Voici enfin le rapport ComboFix, quel est maintenant ton avis STP ? :
ComboFix 08-07-25.7 - Barlet 2008-07-26 18:13:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.517 [GMT 2:00]
Endroit: C:\Documents and Settings\Barlet\Bureau\outil.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))))))))
.
2008-07-26 15:40 . 2008-07-26 15:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 15:40 . 2008-07-26 15:40 <REP> d-------- C:\Documents and Settings\Barlet\Application Data\Malwarebytes
2008-07-26 15:40 . 2008-07-26 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 15:40 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-26 15:40 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-26 15:04 . 2008-07-26 15:30 5,614 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-26 11:07 . 2008-07-26 11:07 <REP> d-------- C:\Deckard
2008-07-26 11:03 . 2008-07-26 11:03 <REP> d-------- C:\Program Files\Trend Micro
2008-07-26 09:55 . 2008-07-26 14:30 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 09:54 . 2008-07-26 09:54 <REP> d-------- C:\Program Files\Trojan Remover
2008-07-26 09:54 . 2008-07-26 09:54 <REP> d-------- C:\Documents and Settings\Barlet\Application Data\Simply Super Software
2008-07-26 09:54 . 2008-07-26 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-26 09:54 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-26 09:54 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-26 09:54 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-26 09:54 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-26 09:54 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-10 07:02 . 2008-07-10 07:02 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-09 14:00 . 2008-07-10 06:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 16:21 --------- d-----w C:\Program Files\Wanadoo
2008-07-26 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-25 17:10 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-24 09:39 --------- d-----w C:\Documents and Settings\Barlet\Application Data\Skype
2008-07-24 09:37 --------- d-----w C:\Documents and Settings\Barlet\Application Data\skypePM
2008-07-10 05:03 --------- d-----w C:\Program Files\Orange Toolbar FR
2008-07-10 05:03 --------- d-----w C:\Program Files\Aide mémoire
2008-07-10 05:00 --------- d-----w C:\Program Files\IncrediMail
2008-07-10 04:57 --------- d-----w C:\Program Files\Google
2008-06-25 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 16:52 --------- d-----w C:\Program Files\Lavasoft
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-01 15:44 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-11-17 09:44 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-08-19 08:05 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [X]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"Orange Desktop Search"="C:\PROGRA~1\ORANGE~1\ORANGE~1\ORANGE~1.EXE" [2006-06-09 23:29 4937512]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2008-04-14 04:34 1695232]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 14:42 475180]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 19:54 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-08 10:08 29744]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-12-03 11:57 185896]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe" [2004-10-05 17:00 61440]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 15:14 476160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-22 14:13 909392]
"OoPDFSettingsv6.exe"="C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 11:38 460800]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Magentic\\bin\\magentic_install.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56516:TCP"= 56516:TCP:Pando P2P TCP Listening Port
"56516:UDP"= 56516:UDP:Pando P2P UDP Listening Port
R0 MrFilter;EasyWrite Driver;C:\WINDOWS\system32\drivers\MrFilter.sys [2004-02-24 18:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 CZFMDSER.EXE;CZFMDSER.EXE;C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE [2004-01-23 09:17]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-08 10:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - s !;C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBarlet,Runs 1-Click Maintenance at specified times0 []
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s9!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0% []
2008-07-25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - s !;C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartBarlet5Lance la maintenance en 1 clic des heures prcises0 []
2005-09-26 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job - s!&C:\WINDOWS\system32\OOBE\oobebaln.exe/sys /r /n:1SYSTEM0 []
2008-07-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E4A594F-3C10-401C-8A95-97E2E93878FF}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Error Safe Free - C:\Program Files\ErrorSafe Free\uers.exe
HKCU-Run-ErrorSafeFree - C:\Program Files\ErrorSafe Free\uers.exe
HKU-Default-RunOnce-IETI - C:\Program Files\Skype\Phone\IEPlugin\unins000.exe
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Add animation to IncrediMail Style Box
O8 -: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\[u]0
/u2.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 -: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce53.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: traduire la page - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce51.html
O8 -: traduire le texte sélectionné - C:\DOCUME~1\Barlet\LOCALS~1\Temp\cce52.html
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan82.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\live.ini
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lang.ini
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bdupd.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\libfn.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bdcore.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\oscan8.ocx
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-26 18:20:34
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Aide mémoire\TrayIcon.exe
C:\Program Files\Aide mémoire\Aide mémoire.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-26 18:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 16:26:29
Pre-Run: 146,649,325,568 octets libres
Post-Run: 146,736,934,912 octets libres
240 --- E O F --- 2008-06-20 17:09:10
J'ai essayé ta manip...
a priori sans succès ?? aucune détection, à chaque opération de scan : Done....