Setupcasino enlever : impossible

bon me revoilà! :)

voici le poste :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. H:\autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02182009_013556

Files moved on Reboot...
File move failed. H:\autorun.inf scheduled to be moved on reboot.

ben, la clé USB, impossible à formater!

bon, à la rigueur, c'est pas très grave pour ce qu'il y avait,

j'avais par précaution tout enregistrer sur un CD!

mais par contre, tout me semble si lent!
j'ai voulu remettre Kaspersky ac mon CD mais le lecteur ne le lisait plus du tout, il était carrément vierge!

bref! j'ai quand-même pu le télécharger via le site net!

mais tout ça ne me semble pas très bon

eh ben!

le combo fix se bloque!
ça marche pas! j'arrive à la télécharger
mais après il envoie un message du genre "some installation files are corrupted. please download a fresh copy..."

alors, désespéré?

voilà, ben en passant par "intener explorer" et non mozzila
j'ai enfin pu faire le scan combofix!

voilà le rapport :

ComboFix 09-02-17.02 - moi 2009-02-18 12:06:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1117 [GMT 1:00]
Lancé depuis: c:\users\moi\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
.

2009-02-18 02:32 . 2009-02-18 02:42 101,287 --a------ c:\windows\System32\drivers\klin.dat
2009-02-18 02:32 . 2009-02-18 02:42 89,601 --a------ c:\windows\System32\drivers\klick.dat
2009-02-18 02:31 . 2009-02-18 11:58 <REP> d-------- c:\users\All Users\Kaspersky Lab
2009-02-18 02:31 . 2009-02-18 11:58 <REP> d-------- c:\programdata\Kaspersky Lab
2009-02-18 02:31 . 2009-02-18 02:31 <REP> d-------- c:\program files\Kaspersky Lab
2009-02-18 02:31 . 2009-02-18 04:09 3,293,728 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-02-18 02:31 . 2009-02-18 12:07 409,632 --ahs---- c:\windows\System32\drivers\fidbox2.dat
2009-02-18 02:31 . 2009-02-18 04:09 26,812 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-02-18 02:31 . 2009-02-18 12:05 2,480 --ahs---- c:\windows\System32\drivers\fidbox2.idx
2009-02-18 02:27 . 2009-02-18 02:27 <REP> d-------- c:\windows\Sun
2009-02-18 00:41 . 2009-02-18 03:21 <REP> d-------- c:\program files\UsbFix
2009-02-17 15:07 . 2009-02-17 15:07 <REP> d-------- C:\_OTMoveIt
2009-02-17 14:52 . 2009-02-17 14:52 <REP> d-------- c:\program files\JRE
2009-02-17 13:19 . 2009-02-17 13:16 132,597 --a------ C:\Flash_Disinfector.exe
2009-02-17 13:15 . 2009-02-17 13:15 <REP> d-------- c:\users\All Users\McAfee
2009-02-17 13:15 . 2009-02-17 13:15 <REP> d-------- c:\programdata\McAfee
2009-02-17 13:08 . 2009-02-17 13:30 <REP> d-------- c:\users\moi\AppData\Roaming\U3
2009-02-17 12:35 . 2009-02-17 12:35 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-02-17 11:50 . 2009-02-17 13:08 <REP> d-------- c:\program files\FindyKill
2009-02-17 11:25 . 2009-02-18 03:33 <REP> d-------- C:\rsit
2009-02-17 02:29 . 2009-02-17 02:29 <REP> d-------- c:\users\moi\AppData\Roaming\Malwarebytes
2009-02-17 02:29 . 2009-02-17 02:29 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-17 02:29 . 2009-02-17 02:29 <REP> d-------- c:\programdata\Malwarebytes
2009-02-16 23:23 . 2009-02-17 13:25 <REP> d-------- c:\program files\Ad-remover
2009-02-16 23:03 . 2009-02-18 03:33 <REP> d-------- c:\program files\Trend Micro
2009-02-15 12:38 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:38 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:38 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:38 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:38 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-14 23:41 . 2009-02-15 00:00 <REP> d-------- c:\users\moi\AppData\Roaming\skypePM
2009-02-14 23:41 . 2009-02-14 23:41 56 --ah----- c:\users\All Users\ezsidmv.dat
2009-02-14 23:41 . 2009-02-14 23:41 56 --ah----- c:\programdata\ezsidmv.dat
2009-02-14 23:40 . 2009-02-15 02:40 <REP> d-------- c:\users\moi\AppData\Roaming\Skype
2009-02-14 23:39 . 2009-02-14 23:39 <REP> dr------- c:\program files\Skype
2009-02-14 23:39 . 2009-02-14 23:39 <REP> d-------- c:\program files\Common Files\Skype
2009-02-12 17:32 . 2009-02-12 17:32 <REP> d-------- c:\users\All Users\FLEXnet
2009-02-12 17:32 . 2009-02-12 17:32 <REP> d-------- c:\programdata\FLEXnet
2009-02-11 11:54 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 11:54 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 22:08 . 2009-02-09 22:08 <REP> d-------- c:\program files\Common Files\Scanner
2009-02-09 22:08 . 2009-02-09 22:10 <REP> d-------- c:\program files\CA Yahoo! Anti-Spy
2009-02-04 23:39 . 2009-02-04 23:39 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-04 23:39 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-04 23:39 . 2009-02-04 23:39 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-04 23:39 . 2009-02-04 23:39 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-04 23:37 . 2009-02-04 23:39 <REP> d-------- c:\program files\AGI
2009-02-03 16:09 . 2009-02-03 16:19 <REP> d-------- C:\Poker
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-03 01:08 . 2009-02-03 01:08 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-03 01:08 . 2009-02-03 01:09 <REP> d-------- C:\VAIO Entertainment
2009-02-01 01:36 . 2009-02-01 01:44 <REP> d-------- c:\users\moi\AppData\Roaming\ArcSoft
2009-02-01 01:31 . 2004-07-20 18:21 245,408 --a------ c:\windows\System32\unicows.dll
2009-02-01 01:31 . 2006-03-30 16:53 212,480 --a------ c:\windows\System32\PCDLIB32.DLL
2009-02-01 01:31 . 2007-11-10 14:10 55,808 --a------ c:\windows\System32\ArcSoftKsUFilter.dll
2009-02-01 01:31 . 2007-12-20 15:52 17,408 --a------ c:\windows\System32\drivers\ArcSoftKsUFilter.sys
2009-01-30 22:48 . 2009-01-30 22:48 <REP> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-30 13:44 . 2009-01-30 13:47 <REP> d--h----- c:\users\TEMP\AppData
2009-01-30 13:44 . 2009-01-30 13:47 <REP> d-------- c:\users\TEMP
2009-01-30 12:30 . 2009-02-18 02:42 370 --a------ c:\windows\System32\%LocalXml%
2009-01-30 11:58 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-30 11:58 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-30 11:58 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-30 11:58 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 11:58 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-30 11:58 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-30 11:58 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-30 11:58 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-30 11:53 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-30 11:53 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-30 11:53 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-30 11:53 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-30 11:53 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-29 22:48 . 2009-01-29 22:48 <REP> d-------- C:\PerfLogs
2009-01-29 15:00 . 2009-01-29 15:00 <REP> d-------- c:\users\All Users\HP Product Assistant
2009-01-29 15:00 . 2009-01-29 15:00 <REP> d-------- c:\programdata\HP Product Assistant
2009-01-29 14:55 . 2009-01-29 14:56 <REP> d-------- c:\program files\Common Files\HP
2009-01-29 14:42 . 2009-01-29 14:58 148,935 --a------ c:\windows\hppins20.dat
2009-01-29 14:42 . 2007-03-01 03:21 16,655 --a------ c:\windows\hppmdl20.dat
2009-01-29 13:36 . 2005-10-24 13:55 830,464 --a------ c:\users\moi\hp_ize.exe
2009-01-29 13:32 . 2009-01-29 13:33 19,497 --a------ c:\windows\hpqins13.dat
2009-01-29 13:18 . 2009-01-29 13:18 <REP> d-------- c:\users\moi\AppData\Roaming\Printer Info Cache
2009-01-29 13:18 . 2009-02-01 03:38 <REP> d-------- c:\users\moi\AppData\Roaming\Image Zone Express
2009-01-29 13:04 . 2009-01-29 15:12 <REP> d-------- c:\users\moi\AppData\Roaming\HP
2009-01-29 13:04 . 2009-01-29 13:04 <REP> d-------- c:\users\All Users\WEBREG
2009-01-29 13:04 . 2009-01-29 14:05 <REP> d-------- c:\users\All Users\HPSSUPPLY
2009-01-29 13:04 . 2009-01-29 13:04 <REP> d-------- c:\programdata\WEBREG
2009-01-29 13:04 . 2009-01-29 14:05 <REP> d-------- c:\programdata\HPSSUPPLY
2009-01-29 12:58 . 2009-01-29 12:58 <REP> d-------- c:\users\All Users\Hewlett-Packard
2009-01-29 12:58 . 2009-01-29 12:58 <REP> d-------- c:\programdata\Hewlett-Packard
2009-01-29 12:42 . 2007-01-29 14:22 117,760 --a------ c:\windows\System32\hpz3l4v2.dll
2009-01-29 12:41 . 2007-02-01 08:14 258,048 --a------ c:\windows\System32\hpzids01.dll
2009-01-29 12:24 . 2009-01-29 14:56 <REP> d-------- c:\program files\HP
2009-01-29 12:21 . 2009-01-29 22:17 <REP> d-------- c:\users\All Users\HP
2009-01-29 12:21 . 2009-01-29 22:17 <REP> d-------- c:\programdata\HP
2009-01-28 23:02 . 2008-01-19 08:33 2,623,488 --a------ c:\windows\System32\SLsvc.exe
2009-01-28 23:02 . 2008-01-19 08:36 1,541,120 --a------ c:\windows\System32\onex.dll
2009-01-28 23:00 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2009-01-28 22:59 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
2009-01-28 22:58 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-01-28 22:57 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2009-01-28 22:57 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2009-01-28 22:57 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2009-01-28 22:57 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2009-01-28 20:39 . 2009-01-28 20:39 <REP> d-------- c:\users\All Users\NOS
2009-01-28 20:39 . 2009-01-28 20:39 <REP> d-------- c:\programdata\NOS
2009-01-28 20:39 . 2009-01-28 20:39 <REP> d-------- c:\program files\NOS
2009-01-28 12:33 . 2009-01-28 12:33 <REP> d-------- c:\users\moi\AppData\Roaming\OpenOffice.org
2009-01-28 12:08 . 2009-01-28 12:08 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-01-28 12:08 . 2009-01-28 12:08 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-01-28 12:04 . 2009-02-17 14:51 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-28 10:24 . 2009-01-28 11:41 <REP> d-------- c:\users\moi\AppData\Roaming\OpenOffice.org2
2009-01-28 10:20 . 2009-01-28 12:04 <REP> d-------- c:\program files\OpenOffice.org 2.2
2009-01-27 23:41 . 2009-02-06 02:08 <REP> d-------- c:\program files\Defraggler
2009-01-27 23:39 . 2009-01-27 23:39 <REP> d-------- c:\program files\CCleaner
2009-01-27 23:31 . 2009-01-27 23:31 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-27 23:31 . 2009-01-27 23:31 269,312 --a------ c:\windows\System32\es.dll
2009-01-27 22:08 . 2009-01-27 22:08 <REP> d-------- c:\users\moi\AppData\Roaming\InstallShield
2009-01-27 21:57 . 2009-01-27 21:57 <REP> d-------- c:\users\moi\AppData\Roaming\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 11:03 --------- d-----w c:\program files\Google
2009-02-18 01:42 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-14 22:39 --------- d-----w c:\programdata\Skype
2009-02-11 11:37 --------- d-----w c:\program files\Windows Mail
2009-02-10 14:33 --------- d-----w c:\program files\Java
2009-02-03 00:08 --------- d-----w c:\programdata\Sony Corporation
2009-02-01 00:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 21:48 --------- d-----w c:\program files\Common Files\Adobe
2009-01-29 21:58 174 --sha-w c:\program files\desktop.ini
2009-01-29 21:49 --------- d-----w c:\program files\Windows Sidebar
2009-01-29 21:49 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-29 21:49 --------- d-----w c:\program files\Windows Journal
2009-01-29 21:49 --------- d-----w c:\program files\Windows Defender
2009-01-29 21:49 --------- d-----w c:\program files\Windows Collaboration
2009-01-29 21:49 --------- d-----w c:\program files\Windows Calendar
2009-01-29 21:34 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-29 21:34 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-27 22:32 --------- d-----w c:\programdata\Microsoft Help
2009-01-27 22:27 --------- d-----w c:\program files\Microsoft Works
2009-01-27 22:00 --------- d-----w c:\program files\Sony
2009-01-27 22:00 --------- d-----w c:\program files\Common Files\Sony Shared
2009-01-27 19:21 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-27 19:21 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-27 19:21 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-27 19:21 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-27 19:21 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-27 19:21 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-27 19:12 9,847,296 ----a-w c:\windows\System32\NlsData000a.dll
2009-01-27 18:54 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-27 18:54 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-27 18:54 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-27 18:54 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-27 18:54 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-27 18:54 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-27 18:54 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-27 18:54 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-27 18:54 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-27 18:54 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-27 18:54 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-27 18:54 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-27 17:15 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-27 17:01 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-02 1838592]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-02 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-18 206088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-28 739880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 20:05 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB636B88-B70A-437A-AD96-EBCD9D37871E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98656251-E95C-4BB3-9267-CE63813A0C49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2C2F61F9-8DA2-44C7-A22A-68A261ABB719}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{AFA15B50-6C27-4075-812A-4FDB7583A6A3}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{3BF0911B-0DC7-4948-B237-53BD7534B6EA}"= UDP:c:\users\moi\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{C80A73FE-9302-466D-8B9A-E5A638A2B003}"= TCP:c:\users\moi\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{15627994-46BD-4860-9726-11A9471F7699}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{772D3550-9599-4D4B-99FC-659DAE740D73}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{6F006875-2CEE-4673-9D80-B56578CC0671}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{F513F5FA-9208-4873-B396-D1999F94760F}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{4C250F66-C12C-4B0E-8EE9-1DE43B4A9CFC}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{DF71B73D-5B33-44EF-B871-56447F69258C}"= UDP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{E69F1DE4-F724-4F14-81E1-78EB7C670AED}"= TCP:c:\program files\Lecteur CANALPLAY\CanalPlayer.exe:Lecteur CANALPLAY
"{AA619891-28E9-43DF-8D5C-9CAF37173BF3}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2009-02-01 104960]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-27 333088]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [2009-02-01 17408]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-11-02 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-11-02 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2007-11-02 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-11-02 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-11-02 28464]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-28 33752]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2009-01-27 436096]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2009-01-27 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2009-01-27 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2009-01-27 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-27 87328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = about:blank
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\wshfj6uk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/r/hf
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled',/... 'allAccess');.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 12:08:42
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5404)
c:\windows\system32\btmmhook.dll
.
Heure de fin: 2009-02-18 12:10:26
ComboFix-quarantined-files.txt 2009-02-18 11:10:23

Avant-CF: 153 606 766 592 octets libres
Après-CF: 153,581,486,080 octets libres

302 --- E O F --- 2009-02-15 11:39:37