Ecran bleu warning! spyware detected on your

Salut,

Voici le contenu de rapport Combofix

ComboFix 08-03-25.4 - Propriétaire 2008-03-27 9:58:06.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.199 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 01:51 . 2008-03-27 01:51 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Grisoft
2008-03-27 01:50 . 2008-03-27 01:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-27 01:50 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-27 01:45 . 2008-03-27 01:45 <REP> d-------- C:\Program Files\Avira
2008-03-27 01:45 . 2008-03-27 01:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-27 01:34 . 2008-03-27 01:34 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 00:34 . 2008-03-27 00:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
2008-03-27 00:30 . 2008-03-27 00:30 <REP> d-------- C:\Program Files\Lavasoft
2008-03-27 00:30 . 2008-03-27 00:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 00:12 . 2008-03-27 00:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
2008-03-26 23:39 . 2008-03-26 23:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
2008-03-26 15:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-26 15:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-26 15:48 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-26 15:48 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-26 15:48 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-26 15:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-26 15:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-26 15:48 . 2008-03-26 23:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-26 15:34 . 2008-03-26 15:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
2008-03-26 14:48 . 2008-03-26 14:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
2008-03-26 13:31 . 2008-03-26 13:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
2008-03-26 12:54 . 2008-03-26 12:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
2008-03-26 11:48 . 2008-03-26 11:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
2008-03-26 11:48 . 2008-03-26 11:44 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-03-26 11:48 . 2008-03-26 11:44 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-03-26 11:44 . 2008-03-26 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-03-26 11:31 . 2008-03-26 11:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
2008-03-26 11:29 . 2008-03-26 11:33 <REP> d-------- C:\WINDOWS\system32\PAV
2008-03-26 11:29 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-03-26 11:29 . 2008-03-26 11:29 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-03-26 11:28 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-03-26 11:28 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-03-26 11:27 . 2008-03-26 11:27 <REP> d-------- C:\Program Files\Panda Security
2008-03-26 10:37 . 2008-03-26 10:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
2008-03-25 23:40 . 2008-03-25 23:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
2008-03-25 23:11 . 2008-03-25 23:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-25 22:57 . 2008-03-25 22:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
2008-03-25 22:50 . 2008-03-25 22:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
2008-03-25 22:49 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-25 22:49 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-25 22:49 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-25 22:49 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-25 22:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-25 22:46 . 2008-03-25 22:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
2008-03-25 22:34 . 2008-03-25 22:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
2008-03-25 22:30 . 2008-03-26 13:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-25 21:57 . 2008-03-25 21:57 <REP> d----c--- C:\kav
2008-03-25 21:55 . 2008-03-25 21:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
2008-03-25 21:47 . 2008-03-25 21:58 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-03-25 21:44 . 2008-03-25 21:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
2008-03-25 21:31 . 2004-08-20 00:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
2008-03-25 21:29 . 2008-03-25 21:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
2008-03-25 21:02 . 2008-03-25 21:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
2008-03-25 21:01 . 2008-03-25 21:02 2 --a--c--- C:\953211791
2008-03-25 17:52 . 2008-03-25 17:52 <REP> d----c--- C:\SAV32CLI
2008-03-25 01:19 . 2008-03-25 23:37 <REP> d-------- C:\Program Files\Spyware Doctor
2008-03-25 01:19 . 2008-03-25 01:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
2008-03-24 18:20 . 2008-03-24 18:20 <REP> d-------- C:\Program Files\ma-config.com
2008-03-24 18:20 . 2008-03-24 18:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
2008-03-20 16:36 . 2008-03-24 15:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-03-20 16:34 . 2008-03-24 15:23 <REP> d-------- C:\Program Files\BitTorrent
2008-03-14 11:27 . 2008-03-14 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 08:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-03-26 10:48 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-03-26 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
2008-03-25 22:36 --------- d-----w C:\Program Files\Google
2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-22 21:19 --------- d-----w C:\Program Files\eMule
2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
2008-02-07 09:27 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]
C:\WINDOWS\system32\jfiehayd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 21:49 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 19:54 155648]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-25 23:40 1816208]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 01:47 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
opnkhfd.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
"nwiz"=nwiz.exe /install
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-26 11:44]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-26 11:44]
S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 17:17]
S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 17:16]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 10:05:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-27 10:07:07
ComboFix-quarantined-files.txt 2008-03-27 09:07:03
.
2008-03-12 13:45:30 --- E O F ---




et le nouveau hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:29, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed055YYFR_ZN
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Interface Chat Wanadoo - http://chat5.x-echo.com/version2/Applet/wchatsign.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
End of file - 8246 bytes



Merci de ton aide

salut g!rly,
merci merci merci je ne sais pas comment je vai vous remercier
pour la premiere fois je trouve un vrais bon sujet merciiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii­iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii pour la deuxieme fois et pour la troisieme fois meeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerrrrr­rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr­rrccccccccccccccccccccccccccccccccciiiiiiiiiiiiiiiiiiiiiiiii­iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii­iiiiiiiiiiiiiii

bonsoir
Voici les rapports

omboFix 08-03-25.4 - Propriétaire 2008-03-27 20:07:24.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.168 [GMT 1:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
-- Script messages for sUBs --
C:\WINDOWS\system32\CF9048.exe /S /D /c" ( GSAR -F -s:x1A -r 2>nul | SED -r "s/\x00//g; s/http:/\nhxxp:/g;s/.:\\/\n&/g;" | ( SED -r "/^hxxp:\/\/.*\//!d; s/(.{7}[[:alnum:].]*).*/\1/; $s/.*/&\n/" | GREP -Fivf BitsStr ) )"
C:\WINDOWS\system32\CF9048.exe /S /D /c" type "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr?.dat" 2>nul"

((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 20:23 . 2008-03-27 20:23 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-03-27 19:38 . 2008-03-27 19:38 <REP> d-------- C:\Program Files\Tall Emu
2008-03-27 19:38 . 2008-03-27 19:52 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\OnlineArmor
2008-03-27 19:38 . 2008-03-27 19:38 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-03-27 19:38 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-03-27 19:38 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-03-27 19:38 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-03-27 18:08 . 2008-03-27 18:01 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-03-27 18:08 . 2008-03-27 18:01 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-03-27 17:48 . 2008-03-27 18:22 <REP> d-------- C:\WINDOWS\system32\PAV
2008-03-27 17:48 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-03-27 17:48 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-03-27 17:48 . 2008-03-27 17:48 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-03-27 17:47 . 2008-03-27 17:47 <REP> d-------- C:\Program Files\Panda Security
2008-03-27 17:47 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-03-27 01:50 . 2008-03-27 01:50 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-27 01:45 . 2008-03-27 01:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-27 01:34 . 2008-03-27 01:34 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 00:34 . 2008-03-27 00:34 269,334 --a------ C:\WINDOWS\system32\gfqhorilsfel.bmp
2008-03-27 00:30 . 2008-03-27 00:30 <REP> d-------- C:\Program Files\Lavasoft
2008-03-27 00:30 . 2008-03-27 00:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 00:12 . 2008-03-27 00:12 269,334 --a------ C:\WINDOWS\system32\fqdofmd.bmp
2008-03-26 23:39 . 2008-03-26 23:39 269,334 --a------ C:\WINDOWS\system32\ilsfit.bmp
2008-03-26 15:48 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-26 15:48 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-26 15:48 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-26 15:48 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-26 15:48 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-26 15:48 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-26 15:48 . 2008-03-26 23:55 2,212 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-26 15:34 . 2008-03-26 15:34 269,334 --a------ C:\WINDOWS\system32\lkfadsfeh.bmp
2008-03-26 14:48 . 2008-03-26 14:48 269,334 --a------ C:\WINDOWS\system32\etcrahcfidgr.bmp
2008-03-26 13:31 . 2008-03-26 13:31 269,334 --a------ C:\WINDOWS\system32\baloned.bmp
2008-03-26 12:54 . 2008-03-26 12:54 269,334 --a------ C:\WINDOWS\system32\pcjelgrmt.bmp
2008-03-26 11:48 . 2008-03-26 11:48 269,334 --a------ C:\WINDOWS\system32\fqlkjipsr.bmp
2008-03-26 11:44 . 2008-03-26 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-03-26 11:31 . 2008-03-26 11:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\sentinel
2008-03-26 10:37 . 2008-03-26 10:37 269,334 --a------ C:\WINDOWS\system32\fadonapgrap.bmp
2008-03-25 23:40 . 2008-03-25 23:40 269,334 --a------ C:\WINDOWS\system32\fmhcratsjahgr.bmp
2008-03-25 23:11 . 2008-03-25 23:11 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-03-25 22:57 . 2008-03-25 22:57 269,334 --a------ C:\WINDOWS\system32\nipsnmdgr.bmp
2008-03-25 22:50 . 2008-03-25 22:50 269,334 --a------ C:\WINDOWS\system32\cfetofqdgj.bmp
2008-03-25 22:49 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-25 22:49 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-25 22:49 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-25 22:49 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-25 22:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-03-25 22:46 . 2008-03-25 22:46 269,334 --a------ C:\WINDOWS\system32\fihgjmd.bmp
2008-03-25 22:34 . 2008-03-25 22:34 269,334 --a------ C:\WINDOWS\system32\orqtojahcfilgn.bmp
2008-03-25 22:30 . 2008-03-26 13:28 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-25 21:57 . 2008-03-25 21:57 <REP> d----c--- C:\kav
2008-03-25 21:55 . 2008-03-25 21:55 269,334 --a------ C:\WINDOWS\system32\relkr.bmp
2008-03-25 21:47 . 2008-03-25 21:58 81,465 --a------ C:\WINDOWS\system32\drivers\klif.cab
2008-03-25 21:44 . 2008-03-25 21:44 269,334 --a------ C:\WINDOWS\system32\netcn.bmp
2008-03-25 21:31 . 2004-08-20 00:09 88,064 --a------ C:\WINDOWS\system32\adsldpg.dll
2008-03-25 21:29 . 2008-03-25 21:29 269,334 --a------ C:\WINDOWS\system32\lsnmdgbip.bmp
2008-03-25 21:02 . 2008-03-25 21:02 269,334 --a------ C:\WINDOWS\system32\idcjetgjal.bmp
2008-03-25 21:01 . 2008-03-25 21:02 2 --a--c--- C:\953211791
2008-03-25 17:52 . 2008-03-25 17:52 <REP> d----c--- C:\SAV32CLI
2008-03-25 01:19 . 2008-03-25 23:37 <REP> d-------- C:\Program Files\Spyware Doctor
2008-03-25 01:19 . 2008-03-25 01:19 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
2008-03-24 18:20 . 2008-03-24 18:20 <REP> d-------- C:\Program Files\ma-config.com
2008-03-24 18:20 . 2008-03-24 18:23 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\ma-config.com
2008-03-20 16:36 . 2008-03-24 15:22 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-03-20 16:34 . 2008-03-24 15:23 <REP> d-------- C:\Program Files\BitTorrent
2008-03-14 11:27 . 2008-03-14 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 18:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 17:08 --------- d-----w C:\Program Files\Fichiers communs\Panda Software
2008-03-27 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 23:30 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-26 11:18 --------- d-----w C:\Program Files\MSN Messenger
2008-03-25 23:15 --------- d-----w C:\Program Files\a-squared Free
2008-03-25 22:36 --------- d-----w C:\Program Files\Google
2008-03-24 19:32 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-22 21:19 --------- d-----w C:\Program Files\eMule
2008-03-14 10:32 --------- d-----w C:\Program Files\Windows Live
2008-03-14 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-10 20:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
2008-02-20 13:00 --------- d-----w C:\Program Files\Soulseek
2008-02-09 17:50 --------- d-----w C:\Program Files\eBay
2008-02-07 09:27 --------- d-----w C:\Program Files\TuneUp Utilities 2004
2008-01-08 21:16 67,136 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2002-12-08 13:57 9,732,138 ----a-w C:\Program Files\RealOnePlayerV2GOLD_fr.exe
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) /color
578,048 2005-03-02 18:20:32 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
579,072 2007-03-08 15:50:30 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
561,152 2003-09-25 16:57:50 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
561,152 2002-08-29 18:45:06 C:\WINDOWS\$NtServicePackUninstall$\user32.dll.000
561,152 2002-08-29 18:45:06 C:\WINDOWS\$NtUninstallQ328310$\user32.dll
562,176 2001-08-28 12:00:00 C:\WINDOWS\$NtUninstallQ328310_RTM$\user32.dll
561,152 2003-09-25 16:57:50 C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
529,920 2002-11-22 10:29:40 C:\WINDOWS\$xpsp1hfm$\Q328310\user32.dll
266,993 2001-08-28 19:00:00 C:\WINDOWS\I386\USER32.DL_
578,048 2004-08-19 23:09:46 C:\WINDOWS\ServicePackFiles\i386\user32.dll
578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\user32.dll
578,560 2007-03-08 15:37:50 C:\WINDOWS\system32\dllcache\user32.dll


((((((((((((((((((((((((((((( snapshot@2008-03-27_10.05.53,67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-26 14:38:48 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-27 17:10:37 40,664 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-26 14:38:48 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-27 17:10:37 49,486 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-26 14:38:48 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-27 17:10:37 312,946 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-26 14:38:48 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-27 17:10:37 369,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5AF49A2-94F3-42BD-F434-2604812C897D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 05:39 59392]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-30 21:49 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 19:54 155648]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-03-25 23:40 1816208]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Suite"="regedit -s c:\windows\temp\adj_hp.reg" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkhfd]
opnkhfd.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Instant Access"=rundll32.exe p2esocks_1021.dll,InstantAccess
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
"nwiz"=nwiz.exe /install
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DataLayer"=C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-03-27 18:01]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-03-27 18:01]
R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
S1 jwlbqzpi;jwlbqzpi;C:\WINDOWS\twain_32\jwlbqzpi.dll []
S3 lvgaec;Logitech Kernel Audio Processing (AEC) Filter Driver;C:\WINDOWS\system32\drivers\lvgaec.sys [2004-11-01 17:17]
S3 lvsmflt;Logitech Kernel Audio Processing (Switch and Mute) Filter Driver;C:\WINDOWS\system32\drivers\lvsmflt.sys [2004-11-01 17:16]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-21 16:15:09 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 20:24:16
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Temps d'accomplissement: 2008-03-27 20:30:20
ComboFix-quarantined-files.txt 2008-03-27 19:30:07
.
2008-03-12 13:45:30 --- E O F ---



ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:26, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\CF9048.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O4 - .DEFAULT User Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe (User 'Default user')
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O20 - Winlogon Notify: opnkhfd - opnkhfd.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVSrvLauncher - Unknown owner - C:\Program Files\Fichiers communs\Logitech\KAudP\srvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
End of file - 7117 bytes