[Resolu] PC infecté, rapport hijackthis

ComboFix 08-01-02.1 - Propriétaire 2008-01-01 20:52:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1377 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\2WCPU868\www.broadcaster.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
c:\Documents and Settings\Propriétaire\Local Settings\Application Data\sxcbedjnlq.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\sxcbedjnlq_nav.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\sxcbedjnlq_navps.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 19:07 . 2006-06-09 09:09 670,542 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-01 19:06 . 2008-01-01 19:21 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-01 18:53 . 2008-01-01 18:57 <REP> d-------- C:\Program Files\UnZixWin
2007-12-30 18:01 . 2007-12-30 18:01 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-30 17:58 . 2007-12-30 18:53 <REP> d-------- C:\Program Files\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-19 14:45 . 2007-12-19 14:45 <REP> d-------- C:\Program Files\TribalWeb
2007-12-04 10:25 . 2007-12-04 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 10:24 . 2007-12-04 10:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-03 11:24 . 2007-12-03 11:24 <REP> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 19:59 --------- d-----w C:\Program Files\Wanadoo
2008-01-01 18:30 --------- d---a-w C:\Program Files\Java Web Start
2008-01-01 18:06 --------- d-----w C:\Program Files\eMule
2008-01-01 17:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-01 17:53 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-04 09:27 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-04 09:27 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-26 21:22 --------- d-----w C:\Program Files\RingtoneMaker
2007-11-26 21:22 --------- d-----w C:\Program Files\Panda Security
2007-11-26 20:40 64,942 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-26 20:40 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-21 11:10 --------- d-----w C:\Program Files\Safari
2007-11-19 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 16:49 --------- d-----w C:\Program Files\cpuz
2007-11-14 06:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 09:41 --------- d-----w C:\Program Files\Windows Live
2007-11-13 09:39 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2006-06-05 17:22 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-05-12 21:06 56 --sh--r C:\WINDOWS\system32\564D6A7FE0.sys
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-06-08 19:20 13,250 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 835654 C:\WINDOWS\system32\nview.dll]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 06:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 06:19 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"EoEngine"="" []
"EoWeather"="" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 11:56]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-05-08 02:00]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 17:52]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 03:15]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-17 11:24]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 14:46]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f99221d-6205-11dc-b390-806d6172696f}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-28 09:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 20:59:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-01-02 21:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-02 20:02:54
.
2007-12-13 21:10:57 --- E O F ---

File::
C:\WINDOWS\system32\wintems.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:27, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\TribalWeb\tribalweb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://consoclic.3uu.de
O15 - Trusted Zone: http://www.consoclicker.com
O15 - Trusted Zone: http://express.foto.com
O15 - Trusted Zone: http://www.google.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {4F8E4B47-EF1C-43AC-A8C7-E47353960AD6} (TNSClickera.Clicker) - http://consoclic.3uu.de/TNSClickra.CAB
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {70A5EBDC-3EA6-464A-9FF7-084BC150C417} (TNSClickera.Clicker) - http://www.consoclicker.com/TNSClickra.CAB
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9394 bytes

ComboFix 08-01-02.1 - Propriétaire 2008-01-03 11:09:31.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1466 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\wintems.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 22:16 . 2008-01-02 22:16 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-02 22:16 . 2008-01-02 22:16 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-02 22:16 . 2008-01-02 22:16 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-02 22:14 . 2008-01-02 22:15 <REP> d-------- C:\Program Files\RegCleaner
2008-01-01 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 19:07 . 2006-06-09 09:09 670,542 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-01 19:06 . 2008-01-01 19:21 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-01 18:53 . 2008-01-01 18:57 <REP> d-------- C:\Program Files\UnZixWin
2007-12-30 18:01 . 2007-12-30 18:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\skypePM
2007-12-30 18:01 . 2007-12-30 18:01 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\skypePM
2007-12-30 18:01 . 2007-12-30 18:01 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-30 17:58 . 2007-12-30 18:53 <REP> d-------- C:\Program Files\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-30 17:58 . 2007-12-31 17:09 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Skype
2007-12-30 17:58 . 2007-12-31 17:09 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-19 14:45 . 2007-12-19 14:45 <REP> d-------- C:\Program Files\TribalWeb
2007-12-19 14:45 . 2007-12-20 18:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TribalWeb
2007-12-19 14:45 . 2007-12-20 18:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TribalWeb
2007-12-04 10:25 . 2007-12-04 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 10:24 . 2007-12-04 10:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-03 11:24 . 2007-12-03 11:24 <REP> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 09:31 --------- d-----w C:\Program Files\Wanadoo
2008-01-01 18:30 --------- d---a-w C:\Program Files\Java Web Start
2008-01-01 18:06 --------- d-----w C:\Program Files\eMule
2008-01-01 17:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-01 17:53 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-01 16:40 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-01-01 16:40 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2007-12-04 09:27 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-04 09:27 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-03 10:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2007-12-03 10:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2007-11-26 21:22 --------- d-----w C:\Program Files\RingtoneMaker
2007-11-26 21:22 --------- d-----w C:\Program Files\Panda Security
2007-11-26 20:40 64,942 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-26 20:40 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-26 20:40 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-21 11:10 --------- d-----w C:\Program Files\Safari
2007-11-19 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 16:49 --------- d-----w C:\Program Files\cpuz
2007-11-14 06:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 09:41 --------- d-----w C:\Program Files\Windows Live
2007-11-13 09:39 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2006-06-05 17:22 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-05-12 21:06 56 --sh--r C:\WINDOWS\system32\564D6A7FE0.sys
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-06-08 19:20 13,250 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_21.02.40.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-02 18:13:23 2,181,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
- 2005-02-24 17:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-24 18:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
- 2005-02-24 17:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-24 18:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
- 2005-02-24 17:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
- 2005-02-24 17:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2005-02-24 18:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2007-02-28 16:08:21 2,184,192 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2004-08-20 00:04:36 2,183,040 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-20 00:04:36 2,183,040 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 835654 C:\WINDOWS\system32\nview.dll]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 06:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 06:19 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"EoEngine"="" []
"EoWeather"="" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-02 22:16 949376]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 14:11:14]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-19 14:45:47]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 14:11:14]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-19 14:45:47]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 00:43:23]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-05-31 09:56:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 11:56]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-05-08 02:00]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 17:52]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 03:15]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-17 11:24]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 14:46]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f99221d-6205-11dc-b390-806d6172696f}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

*Newly Created Service* - NOD32KRN
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-28 09:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 11:10:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-01-03 11:11:26
ComboFix-quarantined-files.txt 2008-01-03 10:11:12
ComboFix2.txt 2008-01-02 20:02:58
.
2008-01-02 21:19:23 --- E O F ---

File::
C:\WINDOWS\system32\drivers\hldrrr.exe

ComboFix 08-01-02.1 - Propriétaire 2008-01-02 17:44:50.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1534 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\hldrrr.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 22:16 . 2008-01-02 22:16 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-02 22:16 . 2008-01-02 22:16 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-02 22:16 . 2008-01-02 22:16 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-02 22:14 . 2008-01-02 22:15 <REP> d-------- C:\Program Files\RegCleaner
2008-01-01 20:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 19:06 . 2008-01-01 19:21 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-01 18:53 . 2008-01-01 18:57 <REP> d-------- C:\Program Files\UnZixWin
2007-12-30 18:01 . 2008-01-03 11:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\skypePM
2007-12-30 18:01 . 2008-01-03 11:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\skypePM
2007-12-30 18:01 . 2007-12-30 18:01 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-30 17:58 . 2007-12-30 18:53 <REP> d-------- C:\Program Files\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-30 17:58 . 2008-01-03 11:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Skype
2007-12-30 17:58 . 2008-01-03 11:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Skype
2007-12-30 17:58 . 2007-12-30 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-19 14:45 . 2007-12-19 14:45 <REP> d-------- C:\Program Files\TribalWeb
2007-12-19 14:45 . 2007-12-20 18:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TribalWeb
2007-12-19 14:45 . 2007-12-20 18:49 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TribalWeb
2007-12-04 10:25 . 2007-12-04 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 10:24 . 2007-12-04 10:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-03 11:24 . 2007-12-03 11:24 <REP> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 10:13 --------- d-----w C:\Program Files\Wanadoo
2008-01-02 15:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-01-02 15:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-01-01 18:30 --------- d---a-w C:\Program Files\Java Web Start
2008-01-01 18:06 --------- d-----w C:\Program Files\eMule
2008-01-01 17:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-01 17:53 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-04 09:27 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-04 09:27 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-03 10:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2007-12-03 10:23 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2007-11-26 21:22 --------- d-----w C:\Program Files\RingtoneMaker
2007-11-26 21:22 --------- d-----w C:\Program Files\Panda Security
2007-11-26 20:40 64,942 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-26 20:40 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-26 20:40 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-21 11:10 --------- d-----w C:\Program Files\Safari
2007-11-19 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 16:49 --------- d-----w C:\Program Files\cpuz
2007-11-14 06:53 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 09:41 --------- d-----w C:\Program Files\Windows Live
2007-11-13 09:39 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2006-06-05 17:22 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2006-05-12 21:06 56 --sh--r C:\WINDOWS\system32\564D6A7FE0.sys
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-06-08 19:20 13,250 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_21.02.40.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-02 18:13:23 2,181,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
- 2005-02-24 17:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-24 18:35:26 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
- 2005-02-24 17:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-24 18:35:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
- 2005-02-24 17:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:26 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:26 730,336 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
- 2005-02-24 17:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2005-02-24 18:35:26 395,488 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2007-02-28 16:08:21 2,184,192 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:15:28 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2007-02-28 16:02:36 2,182,400 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2004-08-20 00:04:36 2,183,040 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-20 00:04:36 2,183,040 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 16:02:36 2,182,400 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 06:19 835654 C:\WINDOWS\system32\nview.dll]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 06:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 06:19 323584 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10 335872]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"EoEngine"="" []
"EoWeather"="" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-02 22:16 949376]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 14:11:14]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-19 14:45:47]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 14:11:14]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-19 14:45:47]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 00:43:23]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2006-05-31 09:56:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2003-12-05 11:56]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-05-08 02:00]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 17:52]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 03:15]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-17 11:24]
S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18:14]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 14:46]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 13:45]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f99221d-6205-11dc-b390-806d6172696f}]
\Shell\AutoRun\command - G:\Info.exe folder.htt 480 480

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-28 09:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-02 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 17:45:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-01-02 17:46:13
ComboFix-quarantined-files.txt 2008-01-02 16:45:57
ComboFix2.txt 2008-01-02 16:43:12
ComboFix3.txt 2008-01-03 10:11:27
ComboFix4.txt 2008-01-02 20:02:58
.
2008-01-02 21:19:23 --- E O F ---