Cyber security

merci pour ta réponse mais malheureusement la page d'accueil de MBAM ne s'affiche qu'une seconde ou deux et disparait
j'ai pourtant désactivé mon avast ainsi que Spyware Doctor mais rien à faire ....

http://www.cijoint.fr/cjlink.php?file=cj200910/cijhJvFMBb.txt
je ne suis pas tres doué pour les copier-coller
j'ai reussi à ouvrir MBAM seulement en mode sans echec il a détecte une clé infectée, l'a en principe supprimée mais rien n'avait changé quand je suis revenu en mode normal

je n'arrive pas à t'envoyer le bloc notes 191009.txt qui est pourtant sur le bureau....pas doué désolé

j'ai tout desinstallé et réinstallé : Spybot, Avast, MBAM, Spyware Doctor....Rien n'y fait

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 17:25:28
Windows 5.1.2600 Service Pack 3
Running: 4pfwb6db.exe; Driver: C:\DOCUME~1\ROHART~1\LOCALS~1\Temp\kxddapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE4666B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE466574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE466A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE46614C]
SSDT spcz.sys ZwEnumerateKey [0xF74A1CA4]
SSDT spcz.sys ZwEnumerateValueKey [0xF74A2032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE46664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE46608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE4660F0]
SSDT spcz.sys ZwQueryKey [0xF74A210A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE46676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE46672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE4668AE]

INT 0x62 ? 855DABF8
INT 0x63 ? 8556BBF8
INT 0x63 ? 8556BBF8
INT 0x82 ? 855DABF8
INT 0x83 ? 855DABF8
INT 0x84 ? 8556BBF8
INT 0xA4 ? 8556BBF8
INT 0xB4 ? 8556BBF8
INT 0xB4 ? 8556BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spcz.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F6D6B8AC 5 Bytes JMP 8556B1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2876] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7484042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748413E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74840C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7484800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74846D6] spcz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7493E9C] spcz.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8556A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 853401F8
Device \Driver\usbohci \Device\USBPDO-1 853401F8
Device \Driver\usbohci \Device\USBPDO-2 853401F8
Device \Driver\usbohci \Device\USBPDO-3 853401F8
Device \Driver\usbohci \Device\USBPDO-4 853401F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 853EE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8556C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8556C1F8
Device \Driver\Cdrom \Device\CdRom0 8531D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8556C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84FF3500
Device \Driver\NetBT \Device\NetbiosSmb 84FF3500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 853401F8
Device \Driver\usbohci \Device\USBFDO-1 853401F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84E7F500
Device \Driver\usbohci \Device\USBFDO-2 853401F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84E7F500
Device \Driver\usbohci \Device\USBFDO-3 853401F8
Device \Driver\usbohci \Device\USBFDO-4 853401F8
Device \Driver\Ftdisk \Device\FtControl 8556C1F8
Device \Driver\usbehci \Device\USBFDO-5 853EE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{65E22B8D-B598-4FB6-B971-B34004F62731} 84FF3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1225F2F3-FF69-4B82-B451-DF837B9B04C1} 84FF3500
Device \FileSystem\Fastfat \Fat 84D9D500
Device \FileSystem\Fastfat \Fat B9DEA297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 84DCE500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 17:25:28
Windows 5.1.2600 Service Pack 3
Running: 4pfwb6db.exe; Driver: C:\DOCUME~1\ROHART~1\LOCALS~1\Temp\kxddapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE4666B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE466574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE466A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE46614C]
SSDT spcz.sys ZwEnumerateKey [0xF74A1CA4]
SSDT spcz.sys ZwEnumerateValueKey [0xF74A2032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE46664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE46608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE4660F0]
SSDT spcz.sys ZwQueryKey [0xF74A210A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE46676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE46672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE4668AE]

INT 0x62 ? 855DABF8
INT 0x63 ? 8556BBF8
INT 0x63 ? 8556BBF8
INT 0x82 ? 855DABF8
INT 0x83 ? 855DABF8
INT 0x84 ? 8556BBF8
INT 0xA4 ? 8556BBF8
INT 0xB4 ? 8556BBF8
INT 0xB4 ? 8556BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spcz.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F6D6B8AC 5 Bytes JMP 8556B1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2876] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7484042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748413E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74840C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7484800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74846D6] spcz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7493E9C] spcz.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8556A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 853401F8
Device \Driver\usbohci \Device\USBPDO-1 853401F8
Device \Driver\usbohci \Device\USBPDO-2 853401F8
Device \Driver\usbohci \Device\USBPDO-3 853401F8
Device \Driver\usbohci \Device\USBPDO-4 853401F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 853EE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8556C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8556C1F8
Device \Driver\Cdrom \Device\CdRom0 8531D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8556C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84FF3500
Device \Driver\NetBT \Device\NetbiosSmb 84FF3500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 853401F8
Device \Driver\usbohci \Device\USBFDO-1 853401F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84E7F500
Device \Driver\usbohci \Device\USBFDO-2 853401F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84E7F500
Device \Driver\usbohci \Device\USBFDO-3 853401F8
Device \Driver\usbohci \Device\USBFDO-4 853401F8
Device \Driver\Ftdisk \Device\FtControl 8556C1F8
Device \Driver\usbehci \Device\USBFDO-5 853EE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{65E22B8D-B598-4FB6-B971-B34004F62731} 84FF3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1225F2F3-FF69-4B82-B451-DF837B9B04C1} 84FF3500
Device \FileSystem\Fastfat \Fat 84D9D500
Device \FileSystem\Fastfat \Fat B9DEA297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 84DCE500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 17:25:28
Windows 5.1.2600 Service Pack 3
Running: 4pfwb6db.exe; Driver: C:\DOCUME~1\ROHART~1\LOCALS~1\Temp\kxddapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE4666B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE466574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE466A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE46614C]
SSDT spcz.sys ZwEnumerateKey [0xF74A1CA4]
SSDT spcz.sys ZwEnumerateValueKey [0xF74A2032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE46664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE46608C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE4660F0]
SSDT spcz.sys ZwQueryKey [0xF74A210A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE46676E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE46672E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE4668AE]

INT 0x62 ? 855DABF8
INT 0x63 ? 8556BBF8
INT 0x63 ? 8556BBF8
INT 0x82 ? 855DABF8
INT 0x83 ? 855DABF8
INT 0x84 ? 8556BBF8
INT 0xA4 ? 8556BBF8
INT 0xB4 ? 8556BBF8
INT 0xB4 ? 8556BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spcz.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F6D6B8AC 5 Bytes JMP 8556B1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[2876] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7484042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F748413E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74840C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7484800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74846D6] spcz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7493E9C] spcz.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8556A1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 853401F8
Device \Driver\usbohci \Device\USBPDO-1 853401F8
Device \Driver\usbohci \Device\USBPDO-2 853401F8
Device \Driver\usbohci \Device\USBPDO-3 853401F8
Device \Driver\usbohci \Device\USBPDO-4 853401F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 853EE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8556C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8556C1F8
Device \Driver\Cdrom \Device\CdRom0 8531D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [F73FCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 8556C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84FF3500
Device \Driver\NetBT \Device\NetbiosSmb 84FF3500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 853401F8
Device \Driver\usbohci \Device\USBFDO-1 853401F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84E7F500
Device \Driver\usbohci \Device\USBFDO-2 853401F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84E7F500
Device \Driver\usbohci \Device\USBFDO-3 853401F8
Device \Driver\usbohci \Device\USBFDO-4 853401F8
Device \Driver\Ftdisk \Device\FtControl 8556C1F8
Device \Driver\usbehci \Device\USBFDO-5 853EE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{65E22B8D-B598-4FB6-B971-B34004F62731} 84FF3500
Device \Driver\NetBT \Device\NetBT_Tcpip_{1225F2F3-FF69-4B82-B451-DF837B9B04C1} 84FF3500
Device \FileSystem\Fastfat \Fat 84D9D500
Device \FileSystem\Fastfat \Fat B9DEA297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 84DCE500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xBF 0x76 0xD1 ...

---- EOF - GMER 1.0.15 ----

désolé mais depuis ce matin, je suis planté.J'ai du ressortir du grenier mon vieux fixe en attendant de réinstaller windows j'en suis à la seconde tentative et ça bloque (installshield est inactif..)
je te recontacte des que j'ai pu tout updater (mon CD a déjà 2 ans et ça se sent)
J'ai pu m'apercevoir que le malware était toujours là....

ComboFix 09-10-20.03 - ROHART ALAIN 21/10/2009 13:23.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.226 [GMT 2:00]
Lancé depuis: c:\documents and settings\ROHART ALAIN\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091019-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\28c863.msi
c:\windows\Installer\510a3.msi
c:\windows\system\oeminfo.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-21 au 2009-10-21 ))))))))))))))))))))))))))))))))))))
.

2009-10-20 17:54 . 2004-08-05 10:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-10-20 17:53 . 2004-08-05 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-10-20 17:52 . 2004-08-05 10:00 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-20 12:21 . 2004-08-05 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-20 12:20 . 2004-08-05 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-10-20 12:20 . 2004-08-05 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-10-20 12:20 . 2004-08-05 10:00 218624 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-10-20 12:20 . 2004-08-05 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-10-19 20:47 . 2009-10-19 20:47 796672 ----a-w- c:\windows\GPInstall.exe
2009-10-19 14:27 . 2009-10-19 22:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Malwarebytes
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 15:46 . 2009-10-18 15:46 -------- d-----w- c:\program files\VS Revo Group
2009-10-17 17:53 . 2009-10-17 17:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-17 15:54 . 2009-10-19 13:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 12:54 . 2009-10-17 12:54 -------- d-----w- c:\program files\Enigma Software Group
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\Fichiers communs\CSUninstall
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\CS
2009-10-16 06:56 . 2009-10-16 06:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-16 06:56 . 2009-10-21 08:30 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\skypePM
2009-10-16 06:51 . 2009-10-21 11:19 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----r- c:\program files\Skype
2009-10-16 06:50 . 2009-10-16 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\Fichiers communs\Common Share
2009-10-03 19:50 . 2008-12-18 11:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-03 19:50 . 2008-12-18 11:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\OJOsoft
2009-10-03 19:26 . 2009-10-03 19:26 -------- d-----w- c:\program files\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 10:16 . 2007-06-28 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 08:31 . 2004-08-20 09:24 87650 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-21 08:31 . 2004-08-20 09:24 516900 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 07:36 . 2007-06-09 18:54 77424 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-21 06:14 . 2009-04-21 06:49 -------- d-----w- c:\program files\LogMeIn
2009-10-20 17:48 . 2004-08-20 09:35 23740 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-16 18:12 . 2008-05-16 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 18:09 . 2007-06-06 09:20 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 11:28 . 2007-07-24 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-03 05:35 . 2009-04-21 06:49 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 05:35 . 2009-04-21 06:49 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 05:35 . 2009-04-21 06:49 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 06:10 . 2007-06-08 12:53 274 ----a-w- c:\windows\system32\CRUNX.BIN
2009-09-19 07:11 . 2009-03-19 17:53 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Image Zone Express
2009-09-17 06:31 . 2009-09-17 06:30 -------- d-----w- c:\program files\PDFCreator
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\program files\NOS
2009-09-15 10:59 . 2008-05-03 09:30 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-05-03 09:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-05-03 09:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-05-03 09:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-05-03 09:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-05-03 09:30 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-05-03 09:30 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-05-03 09:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-05-03 09:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 18:22 . 2009-09-11 18:22 -------- d-----w- c:\program files\Labtec
2009-09-11 18:22 . 2007-06-06 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 22:54 . 2007-10-18 19:47 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-07 22:54 . 2007-10-18 18:47 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-27 06:50 . 2007-12-25 11:09 -------- d-----w- c:\program files\HP
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-09 17:36 . 2009-08-09 17:36 721904 -c--a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:23 . 2007-08-13 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-08-13 03:58 215920 ----a-w- c:\windows\system32\muweb.dll
2009-07-25 03:23 . 2008-12-17 20:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-11-18 18:20 . 2007-11-18 18:20 3255790 -c--a-w- c:\program files\Dell.zip
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"CS"="c:\program files\CS\cs.exe" [2009-10-17 1230336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-07-29 1070336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\ROHART ALAIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel de la Souris Labtec 2.0.lnk - c:\program files\Labtec\Wireless Mouse\MulMouse.exe [2009-9-11 253952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 05:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/05/2008 11:30 114768]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [11/09/2009 20:22 6144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/05/2008 11:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [12/09/2007 10:21 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/04/2009 08:49 47640]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [07/08/2009 08:14 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [07/08/2009 08:14 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [07/08/2009 08:14 42752]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [13/07/2004 13:40 48512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cic.fr\www
Trusted Zone: urssaf.fr\www.compte
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
FF - ProfilePath - c:\documents and settings\ROHART ALAIN\Application Data\Mozilla\Firefox\Profiles\v9p164dd.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 13:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\combofix\CF14745.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Heure de fin: 2009-10-21 13:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-21 11:37

Avant-CF: 75 810 418 688 octets libres
Après-CF: 75 633 033 216 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect /usepmtimer

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0E8DCEDCCD46A753904654D87C5C4F8C
ComboFix 09-10-20.03 - ROHART ALAIN 21/10/2009 13:23.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.226 [GMT 2:00]
Lancé depuis: c:\documents and settings\ROHART ALAIN\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091019-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\28c863.msi
c:\windows\Installer\510a3.msi
c:\windows\system\oeminfo.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-21 au 2009-10-21 ))))))))))))))))))))))))))))))))))))
.

2009-10-20 17:54 . 2004-08-05 10:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-10-20 17:53 . 2004-08-05 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-10-20 17:52 . 2004-08-05 10:00 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-20 12:21 . 2004-08-05 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-20 12:20 . 2004-08-05 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-10-20 12:20 . 2004-08-05 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-10-20 12:20 . 2004-08-05 10:00 218624 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-10-20 12:20 . 2004-08-05 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-10-19 20:47 . 2009-10-19 20:47 796672 ----a-w- c:\windows\GPInstall.exe
2009-10-19 14:27 . 2009-10-19 22:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Malwarebytes
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 15:46 . 2009-10-18 15:46 -------- d-----w- c:\program files\VS Revo Group
2009-10-17 17:53 . 2009-10-17 17:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-17 15:54 . 2009-10-19 13:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 12:54 . 2009-10-17 12:54 -------- d-----w- c:\program files\Enigma Software Group
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\Fichiers communs\CSUninstall
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\CS
2009-10-16 06:56 . 2009-10-16 06:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-16 06:56 . 2009-10-21 08:30 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\skypePM
2009-10-16 06:51 . 2009-10-21 11:19 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----r- c:\program files\Skype
2009-10-16 06:50 . 2009-10-16 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\Fichiers communs\Common Share
2009-10-03 19:50 . 2008-12-18 11:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-03 19:50 . 2008-12-18 11:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\OJOsoft
2009-10-03 19:26 . 2009-10-03 19:26 -------- d-----w- c:\program files\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 10:16 . 2007-06-28 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 08:31 . 2004-08-20 09:24 87650 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-21 08:31 . 2004-08-20 09:24 516900 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 07:36 . 2007-06-09 18:54 77424 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-21 06:14 . 2009-04-21 06:49 -------- d-----w- c:\program files\LogMeIn
2009-10-20 17:48 . 2004-08-20 09:35 23740 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-16 18:12 . 2008-05-16 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 18:09 . 2007-06-06 09:20 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 11:28 . 2007-07-24 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-03 05:35 . 2009-04-21 06:49 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 05:35 . 2009-04-21 06:49 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 05:35 . 2009-04-21 06:49 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 06:10 . 2007-06-08 12:53 274 ----a-w- c:\windows\system32\CRUNX.BIN
2009-09-19 07:11 . 2009-03-19 17:53 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Image Zone Express
2009-09-17 06:31 . 2009-09-17 06:30 -------- d-----w- c:\program files\PDFCreator
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\program files\NOS
2009-09-15 10:59 . 2008-05-03 09:30 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-05-03 09:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-05-03 09:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-05-03 09:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-05-03 09:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-05-03 09:30 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-05-03 09:30 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-05-03 09:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-05-03 09:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 18:22 . 2009-09-11 18:22 -------- d-----w- c:\program files\Labtec
2009-09-11 18:22 . 2007-06-06 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 22:54 . 2007-10-18 19:47 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-07 22:54 . 2007-10-18 18:47 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-27 06:50 . 2007-12-25 11:09 -------- d-----w- c:\program files\HP
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-09 17:36 . 2009-08-09 17:36 721904 -c--a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:23 . 2007-08-13 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-08-13 03:58 215920 ----a-w- c:\windows\system32\muweb.dll
2009-07-25 03:23 . 2008-12-17 20:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-11-18 18:20 . 2007-11-18 18:20 3255790 -c--a-w- c:\program files\Dell.zip
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"CS"="c:\program files\CS\cs.exe" [2009-10-17 1230336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-07-29 1070336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\ROHART ALAIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel de la Souris Labtec 2.0.lnk - c:\program files\Labtec\Wireless Mouse\MulMouse.exe [2009-9-11 253952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 05:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/05/2008 11:30 114768]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [11/09/2009 20:22 6144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/05/2008 11:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [12/09/2007 10:21 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/04/2009 08:49 47640]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [07/08/2009 08:14 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [07/08/2009 08:14 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [07/08/2009 08:14 42752]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [13/07/2004 13:40 48512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cic.fr\www
Trusted Zone: urssaf.fr\www.compte
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
FF - ProfilePath - c:\documents and settings\ROHART ALAIN\Application Data\Mozilla\Firefox\Profiles\v9p164dd.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 13:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\combofix\CF14745.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Heure de fin: 2009-10-21 13:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-21 11:37

Avant-CF: 75 810 418 688 octets libres
Après-CF: 75 633 033 216 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect /usepmtimer

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0E8DCEDCCD46A753904654D87C5C4F8C
ComboFix 09-10-20.03 - ROHART ALAIN 21/10/2009 13:23.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.894.226 [GMT 2:00]
Lancé depuis: c:\documents and settings\ROHART ALAIN\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091019-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\28c863.msi
c:\windows\Installer\510a3.msi
c:\windows\system\oeminfo.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-21 au 2009-10-21 ))))))))))))))))))))))))))))))))))))
.

2009-10-20 17:54 . 2004-08-05 10:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-10-20 17:53 . 2004-08-05 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-10-20 17:52 . 2004-08-05 10:00 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-10-20 17:17 . 2004-08-05 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-20 12:21 . 2004-08-05 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-10-20 12:20 . 2004-08-05 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-10-20 12:20 . 2004-08-05 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-10-20 12:20 . 2004-08-05 10:00 218624 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-10-20 12:20 . 2004-08-05 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-10-19 20:47 . 2009-10-19 20:47 796672 ----a-w- c:\windows\GPInstall.exe
2009-10-19 14:27 . 2009-10-19 22:43 -------- d-----w- c:\program files\ZHPDiag
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Malwarebytes
2009-10-19 13:09 . 2009-10-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 15:46 . 2009-10-18 15:46 -------- d-----w- c:\program files\VS Revo Group
2009-10-17 17:53 . 2009-10-17 17:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-17 15:54 . 2009-10-19 13:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 12:54 . 2009-10-17 12:54 -------- d-----w- c:\program files\Enigma Software Group
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\Fichiers communs\CSUninstall
2009-10-17 09:21 . 2009-10-17 09:21 -------- d-----w- c:\program files\CS
2009-10-16 06:56 . 2009-10-16 06:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-16 06:56 . 2009-10-21 08:30 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\skypePM
2009-10-16 06:51 . 2009-10-21 11:19 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-16 06:51 . 2009-10-16 06:51 -------- d-----r- c:\program files\Skype
2009-10-16 06:50 . 2009-10-16 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\Fichiers communs\Common Share
2009-10-03 19:50 . 2008-12-18 11:38 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-03 19:50 . 2008-12-18 11:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-10-03 19:50 . 2009-10-03 19:50 -------- d-----w- c:\program files\OJOsoft
2009-10-03 19:26 . 2009-10-03 19:26 -------- d-----w- c:\program files\NewsLeecher

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 10:16 . 2007-06-28 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-21 08:31 . 2004-08-20 09:24 87650 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-21 08:31 . 2004-08-20 09:24 516900 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-21 07:36 . 2007-06-09 18:54 77424 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-21 06:14 . 2009-04-21 06:49 -------- d-----w- c:\program files\LogMeIn
2009-10-20 17:48 . 2004-08-20 09:35 23740 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-16 18:12 . 2008-05-16 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 18:09 . 2007-06-06 09:20 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 11:28 . 2007-07-24 10:24 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-03 05:35 . 2009-04-21 06:49 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 05:35 . 2009-04-21 06:49 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 05:35 . 2009-04-21 06:49 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 06:10 . 2007-06-08 12:53 274 ----a-w- c:\windows\system32\CRUNX.BIN
2009-09-19 07:11 . 2009-03-19 17:53 -------- d-----w- c:\documents and settings\ROHART ALAIN\Application Data\Image Zone Express
2009-09-17 06:31 . 2009-09-17 06:30 -------- d-----w- c:\program files\PDFCreator
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-16 13:59 . 2009-04-20 12:11 -------- d-----w- c:\program files\NOS
2009-09-15 10:59 . 2008-05-03 09:30 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2008-05-03 09:30 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2008-05-03 09:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2008-05-03 09:30 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2008-05-03 09:30 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2008-05-03 09:30 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2008-05-03 09:30 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2008-05-03 09:30 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2008-05-03 09:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 18:22 . 2009-09-11 18:22 -------- d-----w- c:\program files\Labtec
2009-09-11 18:22 . 2007-06-06 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 22:54 . 2007-10-18 19:47 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-07 22:54 . 2007-10-18 18:47 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-27 06:50 . 2007-12-25 11:09 -------- d-----w- c:\program files\HP
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-09 17:36 . 2009-08-09 17:36 721904 -c--a-w- c:\windows\system32\drivers\sptd.sys
2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:23 . 2007-08-13 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2007-08-13 03:58 215920 ----a-w- c:\windows\system32\muweb.dll
2009-07-25 03:23 . 2008-12-17 20:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-11-18 18:20 . 2007-11-18 18:20 3255790 -c--a-w- c:\program files\Dell.zip
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"CS"="c:\program files\CS\cs.exe" [2009-10-17 1230336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CmCardRun"="c:\windows\system32\CmWatch.exe" [2003-09-16 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 266240]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"mumservice"="c:\program files\Motorola\Software Update\mumservice.exe" [2009-07-29 1070336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\ROHART ALAIN\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel de la Souris Labtec 2.0.lnk - c:\program files\Labtec\Wireless Mouse\MulMouse.exe [2009-9-11 253952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 05:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/05/2008 11:30 114768]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [11/09/2009 20:22 6144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/05/2008 11:30 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [12/09/2007 10:21 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [21/04/2009 08:49 47640]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [07/08/2009 08:14 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [07/08/2009 08:14 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [07/08/2009 08:14 42752]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [13/07/2004 13:40 48512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cic.fr\www
Trusted Zone: urssaf.fr\www.compte
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
FF - ProfilePath - c:\documents and settings\ROHART ALAIN\Application Data\Mozilla\Firefox\Profiles\v9p164dd.default\
FF - prefs.js: browser.search.selectedEngine - xeoo.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://xeoo.com/?p=url&a=firefox&k=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
c:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 13:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.e

oui et un des pires qui soient je crois qu il s'attaque à tous les "exe" et finit par bouziller les programmes c'est d'ailleurs ce qui m'arrive

Mon portable
Apres 3 essais de restauration : impossible d'aller sur Internet : message : pas de clé d'activation....
mon fils (SSII responsable de reseau débordé et pas trop habitué aux problèmes de virus - jamais dispo - sommes à 260 kms ) m'a conseillé de charger Firefox et là ça va mais le virus est toujours présent
donc le rapport concerne bien le PC d'origine mais tournant sous firefox car je n'ai plus accès à IE

Est ce que le rapport montre bien une détection du virus ?

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virus Total
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier 0a1755890076b4fc600c028a81c92900ba5a263e.exe reçu le 2009.10.19 23:27:51 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.19 -
AhnLab-V3 5.0.0.2 2009.10.19 -
AntiVir 7.9.1.35 2009.10.19 -
Antiy-AVL 2.0.3.7 2009.10.19 -
Authentium 5.1.2.4 2009.10.19 -
Avast 4.8.1351.0 2009.10.19 -
AVG 8.5.0.420 2009.10.19 -
BitDefender 7.2 2009.10.20 -
CAT-QuickHeal 10.00 2009.10.18 -
ClamAV 0.94.1 2009.10.19 -
Comodo 2661 2009.10.20 -
DrWeb 5.0.0.12182 2009.10.19 -
eSafe 7.0.17.0 2009.10.19 -
eTrust-Vet 35.1.7075 2009.10.19 -
F-Prot 4.5.1.85 2009.10.19 -
F-Secure 9.0.15300.0 2009.10.20 -
Fortinet 3.120.0.0 2009.10.19 -
GData 19 2009.10.20 -
Ikarus T3.1.1.72.0 2009.10.19 -
Jiangmin 11.0.800 2009.10.19 -
K7AntiVirus 7.10.874 2009.10.19 -
Kaspersky 7.0.0.125 2009.10.20 -
McAfee 5776 2009.10.19 -
McAfee+Artemis 5776 2009.10.19 -
McAfee-GW-Edition 6.8.5 2009.10.19 -
Microsoft 1.5101 2009.10.19 -
NOD32 4524 2009.10.20 -
Norman 6.03.02 2009.10.19 -
nProtect 2009.1.8.0 2009.10.19 -
Panda 10.0.2.2 2009.10.19 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.20 -
Rising 21.52.04.00 2009.10.19 -
Sophos 4.46.0 2009.10.19 -
Sunbelt 3.2.1858.2 2009.10.20 -
Symantec 1.4.4.12 2009.10.20 -
TheHacker 6.5.0.2.048 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.19 -
VBA32 3.12.10.11 2009.10.19 -
ViRobot 2009.10.19.1993 2009.10.19 -
VirusBuster 4.6.5.0 2009.10.19 -
Information additionnelle
File size: 155648 bytes
MD5 : 3e4c03cefad8de135263236b61a49c90
SHA1 : 02ff27df6bdaec02b455dc611ef2d090fb8271d4
SHA256: 243201b64f4b60d55cdb1a3bf4b9aa60bc22eb8aca88e95042ee48ac5df5f397
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4138
timedatestamp.....: 0x3B497E70 (Mon Jul 9 11:50:40 2001)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18252 0x19000 6.50 cca7a34ce2f936b8aa89688e7b3b60c0
.rdata 0x1A000 0x51DE 0x6000 4.14 6a8278884469a9fcc3601c666fc054ea
.data 0x20000 0x7B70 0x4000 2.27 d52a42e0e61eb136a27c50df01a62283
.rsrc 0x28000 0x1038 0x2000 1.99 1458e8ef0834532911bb7b345177d3c7

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=3e4c03cefad8de135263236b61a49c90
ssdeep: 3072:bdt6Fd/Xdc31yI51F5/rj+dotPjLUqTOa3ZPa92cK:JwPo1yOZ2
PEiD : Armadillo v1.71
RDS : NSRL Reference Data Set

( Ahead Software AG )

Nero: NeroCheck.exeNero: NeroCheck.exeNero 5: NeroCheck.exeNero 5: NeroCheck.exeNero Burning ROM: NeroCheck.exeNero Vision: NeroCheck.exe

ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Autre fichier
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

comme l'autre fois, il n'a accepté de fonctionner qu'en mode "sans echec" (pourquoi?)
104028 éléments controlés (mode rapide) 13 minutes RIEN TROUVE

En mode "complet" : 2heures, 192531 éléments scannés, toujours RIEN trouvé !
Bonne nuit

bonjour
je ne suis pas à la maison ce matin
pour l'instant mon portable tourne depuis hier soir en mode sans echec avec l'analyse "minutieuse" d'avast : actuellement j' en suis à 75% avec 511000 fichiers testes je te tiens au courant dès que je rentre et dès ta manip terminée

rien de plus : j'ai toujours la même réponse : "la clé de recherche requise n'a été trouvée dans aucun contexte d'activation actif"

malgré 13h31 de scan, 636702 fichiers et 8915 dossiers scannés : rien trouvé !!!!! je suis en relation avec le service technique d'Avast QUI NE CONNAIT PAS Cyber Security !!!!!

Bonsoir
toutes les mises à jour ont ete recherchees et installees mais pas SP3 parce que j'ai un AMD et SP3 fait du mal aux ordis sous AMD (j ai vu ça dans les forums)