004-09-28 17:53 560 -c--a-w C:\Documents and Settings\MEDION\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 3809280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-06-16 61440]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-04-30 190024]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\HDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2004-06-07 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 C:\WINDOWS\mHotkey.exe]
"Dit"="Dit.exe" [2004-04-02 C:\WINDOWS\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-15 13440]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 1390976]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
S3 SIS163u;WL_54USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-09-16 162304]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-Registry Cleaner - C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe
HKLM-Run-Realtime Monitor - C:\PROGRA~1\CA\ETRUST~1\realmon.exe
HKLM-Run-dash part help mix - C:\Documents and Settings\All Users\Application Data\Four Once Dash Part\mail owns.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKCU-Main,Start Page = hxxp://www.wanadoo.fr
O8 -: &Recherche AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:44:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

Scan termin‚ avec succŠs
Fichiers cach‚s: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-09-15 21:47:09 - La machine a red‚marr‚ [MEDION]
ComboFix-quarantined-files.txt 2008-09-15 19:47:04

Avant-CF: 78,261,219,328 octets libres
AprŠs-CF: 78,479,855,616 octets libres

255 --- E O F --- 2008-09-15 10:18:47

j'ai fait ce que tu m'a dit mais la fenetre bleu apparait mais sans message; je n'arrive pas à aller plus loin. de plus j'ai l'icone avast qui n'apparait plus dans la barre des taches et je n'arrive pas à le faire reapparaitre.
enfin quand j'ai fait l'étape avec combofix je n'ai pas mis la console qu'il demande dans le lien d'explication. je n'arrive plus tro a avancer d'autant que mon ordi marcher un peu mieux avant que je fasse le scan avec combofix. faire que j'ai pas fait trop de conneries
Merci bien en tout cas. En attendant impatiamment de que tu puisse me guider par rapport a ce que je t'ai dit.

rapport fait avec combofix mais ca ne s'est pas passé exactement comme tu m'a dit, jette un coup d'oeil et dis moi ce qu'il en est. merci encore


ComboFix 08-09-15.01 - MEDION 2008-09-22 19:30:33.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.624 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\MEDION\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\MEDION\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\MEDION\getfile.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.

2008-09-16 06:21 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll
2008-09-16 06:21 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll
2008-09-16 06:21 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-09-16 06:21 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-09-16 06:21 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-09-16 06:21 . 2008-05-10 01:25 135,168 -----c--- C:\WINDOWS\system32\dllcache\wshom.ocx
2008-09-16 06:21 . 2008-05-07 11:07 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-09-16 06:21 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-09-15 20:05 . 2008-09-15 20:05 <REP> d-------- C:\Anuman Interactive
2008-09-15 17:45 . 2008-09-15 17:45 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Anuman Interactive
2008-09-15 12:12 . 2008-09-15 12:12 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-15 12:01 . 2008-09-15 12:01 0 --a----t- C:\WINDOWS\[u]0[/u]06517_.tmp
2008-09-13 11:56 . 2008-09-15 11:27 <REP> d-------- C:\Lop SD
2008-09-12 15:34 . 2008-09-15 17:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\MEDION\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-12 15:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 15:34 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 15:34 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 10:57 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-12 10:54 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-12 10:41 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-03 11:26 . 2008-09-03 11:26 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 17:30 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\[u]0[/u]04863_.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 07:46 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-15 15:47 --------- d-----w C:\Program Files\MSN Messenger
2008-09-12 09:46 --------- d-----w C:\Program Files\SAGEM WiFi manager
2008-09-03 09:41 --------- d-----w C:\Documents and Settings\MEDION\Application Data\AdobeUM
2008-08-11 16:33 163,840 ------w C:\WINDOWS\system32\trz4B.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es(4).dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es(3).dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms(3).dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms(2).dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2004-09-28 17:53 560 -c--a-w C:\Documents and Settings\MEDION\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-15_21.46.43.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:51:45 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:51:45 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:51:45 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:51:45 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:51:45 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-04-14 02:33:59 139,264 -c----w C:\WINDOWS\$NtUninstallKB951978$\cscript.exe
+ 2008-04-14 02:33:27 512,000 -c----w C:\WINDOWS\$NtUninstallKB951978$\jscript.dll
+ 2008-04-14 02:33:40 180,224 -c----w C:\WINDOWS\$NtUninstallKB951978$\scrobj.dll
+ 2008-04-14 02:33:40 172,032 -c----w C:\WINDOWS\$NtUninstallKB951978$\scrrun.dll
+ 2007-11-30 12:39:29 234,872 -c----w C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe
+ 2007-11-30 12:39:29 406,392 -c----w C:\WINDOWS\$NtUninstallKB951978$\spuninst\updspapi.dll
+ 2008-04-14 02:33:48 434,176 -c----w C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll
+ 2008-04-14 02:34:29 155,648 -c----w C:\WINDOWS\$NtUninstallKB951978$\wscript.exe
+ 2008-04-14 02:33:50 90,112 -c----w C:\WINDOWS\$NtUninstallKB951978$\wshext.dll
- 2008-04-14 02:33:59 139,264 ----a-w C:\WINDOWS\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
- 2008-04-14 02:33:27 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-14 02:33:40 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
+ 2008-05-09 10:55:00 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
- 2008-04-14 02:33:40 172,032 ------w C:\WINDOWS\system32\scrrun.dll
+ 2008-05-09 10:55:00 172,032 ------w C:\WINDOWS\system32\scrrun.dll
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-04-14 02:33:48 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-05-09 10:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-14 02:34:29 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
- 2008-04-14 02:33:50 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-05-09 10:55:00 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
+ 2008-09-22 17:19:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 3809280]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-06-16 61440]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-04-30 190024]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 188416]
"SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\HDAudPropShortcut.exe]
"nwiz"="nwiz.exe" [2004-06-07 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2002-07-23 C:\WINDOWS\mHotkey.exe]
"Dit"="Dit.exe" [2004-04-02 C:\WINDOWS\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-18 13440]
R3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 1390976]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
S3 SIS163u;WL_54USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-09-16 162304]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 19:32:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-22 19:33:51
ComboFix-quarantined-files.txt 2008-09-22 17:33:43
ComboFix2.txt 2008-09-15 19:47:10

Avant-CF: 78,514,348,032 octets libres
AprŠs-CF: 78,592,708,608 octets libres

177 --- E O F --- 2008-09-16 07:16:16

voici le rapport hisjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29, on 2008-09-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GStartup.lnk = C:\Program Files\Softwin\BitDefender Free Edition\Infected\GMT.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe (file missing)
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoRT.exe (file missing)
O23 - Service: eTrust Antivirus Job Server (InoTask) - Unknown owner - C:\Program Files\CA\eTrust Antivirus\InoTask.exe (file missing)
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

j'ai vu que j'avais bitdefender mais je ne le savais pas
par contre je n'arrive pas à utiliser OAD, le téléchargement s'arrete à 99% et il apparait une alerte antivirus. je n'arrive pas à aller plus loin.