ComboFix 08-05-26.2 - TRIPOGNEY 2008-05-27 16:53:18.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.477 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\WINDOWS\LastGood
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 15:08 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 327,680 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-23 13:06 . 2008-05-23 04:25 94,208 --a------ C:\WINDOWS\epse.exe
2008-05-23 13:06 . 2008-05-23 04:25 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 15:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 13:56 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 13:09:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\LastGood\MKUninst.exe
+ 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdclass.sys
+ 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\kbdhid.sys
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vregfwlx"= {06AB7C30-7109-4D4A-9AD9-02EDFED43033} - C:\WINDOWS\vregfwlx.dll [2008-05-25 15:15 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 13:16:37 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 16:55:13
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\SAMLIB.dll
-> ?:\WINDOWS\system32\SAMLIB.dll
.
Temps d'accomplissement: 2008-05-27 16:57:37
ComboFix-quarantined-files.txt 2008-05-27 14:56:55
ComboFix2.txt 2008-05-27 12:24:19
ComboFix3.txt 2008-05-27 06:55:37

Pre-Run: 39,116,513,280 octets libres
Post-Run: 39,122,604,032 octets libres

277 --- E O F --- 2008-05-19 08:41:23

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791

Type de recherche: Examen complet (C:\|)
Eléments examinés: 113103
Temps écoulé: 1 hour(s), 54 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D80C87AB-F62C-4E08-AEB1-3912FF06B029}\RP142\A0025367.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

ComboFix 08-05-26.2 - TRIPOGNEY 2008-05-28 7:52:00.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.573 [GMT 2:00]
Endroit: C:\Documents and Settings\TRIPOGNEY\Bureau\ComboFix.exe
* Resident AV is active


[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 18:35 . 2008-05-27 18:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-27 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 18:30 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 18:30 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 15:12 . 2008-05-27 15:12 <REP> d-------- C:\Program Files\MagicKey
2008-05-27 14:56 . 2008-05-27 14:56 <REP> d-------- C:\Program Files\CCleaner
2008-05-27 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-27 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-27 13:59 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-27 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-27 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-27 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-27 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-27 13:52 . 2008-05-27 14:02 2,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-27 12:01 . 2008-05-27 23:55 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-27 11:52 . 2008-05-27 11:52 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\Bitdefender
2008-05-27 11:51 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\BitDefender
2008-05-27 11:51 . 2008-05-27 11:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 11:49 . 2008-05-27 11:51 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-05-27 11:42 . 2008-05-27 11:42 <REP> d-------- C:\WINDOWS\AU_Temp
2008-05-27 11:42 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\LPT$VPN.299
2008-05-27 11:33 . 2008-05-27 11:33 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 11:17 . 2008-05-27 11:17 36,240,289 --a------ C:\WINDOWS\VPTNFILE.299
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 09:05 . 2008-05-27 09:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-27 08:41 . 2008-05-27 08:44 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-26 09:58 . 2008-05-25 15:15 159,744 --a------ C:\WINDOWS\etkq.exe
2008-05-23 15:17 . 2008-05-26 11:27 379 --a------ C:\WINDOWS\wininit.ini
2008-05-23 14:11 . 2008-05-26 09:58 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\TmpRecentIcons
2008-05-22 17:31 . 2008-05-22 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-21 22:37 . 2001-11-27 15:07 11,886 --a------ C:\WINDOWS\system32\drivers\Kbfilter.sys
2008-05-21 16:57 . 2008-05-21 16:57 <REP> d-------- C:\Program Files\Realtek AC97
2008-05-21 16:55 . 2008-05-21 16:55 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-21 16:55 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-21 16:51 . 2008-05-21 16:51 <REP> d-------- C:\WebCamNXPro
2008-05-21 16:38 . 2008-05-21 16:38 <REP> d-------- C:\Program Files\ma-config.com
2008-05-21 16:38 . 2008-05-21 17:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-20 21:03 . 2008-05-20 21:03 244 --ah----- C:\sqmnoopt15.sqm
2008-05-20 21:03 . 2008-05-20 21:03 232 --ah----- C:\sqmdata15.sqm
2008-05-20 19:52 . 2008-05-21 20:45 <REP> d-------- C:\Program Files\Mumble
2008-05-20 19:20 . 2008-05-20 19:20 <REP> d-------- C:\Program Files\Xvid
2008-05-20 19:20 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-20 19:20 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-20 19:20 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-05-20 18:34 . 2008-05-20 18:34 <REP> d-------- C:\Program Files\VideoMach-2.7.2
2008-05-20 15:19 . 2008-05-20 15:27 2 --a------ C:\WINDOWS\system32\RICHTX.DEP
2008-05-20 15:18 . 2008-05-20 16:30 <REP> d-------- C:\Program Files\MP3 WAV Converter
2008-05-20 14:27 . 2008-05-20 14:27 <REP> d-------- C:\Program Files\NeoTrace Express
2008-05-19 22:58 . 2008-05-27 12:45 <REP> d-------- C:\Program Files\mIRC
2008-05-19 11:05 . 2008-05-19 11:37 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\gtk-2.0
2008-05-19 11:05 . 2008-05-19 11:05 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.thumbnails
2008-05-19 11:04 . 2008-05-19 11:47 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\.gimp-2.4
2008-05-19 11:02 . 2008-05-19 11:02 <REP> d-------- C:\Program Files\GIMP-2.0
2008-05-19 10:51 . 2008-05-27 18:54 <REP> d-------- C:\Documents and Settings\TRIPOGNEY\Application Data\FileZilla
2008-05-14 19:28 . 2008-05-20 13:45 <REP> d-------- C:\Program Files\S2SaTstrat
2008-05-13 03:53 . 2008-05-13 03:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 03:53 . 2008-05-13 03:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-13 03:53 . 2008-05-13 03:53 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-05-13 03:53 . 2008-05-13 03:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-13 03:51 . 2008-05-13 03:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 03:51 . 2008-05-13 03:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-13 03:49 . 2008-05-13 03:49 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-05-13 03:49 . 2008-05-13 03:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 03:49 . 2008-05-13 03:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 03:48 . 2008-05-13 03:48 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-05-05 19:51 . 2008-05-05 19:56 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-05 19:51 . 2008-05-05 19:51 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-05-05 10:45 . 2008-05-05 10:45 <REP> d-------- C:\Program Files\SteamKeyFr
2008-05-05 10:30 . 2008-05-05 10:30 244 --ah----- C:\sqmnoopt14.sqm
2008-05-05 10:30 . 2008-05-05 10:30 232 --ah----- C:\sqmdata14.sqm
2008-05-03 05:46 . 2008-05-03 05:46 1,241,088 --a------ C:\WINDOWS\system32\nvcuda.dll
2008-05-03 05:46 . 2008-05-03 05:46 290,816 --a------ C:\WINDOWS\system32\nvwrsth.dll
2008-05-03 05:46 . 2008-05-03 05:46 253,952 --a------ C:\WINDOWS\system32\nvrsth.dll
2008-04-28 20:23 . 2008-04-28 20:23 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-04-28 20:22 . 2008-04-28 20:22 <REP> d-------- C:\Program Files\eRightSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 05:43 --------- d-----w C:\Program Files\Steam
2008-05-27 12:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-27 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-27 09:42 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-27 09:42 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-27 09:17 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-27 09:17 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-21 13:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-20 17:14 --------- d-----w C:\Program Files\DivX
2008-05-19 14:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-19 14:43 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\AdobeUM
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-03 03:46 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-24 16:05 --------- d-----w C:\Program Files\Java
2008-04-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-23 21:03 --------- d-----w C:\Program Files\IVT Corporation
2008-04-22 20:53 --------- d-----w C:\Program Files\Magicbit
2008-04-22 20:35 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\DivX
2008-04-22 19:22 --------- d-----w C:\Program Files\VirtualDub
2008-04-21 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 16:40 --------- d-----w C:\Program Files\MSBuild
2008-04-21 16:40 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 16:23 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-21 15:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-21 06:37 --------- d-----w C:\Program Files\Xfire
2008-04-21 06:37 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Xfire
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-02 15:07 --------- d-----w C:\Documents and Settings\TRIPOGNEY\Application Data\Uniblue
2008-04-01 18:45 1,755 ----a-w C:\Documents and Settings\TRIPOGNEY\Application Data\SAS7_000.DAT
2008-03-31 18:41 --------- d-----w C:\Program Files\VisualRoute 2008
2008-03-31 18:15 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-03-31 18:15 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-03-31 18:15 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-03-31 16:52 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 16:52 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-10 18:46 159,744 ----a-w C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-03-10 17:58 385,024 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-27_14.23.30,02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 12:06:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-28 05:42:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2001-10-08 17:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
+ 2001-10-08 16:38:32 32,768 ----a-w C:\WINDOWS\MKUninst.exe
- 2004-08-19 15:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 -c--a-w C:\WINDOWS\system32\dllcache\kbdclass.sys
- 2004-08-19 15:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys
- 2004-08-19 15:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
+ 2004-08-19 14:00:34 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
- 2004-08-19 15:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
+ 2004-08-19 14:00:36 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
- 2001-10-09 04:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
+ 2001-10-09 03:11:36 3,948 ----a-w C:\WINDOWS\system32\WTKBInst.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72217827-914b-46c6-a6ee-c00c70842ebf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 16:34 3739672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 01:58 1271032]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-03-10 20:46 1380352]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [2004-07-31 17:50 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\TRIPOGNEY\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-04 23:30:56 2987856]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 17:08:14 661776]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoToolbarCustomize"= 1 (0x1)
"NoStartMenuMorePrograms"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^TRIPOGNEY^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
path=C:\Documents and Settings\TRIPOGNEY\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
backup=C:\WINDOWS\pss\Dragon NaturallySpeaking.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
--a------ 2001-06-30 06:58 135168 C:\Program Files\MagicKey\MagicKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Generic Host Process for Win-32 Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\S2SaTstrat\\stratplanner.exe"=
"C:\\Program Files\\Mumble\\murmur.exe"=
"C:\\Program Files\\Steam\\steamapps\\goodtrip70\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 15:07]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 06:54]
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 15:00]
S3 FVNETusb(505 2958)(R); FVNETusb(505 2958)(R) Service for Wireless LAN 11Mbps USB Adapter;C:\WINDOWS\system32\DRIVERS\vnet558x.sys [2003-04-17 12:21]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-19 10:01]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 NetWlan5;Pilote de carte réseau sans fil 802.11b à base Symbol;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-19 17:03]
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 23:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ceebdc48-fc59-11dc-8e96-00112f07aba8}]
\shell\verb1\command - desktop.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 19:51:01 C:\WINDOWS\Tasks\Shutdown.job"
"2008-04-22 11:56:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-02 11:56:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 07:53:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 7:54:55
ComboFix-quarantined-files.txt 2008-05-28 05:54:47
ComboFix2.txt 2008-05-28 05:50:55
ComboFix3.txt 2008-05-27 22:04:54
ComboFix4.txt 2008-05-27 14:57:38
ComboFix5.txt 2008-05-27 12:24:19

Pre-Run: 39,132,827,648 octets libres
Post-Run: 39,124,037,632 octets libres

272 --- E O F --- 2008-05-19 08:41:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15: VIRUS ALERT!, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TRIPOGNEY\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72217827-914b-46c6-a6ee-c00c70842ebf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {AC9264CC-124E-43B6-9144-8664D704A0BC} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: www.secuser.com
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ [...] hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 8826951671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardw [...] 0_0_30.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8322 bytes