PC au ralenti, gros doutes d'infection ...

Voila pour Malware (RAS)

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1156
Windows 5.1.2600 Service Pack 2

2008-09-15 21:32:38
mbam-log-2008-09-15 (21-32-38).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 20018
Temps écoulé: 12 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Et pour Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34, on 2008-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Logiciels\Adware_Pack\Soft\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Logiciels\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\LOGICI~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre-yves\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Logiciels\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Logiciels\Adobe_Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "E:\LOGICI~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\LOGICI~1\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\LOGICI~1\Office\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Logiciels\Adware_Pack\Soft\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Logiciels\Spyware Terminator\sp_rsser.exe

Voila pour Toolbar


-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 05/28/07 15:18:21 Ver: 08.00.12
USER : Pierre-yves ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 43 Go Free : 1 Go
F:\ (CD or DVD) - CDFS - Total : 1 Go Free : 0 Go

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [1] ( 2008-09-15|21:39 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Toolbar
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Pierre-yves) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Pierre-yves) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-15|21:40 - Option : [1]

-----------\\ Fin du rapport a 21:40:27.84

Voila pour Toolbar:


-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 05/28/07 15:18:21 Ver: 08.00.12
USER : Pierre-yves ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 29 Go Free : 0 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 43 Go Free : 1 Go
F:\ (CD or DVD) - CDFS - Total : 1 Go Free : 0 Go

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [2] ( 2008-09-15|21:51 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Toolbar
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - C:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Pierre-yves) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Pierre-yves) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-15|21:40 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-09-15|21:52 - Option : [2]

-----------\\ Fin du rapport a 21:52:59.28

Et pour Clean:

2008-09-15 a 21:54:55.35

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

*** Recherche des fichiers dans C:\Program Files

Voila pour Clean:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 2008-09-15 a 22:35:03.62

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Pour SDFix:


[b]SDFix: Version 1.225 [/b]
Run by Pierre-yves on 2008-09-15 at 22:42

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:45:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:de,66,36,89,47,50,e1,5c,6c,a1,12,3d,c1,48,35,45,15,6c,f5,d9,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,7f,06,b3,2c,be,d0,b2,c1,13,03,1c,84,41,07,ec,6d,e1,..
"hdf12"=hex:eb,db,f4,e7,7d,2c,8c,cc,ee,e0,20,01,bd,2b,b8,6c,49,be,1d,0e,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7c,3f,fb,4c,d2,7c,7d,de,7a,26,1a,fa,e5,d0,83,89,0c,98,c1,e7,0d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:de,66,36,89,47,50,e1,5c,6c,a1,12,3d,c1,48,35,45,15,6c,f5,d9,53,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,7f,06,b3,2c,be,d0,b2,c1,13,03,1c,84,41,07,ec,6d,e1,..
"hdf12"=hex:eb,db,f4,e7,7d,2c,8c,cc,ee,e0,20,01,bd,2b,b8,6c,49,be,1d,0e,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:7c,3f,fb,4c,d2,7c,7d,de,7a,26,1a,fa,e5,d0,83,89,0c,98,c1,e7,0d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Logiciels\\Azureus\\Azureus.exe"="E:\\Logiciels\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"E:\\Logiciels\\eChanblard\\emule.exe"="E:\\Logiciels\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Logiciels\\veoh_tv\\VeohClient.exe"="E:\\Logiciels\\veoh_tv\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\Jeux\\warcraft\\War3.exe"="E:\\Jeux\\warcraft\\War3.exe:*:Disabled:Warcraft III"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\Jeux\\warcraft\\Warcraft III.exe"="E:\\Jeux\\warcraft\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Mon 4 Feb 2008 151,040 ..SH. --- "C:\WINDOWS\system32\VistaUltm.dll"
Fri 16 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 27 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"
Fri 16 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT3.tmp"
Fri 16 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT4.tmp"
Fri 16 Nov 2007 4,348 ...H. --- "C:\Documents and Settings\Pierre-yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 15 Dec 2007 20 A..H. --- "C:\Documents and Settings\Pierre-yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 10 Nov 2007 312 A.SH. --- "C:\Documents and Settings\Pierre-yves\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]

Et pour Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49, on 2008-09-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Logiciels\Adware_Pack\Soft\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Logiciels\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Logiciels\Adobe_Reader\Reader\Reader_sl.exe
E:\LOGICI~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pierre-yves\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Logiciels\Free Download Manager\iefdm2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Logiciels\Adobe_Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "E:\LOGICI~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\LOGICI~1\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://E:\Logiciels\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\LOGICI~1\Office\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CDE0094-71AF-4698-B10C-C87C26CA7267}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Logiciels\Adware_Pack\Soft\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Logiciels\Spyware Terminator\sp_rsser.exe

Ca à l'air mieux merci à toi geoffrey5 !!! Mon pb est que je n'est pas d'antivrus efficace (je n'arrive pas à désinstaller Antivir proprement), et du coup au démarrage il me dit "vôtre ordinateur cour un risque ..." (l'antivirus et désactivé malgré qu'il soit installer) ....

Quoi faire ?

C'est étrange j'ai bien désinstallé et tout supprimé mais il me reste quelque chose car quand je lance la nouvelle installation (ap redémarage du PC), il me signale qu'il reste des éléments Avira Antivir.... j'ai réessayer la manip 3 fois mais tj la meme cose quand je démarre une fenetre s'ouvre et me dis :

Un produit Avira Gmbh est déja installé sur vôtre system ....

Il me propose de desinstaller et de redamarrer, mais il ne se passe rien de plus ...

Salut, j'ai testé l'utilitaire que tu m'as passé ma cela n'a rien changé, lors de l'installation il y a toujours des composants avira de détectés ...

J'ai mis le scan de Avira Removal Tool:

[16/9/2008 19:12:48]
AntiVir Removal Tool 3.0 (c) 2006 Avira GmbH
Removal Tool for:
Sober.J/P/Y
TR/Spy.Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3
W32/Stanit.A
Worm/NetSky.P

Version: 3.0.1.16, May 28 2008 15:11:17

Use /? to list all available command line options

- Saving results to logfile "tool_en.log".

Scanning memory... done

No malware found in memory


Scanning drive C: ...

Scanning drive E: ...

No malware found on hard drives

scan results:

scanned directories: 6583
scanned files: 48810
scanned streams: 43
scanned processes: 37
scanned modules: 394

infected files: 0
infected processes: 0

repaired/removed files: 0
renamed files: 0
terminated processes: 0

elapsed time for memory scan: 63.84 seconds
average memory scanner throughput: 2565.94 KB/s

elapsed time for file scan: 905.25 seconds
average file scanner throughput: 836.44 KB/s

Thank you for using AntiVir Removal Tool.


Je ne vois plus trop quoi faire d'autant qu'installer un autre anitvirus poserai des problèmes de conflits et que je n'ai actuellement pas de protection ...

j'ai testé l'utilitaire que tu m'as passé ma cela n'a rien changé, lors de l'installation il y a toujours des composants avira de détectés ...

J'ai mis le scan de Avira Removal Tool:

[16/9/2008 19:12:48]
AntiVir Removal Tool 3.0 (c) 2006 Avira GmbH
Removal Tool for:
Sober.J/P/Y
TR/Spy.Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3
W32/Stanit.A
Worm/NetSky.P

Version: 3.0.1.16, May 28 2008 15:11:17

Use /? to list all available command line options

- Saving results to logfile "tool_en.log".

Scanning memory... done

No malware found in memory


Scanning drive C: ...

Scanning drive E: ...

No malware found on hard drives

scan results:

scanned directories: 6583
scanned files: 48810
scanned streams: 43
scanned processes: 37
scanned modules: 394

infected files: 0
infected processes: 0

repaired/removed files: 0
renamed files: 0
terminated processes: 0

elapsed time for memory scan: 63.84 seconds
average memory scanner throughput: 2565.94 KB/s

elapsed time for file scan: 905.25 seconds
average file scanner throughput: 836.44 KB/s

Thank you for using AntiVir Removal Tool.


Je ne vois plus trop quoi faire d'autant qu'installer un autre anitvirus poserai des problèmes de conflits et que je n'ai actuellement pas de protection ...

Cela n'a rien changé il me reste toujours des composants Avira (toujours le meme message lors de la tentative d'installation) , voila le scan de Avira removal tool:

[16/9/2008 19:12:48]
AntiVir Removal Tool 3.0 (c) 2006 Avira GmbH
Removal Tool for:
Sober.J/P/Y
TR/Spy.Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3
W32/Stanit.A
Worm/NetSky.P

Version: 3.0.1.16, May 28 2008 15:11:17

Use /? to list all available command line options

- Saving results to logfile "tool_en.log".

Scanning memory... done

No malware found in memory


Scanning drive C: ...

Scanning drive E: ...

No malware found on hard drives

scan results:

scanned directories: 6583
scanned files: 48810
scanned streams: 43
scanned processes: 37
scanned modules: 394

infected files: 0
infected processes: 0

repaired/removed files: 0
renamed files: 0
terminated processes: 0

elapsed time for memory scan: 63.84 seconds
average memory scanner throughput: 2565.94 KB/s

elapsed time for file scan: 905.25 seconds
average file scanner throughput: 836.44 KB/s

Thank you for using AntiVir Removal Tool.


Je ne vois plus trop quoi faire d'autant qu'installer un autre anitvirus poserai des problèmes de conflits et que je n'ai actuellement pas de protection ...

Salut, désolé pour le message en triple c'est une erreure de ma part , voila le rapport de Combo Fix:

ComboFix 08-09-16.05 - Pierre-yves 2008-09-17 15:22:11.4 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.718 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Pierre-yves\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BMeb60fe7e.txt
C:\WINDOWS\BMeb60fe7e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cfmxstkx.ini
C:\WINDOWS\system32\CKmponmp.ini
C:\WINDOWS\system32\CKmponmp.ini2
C:\WINDOWS\system32\dwasdwsv.dll
C:\WINDOWS\system32\fosgvwmr.dll
C:\WINDOWS\system32\iiffEvVl.dll
C:\WINDOWS\system32\iiluynau.exe
C:\WINDOWS\system32\pmnnKARH.dll
C:\WINDOWS\system32\pmnopmKC.dll
C:\WINDOWS\system32\ruvfpb.dll
C:\WINDOWS\system32\wwqyejlr.dll
C:\WINDOWS\system32\xktsxmfc.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-17 au 2008-09-17 ))))))))))))))))))))))))))))))))))))
.

2008-09-16 19:52 . 2008-09-16 19:52 <REP> d-------- C:\Documents and Settings\Pierre-yves\workspace
2008-09-15 22:39 . 2008-09-15 22:47 <REP> d-------- C:\SDFix
2008-09-15 21:39 . 2008-09-15 21:52 <REP> d-------- C:\ToolBar SD
2008-09-15 21:39 . 2008-09-15 21:52 2,578 --a------ C:\Documents and Settings\Orph.egd
2008-09-15 21:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 21:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 01:01 . 2008-09-15 01:01 <REP> d-------- C:\Program Files\Veoh Networks
2008-08-27 20:33 . 2008-08-27 20:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 18:52 . 2008-08-27 18:52 <REP> d-------- C:\Reg - Backup
2008-08-26 21:34 . 2008-08-26 21:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Notepad++
2008-08-26 21:33 . 2008-08-26 21:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Spyware Terminator
2008-08-26 21:03 . 2008-04-08 22:44 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-26 21:03 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 20:48 . 2008-08-26 20:48 <REP> d-------- C:\ComboFix(2)
2008-08-24 20:45 . 2008-08-24 20:45 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-08-24 20:22 . 2008-08-24 20:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\OnlineArmor
2008-08-24 19:31 . 2008-08-24 19:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-24 17:13 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-24 17:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-08-24 17:12 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-24 16:35 . 2008-08-24 16:35 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 13:17 --------- d-----w C:\Documents and Settings\Pierre-yves\Application Data\OpenOffice.org2
2008-09-15 20:57 --------- d-----w C:\Program Files\Java
2008-09-15 19:19 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-14 09:00 --------- d-----w C:\Documents and Settings\Pierre-yves\Application Data\Spyware Terminator
2008-08-31 19:25 --------- d-----w C:\Documents and Settings\Pierre-yves\Application Data\Azureus
2008-08-26 20:05 2,676 ----a-w C:\WINDOWS\system32\tmp.reg
2008-08-26 19:34 --------- d-----w C:\Program Files\WinClamAVShield
2008-08-25 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-07 17:56 --------- d-----w C:\Program Files\Google
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-21 14:22 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-02-13 18:10 22,328 ----a-w C:\Documents and Settings\Pierre-yves\Application Data\PnkBstrK.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_23.13.02.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-15 20:41:29 8,040,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-09-15 20:41:29 221,184 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-08-14 17:02:18 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-09-13 20:48:06 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-14 17:02:18 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-13 20:48:06 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-14 17:02:18 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-09-13 20:48:06 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-14 17:02:18 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-13 20:48:06 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-14 17:02:19 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-13 20:48:06 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-14 17:02:19 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-13 20:48:06 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-14 17:02:19 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-13 20:48:06 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-14 17:02:19 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-13 20:48:06 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-14 17:02:18 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-13 20:48:06 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-14 17:02:18 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-09-13 20:48:06 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-14 17:02:19 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-13 20:48:06 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-14 17:02:18 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-13 20:48:06 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-14 17:02:18 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-13 20:48:06 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
- 2008-07-26 11:44:57 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-16 94208]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-13 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-13 86016]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="E:\Logiciels\Adobe_Reader\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="E:\LOGICI~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-09 1817600]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-16 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe]
"NWEReboot"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

C:\Documents and Settings\Pierre-yves\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-02 21:52 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 10:18 3660848 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirScheduler"=2 (0x2)
"AntiVirService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Logiciels\\Azureus\\Azureus.exe"=
"E:\\Logiciels\\eChanblard\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Jeux\\warcraft\\War3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Jeux\\warcraft\\Warcraft III.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9291:TCP"= 9291:TCP:BitComet 9291 TCP
"9291:UDP"= 9291:UDP:BitComet 9291 UDP

S1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-12-08 4484]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-09 141312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880a8c0c-ab0a-11dc-90a1-001bfce85ac9}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880a8c0e-ab0a-11dc-90a1-001bfce85ac9}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-avgnt - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
MSConfigStartUp-OnlineArmor GUI - E:\Logiciels\Online Armor\oaui.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Pierre-yves\Application Data\Mozilla\Firefox\Profiles\c2zlxukq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - E:\Logiciels\Adobe_Reader\Reader\browser\nppdf32.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin2.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin3.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin4.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin5.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin6.dll
FF -: plugin - E:\Logiciels\Quick time\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 15:23:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-17 15:24:51
ComboFix-quarantined-files.txt 2008-09-17 13:24:41
ComboFix2.txt 2008-04-07 21:28:46

Avant-CF: 871,002,112 octets libres
AprŠs-CF: 873,279,488 octets libres

219 --- E O F --- 2008-09-13 20:48:13

J'ai tout fait comme tu me l'as recommandé et c'est bon tout semble marché au poil. Merci beaucoup de ton aide, bonne continuation...