Win 32 trojan gen

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 846

13:10:09 11/06/2008
mbam-log-6-11-2008 (13-10-09).txt

Type de recherche: Examen rapide
Eléments examinés: 35539
Temps écoulé: 3 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tavo0.dll (Rootkit.Agent) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tava (Rootkit.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kavo1.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavo0.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tavo.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

tiens ca c'est le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:48, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\ende\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

et la c'est combofix:

ComboFix 08-06-10.3 - schirmer 2008-06-11 13:18:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.612 [GMT 2:00]
Endroit: C:\Documents and Settings\schirmer\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))))))))
.

2008-06-11 13:15 . 2008-06-11 13:15 <REP> d-------- C:\Program Files\Trend Micro
2008-06-11 13:14 . 2008-06-11 13:14 <REP> d-------- C:\WINDOWS\LastGood
2008-06-11 13:04 . 2008-06-11 13:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 13:04 . 2008-06-11 13:04 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Malwarebytes
2008-06-11 13:04 . 2008-06-11 13:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 13:04 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 13:04 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-11 12:51 . 2008-06-11 13:00 <REP> d-------- C:\Program Files\Spyware Terminator
2008-06-11 12:51 . 2008-06-11 13:00 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Spyware Terminator
2008-06-11 12:51 . 2008-06-11 13:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-11 12:51 . 2008-06-11 12:51 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-11 12:12 . 2008-06-10 13:08 127,244 -rahs---- C:\f.bat
2008-06-11 12:01 . 2008-06-11 12:01 <REP> d-------- C:\WINDOWS\system32\mes documents
2008-06-11 12:01 . 2008-06-11 12:31 196,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 12:01 . 2008-06-11 12:01 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 11:58 . 2008-06-11 11:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-11 11:57 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-06-11 11:57 . 2008-06-11 11:59 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-11 11:56 . 2008-06-11 12:13 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-06-11 11:56 . 2008-06-11 11:56 <REP> d-------- C:\Program Files\Zone Labs
2008-06-11 11:55 . 2008-06-11 12:12 <REP> d-------- C:\WINDOWS\Internet Logs
2008-06-10 21:32 . 2008-06-10 21:32 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-10 11:20 . 2008-06-10 11:20 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-06-09 23:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-09 23:16 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-09 23:16 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-30 03:06 . 2004-07-13 02:42 3,895 --a------ C:\WINDOWS\system32\REC.HTA
2008-05-30 03:06 . 1998-04-24 10:00 1,078 --a------ C:\WINDOWS\system32\REC.ICO
2008-05-30 03:06 . 2003-04-17 21:33 973 --a------ C:\WINDOWS\system32\REC.CSS
2008-05-30 03:06 . 2003-04-17 21:20 668 --a------ C:\WINDOWS\system32\REC_EXIT.GIF
2008-05-29 22:51 . 2003-08-29 00:27 122,372,241 --a------ C:\Program Files\Sound.dat
2008-05-29 22:51 . 2003-08-25 13:04 18,242,823 --a------ C:\Program Files\Intro.dat
2008-05-29 22:50 . 2003-08-29 00:27 115,072,687 --a------ C:\Program Files\SimCity_3.dat
2008-05-29 22:50 . 2003-08-29 00:27 61,030,094 --a------ C:\Program Files\EP1.dat
2008-05-29 22:48 . 2003-08-29 00:27 169,268,568 --a------ C:\Program Files\SimCity_2.dat
2008-05-29 22:47 . 2003-08-29 00:27 144,547,650 --a------ C:\Program Files\SimCity_1.dat
2008-05-29 22:46 . 2008-05-29 22:46 <REP> d-------- C:\Program Files\Sku_Data
2008-05-29 22:46 . 2003-08-29 00:37 700,416 --a------ C:\Program Files\SC4_uninst.exe
2008-05-29 22:45 . 2003-08-29 00:27 104,090,983 --a------ C:\Program Files\SimCity_5.dat
2008-05-29 22:44 . 2003-08-29 00:27 125,574,688 --a------ C:\Program Files\SimCity_4.dat
2008-05-29 22:43 . 2008-05-29 22:43 <REP> d-------- C:\Program Files\Regions
2008-05-29 22:42 . 2008-05-29 22:42 <REP> d-------- C:\Program Files\Fonts
2008-05-29 22:42 . 2008-05-29 22:52 <REP> d-------- C:\Program Files\Apps
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\UKEnglsh
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Swedish
2008-05-29 22:40 . 2006-07-03 02:03 <REP> d-------- C:\Program Files\Support
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Spanish
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Radio
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Portgese
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Polish
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Plugins
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Norwgian
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Italian
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\German
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\French
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Finnish
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Dutch
2008-05-29 22:40 . 2008-05-29 22:40 <REP> d-------- C:\Program Files\Danish
2008-05-29 22:40 . 2003-08-29 01:02 286,720 --a------ C:\Program Files\eauninstall.exe
2008-05-29 22:40 . 2008-05-29 22:40 530 --a------ C:\WINDOWS\eReg.dat
2008-05-29 20:37 . 2008-05-29 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Ciel
2008-05-29 20:37 . 2008-05-29 20:37 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared
2008-05-29 20:37 . 2008-05-29 20:37 <REP> d-------- C:\Program Files\Ciel
2008-05-29 20:37 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-05-29 20:37 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-05-29 20:36 . 2008-05-29 20:36 <REP> d-------- C:\WINDOWS\system32\OFFICE One PDF Manager v6
2008-05-29 20:33 . 2008-05-29 20:33 77,824 --a------ C:\WINDOWS\uinst001.exe
2008-05-29 20:33 . 2008-05-29 20:33 235 --a------ C:\WINDOWS\oomultiuser.oon
2008-05-29 20:11 . 2008-05-29 20:13 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-29 19:56 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\WINDOWS\Sun
2008-05-29 18:32 . 2006-12-16 00:09 <REP> d-------- C:\Documents and Settings\schirmer\WINDOWS
2008-05-29 18:32 . 2008-05-30 02:52 <REP> d--h----- C:\Documents and Settings\schirmer\Voisinage réseau
2008-05-29 18:32 . 2008-05-30 02:52 <REP> d--h----- C:\Documents and Settings\schirmer\Voisinage d'impression
2008-05-29 18:32 . 2008-05-29 18:32 <REP> d--hs---- C:\Documents and Settings\schirmer\UserData
2008-05-29 18:32 . 2008-05-29 20:37 <REP> d--h----- C:\Documents and Settings\schirmer\Modèles
2008-05-29 18:32 . 2008-06-11 13:16 <REP> dr------- C:\Documents and Settings\schirmer\Mes documents
2008-05-29 18:32 . 2008-05-29 18:34 <REP> dr------- C:\Documents and Settings\schirmer\Menu Démarrer
2008-05-29 18:32 . 2008-05-29 18:37 <REP> dr------- C:\Documents and Settings\schirmer\Favoris
2008-05-29 18:32 . 2008-06-10 21:40 <REP> d-------- C:\Documents and Settings\schirmer\Contacts
2008-05-29 18:32 . 2008-06-11 13:17 <REP> dr------- C:\Documents and Settings\schirmer\Bureau
2008-05-29 18:32 . 2008-05-22 15:01 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Zylom
2008-05-29 18:32 . 2006-09-14 18:48 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\You've Got Pictures Screensaver
2008-05-29 18:32 . 2006-07-04 07:34 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\uTorrent
2008-05-29 18:32 . 2006-12-03 18:51 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Ulead Systems
2008-05-29 18:32 . 2006-10-13 11:39 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Sonic
2008-05-29 18:32 . 2007-02-20 20:49 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Skype
2008-05-29 18:32 . 2008-02-19 20:48 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Samsung
2008-05-29 18:32 . 2008-05-29 20:37 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\OFFICE One v6
2008-05-29 18:32 . 2006-10-13 11:36 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\OD2
2008-05-29 18:32 . 2006-10-23 18:39 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\MSNInstaller
2008-05-29 18:32 . 2006-10-23 19:43 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Media Player Classic
2008-05-29 18:32 . 2006-10-13 11:38 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Leadertech
2008-05-29 18:32 . 2007-11-16 12:17 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Hewlett-Packard
2008-05-29 18:32 . 2006-10-15 16:30 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\CyberLink
2008-05-29 18:32 . 2006-07-04 07:34 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Azureus
2008-05-29 18:32 . 2007-01-14 23:10 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\Apple Computer
2008-05-29 18:32 . 2007-01-28 16:11 <REP> d-------- C:\Documents and Settings\schirmer\Application Data\AdobeUM
2008-05-29 18:32 . 2008-06-11 13:11 <REP> d-------- C:\Documents and Settings\schirmer
2008-05-29 18:26 . 2006-12-16 00:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-29 18:26 . 2008-05-29 18:12 <REP> d--hs---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-05-29 18:26 . 2008-05-22 13:17 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Contacts
2008-05-29 18:26 . 2008-05-22 15:01 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Zylom
2008-05-29 18:26 . 2006-09-14 18:48 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-29 18:26 . 2006-07-04 07:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\uTorrent
2008-05-29 18:26 . 2006-12-03 18:51 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Ulead Systems
2008-05-29 18:26 . 2006-10-13 11:39 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
2008-05-29 18:26 . 2007-02-20 20:49 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-05-29 18:26 . 2008-02-19 20:48 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Samsung
2008-05-29 18:26 . 2008-05-30 02:50 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\OFFICE One v6
2008-05-29 18:26 . 2006-10-13 11:36 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\OD2
2008-05-29 18:26 . 2006-10-23 18:39 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\MSNInstaller
2008-05-29 18:26 . 2006-10-23 19:43 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Media Player Classic
2008-05-29 18:26 . 2006-10-13 11:38 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Leadertech
2008-05-29 18:26 . 2007-11-16 12:17 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Hewlett-Packard
2008-05-29 18:26 . 2006-10-15 16:30 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2008-05-29 18:26 . 2006-07-04 07:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Azureus
2008-05-29 18:26 . 2007-01-14 23:10 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-05-29 18:26 . 2007-01-28 16:11 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\AdobeUM
2008-05-29 18:09 . 2008-05-29 18:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-26 14:00 . 2008-06-10 21:25 <REP> d-------- C:\Program Files\Windows Live
2008-05-22 15:01 . 2008-05-22 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-22 13:38 . 2008-05-26 14:06 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-22 13:38 . 2008-06-10 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-22 13:25 . 2008-05-22 13:25 <REP> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 01:00 --------- d-----w C:\Program Files\ShowTime
2008-05-30 00:59 --------- d-----w C:\Program Files\Services en ligne
2008-05-30 00:59 --------- d-----w C:\Program Files\QuickTime
2008-05-30 00:58 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-05-30 00:58 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-05-30 00:58 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-05-30 00:58 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-05-30 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-30 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\OD2
2008-05-30 00:53 --------- d-----w C:\Program Files\AOL Compagnon
2008-05-30 00:53 --------- d-----w C:\Program Files\AOL 9.0
2008-05-30 00:52 --------- d-----w C:\Program Files\CyberLink
2008-05-29 20:52 23,245 ----a-w C:\Program Files\filelist.txt
2008-05-29 20:52 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-29 18:38 --------- d-----w C:\Program Files\OFFICE One6.5
2008-05-29 18:04 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-29 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-26 12:38 560,274 ----a-w C:\Program Files\Duplicat.tmp.005
2008-05-26 12:38 541,696 ----a-w C:\Program Files\Duplicat.tmp.006
2008-05-26 12:38 491,763 ----a-w C:\Program Files\Duplicat.tmp.007
2008-05-26 12:38 490,388 ----a-w C:\Program Files\Duplicat.tmp.009
2008-05-26 12:38 404,777 ----a-w C:\Program Files\Duplicat.tmp.008
2008-05-26 12:38 2,760 ----a-w C:\Program Files\Options.ini
2008-05-26 12:37 529,481 ----a-w C:\Program Files\Duplicat.tmp.004
2008-05-26 12:37 452,715 ----a-w C:\Program Files\Duplicat.tmp.002
2008-05-26 12:37 401,752 ----a-w C:\Program Files\Duplicat.tmp.003
2008-05-26 12:37 336,009 ----a-w C:\Program Files\Duplicat.tmp.000
2008-05-26 12:37 313,944 ----a-w C:\Program Files\Duplicat.tmp.001
2008-05-26 11:57 --------- d-----w C:\Program Files\Undo
2008-05-26 11:50 1,106,432 ----a-w C:\Program Files\Duplicat.log
2008-05-26 11:44 --------- d-----w C:\Program Files\Helps
2008-05-26 11:42 --------- d-----w C:\Program Files\Languages
2008-05-26 11:19 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-23 08:30 --------- d-----w C:\Program Files\Google
2008-05-22 12:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-01-14 18:54 769,411 ----a-w C:\Program Files\ftpserv.exe
2005-12-25 17:05 582 ----a-w C:\Program Files\BlackLst.ecb
2005-09-12 22:13 2,318 -c--a-w C:\Program Files\license.txt
2005-01-14 21:38 2,117,632 ----a-w C:\Program Files\EasyClea.exe
2003-11-21 18:08 226 -c--a-w C:\Program Files\File_id.diz
2003-08-25 11:10 10,420 ----a-w C:\Program Files\Video Cards.sgr
2003-08-25 11:03 19,976 ----a-w C:\Program Files\Graphics Rules.sgr
2003-07-13 00:31 10,134 ----a-w C:\Program Files\SC4_ConnectToWebIcon.ico
2003-07-13 00:31 10,134 ----a-w C:\Program Files\SC4.ico
2003-07-13 00:31 10,134 ----a-w C:\Program Files\eauninstall.ico
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-12 14:36 774233]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 17:24 110592]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 06:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 12:08 147456]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-11 12:51 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-10-13 13:02:58 559104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-11 12:51]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b4abd9c-0a18-11db-8a0a-00038a000015}]
\Shell\AutoRun\command - E:\b.bat
\Shell\explore\Command - E:\b.bat
\Shell\open\Command - E:\b.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b4abdd3-0a18-11db-8a0a-00038a000015}]
\Shell\AutoRun\command - F:\b.bat
\Shell\explore\Command - F:\b.bat
\Shell\open\Command - F:\b.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a99a8a0-2da8-11dd-8a00-00038a000015}]
\Shell\AutoRun\command - E:\b.bat
\Shell\explore\Command - E:\b.bat
\Shell\open\Command - E:\b.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae873a48-0d71-11db-8a17-00038a000015}]
\Shell\AutoRun\command - b.bat
\Shell\explore\Command - b.bat
\Shell\open\Command - b.bat

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-06-11 13:21:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
"ImagePath"="\"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe\"\[u]00\[u]00\[u]00\[u]00\[u]02\[u]00\[u]00\[u]00¨
[%\[u]00«Ô’|\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00\[u]00(\[u]00\[u]00\[u]00\[u]00\[u]00.\[u]03pè\13\[u]00pè\13\[u]00\18î"

.
Temps d'accomplissement: 2008-06-11 13:22:04
ComboFix-quarantined-files.txt 2008-06-11 11:21:58

Pre-Run: 55,830,286,336 octets libres
Post-Run: 55,998,926,848 octets libres

262