Bonjour,

Je suis infecté - selon Antivir - par le trojan TR/Crypt.XPACK.Gen. Malwarebyte's Anti-Malware, lui, détecte le trojan Vundo (mais VundoFix ne détecte rien).
Voici le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:04, on 23/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {a57244bf-5df9-06d9-ea94-0f8e57265531} - {13556275-e8f0-49ae-9d60-9fd5fb44275a} - C:\Windows\system32\hvsyyp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7CE2557D-736F-468C-9B44-CF7EE5D30414} - C:\Windows\system32\ddcBQhHB.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Play AVStation TV Scheduler] C:\Program Files\Samsung\Play AVStation\TvScheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqRHbAT.dll,#1
O4 - HKLM\..\Run: [40593758] rundll32.exe "C:\Windows\system32\thhjaygh.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BM436a04c4] Rundll32.exe "C:\Windows\system32\neeqepdp.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon888.free.fr/plugins/h [...] 0_0_29.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7998 bytes


Merci pour votre temps, et, je l'espère, votre aide !!

Bonjour,

Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

Télécharge ComboFix (de sUBs) sur ton Bureau.

• Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
• Double clique sur ComboFix.exe.
• Accepte la licence en cliquant sur Oui.
• Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Bonjour,
Tout d'abord, merci pour votre précieuse aide !
Après avoir vos suivis vos indications, voila le rapport CombFix :

ComboFix 08-07-22.4 - romain 2008-07-23 16:52:49.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1304 [GMT 2:00]
Endroit: C:\Users\romain\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\msetup
C:\Windows\msetup\BASW-00500A10\Install.exe
C:\Windows\msetup\BASW-00500A10\install.ini
C:\Windows\msetup\BASW-00500A10\setup.exe
C:\Windows\msetup\BASW-00500A10\SWDesc.txt
C:\Windows\msetup\MSetup.exe
C:\Windows\System32\BHhQBcdd.ini
C:\Windows\System32\BHhQBcdd.ini2
C:\Windows\system32\cvqeemhw.dll
C:\Windows\System32\dfkakajo.ini
C:\Windows\System32\fPAcfMoq.ini
C:\Windows\System32\fPAcfMoq.ini2
C:\Windows\System32\hgyajhht.ini
C:\Windows\System32\hOoonnpo.ini
C:\Windows\System32\hOoonnpo.ini2
C:\Windows\System32\ijRrYJlm.ini
C:\Windows\System32\ijRrYJlm.ini2
C:\Windows\system32\jjmsnc.dll
C:\Windows\System32\Jmlkknpo.ini
C:\Windows\System32\Jmlkknpo.ini2
C:\Windows\system32\MSINET.oca
C:\Windows\System32\mWELnnnn.ini
C:\Windows\System32\mWELnnnn.ini2
C:\Windows\system32\nfekwfut.ini
C:\Windows\System32\oUwyyyxx.ini
C:\Windows\System32\oUwyyyxx.ini2
C:\Windows\system32\sypvwxup.ini
C:\Windows\System32\TBIPstwa.ini
C:\Windows\System32\TBIPstwa.ini2
C:\Windows\system32\thhjaygh.dll
C:\Windows\system32\utapkbbw.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 14:58 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-07-23 06:33 401,720 ----a-w C:\Eden.exe
2008-07-23 04:53 --------- d-----w C:\Program Files\Steam
2008-07-22 15:39 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-22 15:39 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 19:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 18:52 --------- d-----w C:\ProgramData\Avira
2008-07-20 18:52 --------- d-----w C:\Program Files\Avira
2008-07-20 18:21 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-20 18:21 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-20 16:56 --------- d-----w C:\ProgramData\Lavasoft
2008-07-20 16:55 --------- d-----w C:\Program Files\Ad-Aware
2008-07-20 16:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-20 16:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 16:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-20 03:40 --------- d-----w C:\Program Files\ZoneAlarm
2008-07-20 03:39 --------- d-----w C:\ProgramData\CheckPoint
2008-07-20 02:24 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-18 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 17:55 --------- d-----w C:\Program Files\Dofus
2008-06-29 18:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-27 15:39 --------- d-----w C:\ProgramData\McAfee
2008-06-22 16:25 --------- d-----w C:\Program Files\Electronic Arts
2008-06-22 16:12 --------- d-----w C:\ProgramData\Electronic Arts
2008-06-21 16:32 --------- d-----w C:\ProgramData\Messenger Plus!
2008-06-20 22:25 --------- d-----w C:\Program Files\BSplayer
2008-06-19 13:15 --------- d-----w C:\ProgramData\MumboJumbo
2008-06-19 10:44 --------- d-----w C:\Program Files\Microsoft Games
2008-06-18 18:35 --------- d-----w C:\ProgramData\BOONTY
2008-06-18 18:34 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-06-18 18:21 --------- d-----w C:\ProgramData\Trymedia
2008-06-14 01:13 --------- d-----w C:\Program Files\Windows Mail
2008-06-08 16:48 --------- d-----w C:\ProgramData\Media Center Programs
2008-06-05 18:56 --------- d-----w C:\Program Files\CCleaner
2008-06-05 02:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 09:01 --------- d-----w C:\Program Files\RocketDock
2008-05-26 05:25 --------- d-----w C:\ProgramData\ma-config.com
2008-05-20 21:00 208,079,725 ----a-w C:\Windows\DUMP54c3.tmp
2008-05-20 20:29 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-11 07:22 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-21 16:36 171448]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-07 04:17 839680]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 08:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 15:55 54832]
"Play AVStation TV Scheduler"="C:\Program Files\Samsung\Play AVStation\TvScheduler.exe" [2007-01-09 04:09 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-23 08:35 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-23 08:35 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-23 08:35 81920]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 05:27:40 719664]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2913562591-2653527318-3384224109-1003]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A2DEF21-32E4-47E6-A8EA-70068E032BDD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{21536156-C261-45B0-897E-DD7ABB638464}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{85EBF772-074C-428A-92A2-7FEACEF02B53}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{842C0534-2F64-4D77-9E67-80A0DAB403A9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{158A1070-41DD-41E8-A768-37302CB752BD}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EF5A86B5-48E7-4175-9BD7-F5C25C6A3D51}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4C45D534-E6E7-4AC1-B0B2-5BF7011B342C}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{2057835D-1CCA-4BB2-843C-441E60C34EE2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{21C7320D-CB48-4FCF-B4DB-C0EE074344AF}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{1D328242-53E3-4FBD-8BC9-5E16A7979943}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{E4619971-4684-496E-B4BC-C657951C69A4}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B281F865-E2BD-4417-A777-8604EDF6F435}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{8FF17661-0DFB-450E-85E2-E8408F04B0E4}C:\\program files\\steam\\steamapps\\yashtert\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\yashtert\day of defeat source\hl2.exe:hl2
"UDP Query User{F10DF83E-DC29-4E76-8589-6A829E50915A}C:\\program files\\steam\\steamapps\\yashtert\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\yashtert\day of defeat source\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 09:46]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;C:\Windows\system32\DRIVERS\kmdfmemio.sys [2006-11-14 02:11]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-12-20 21:08]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-12-20 21:04]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-20 21:07]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-15 19:12]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-06-18 20:34]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 06:29]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 09:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-18 18:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2d28a7a-0c75-11dd-9ff5-001c26ec4ba2}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{13556275-e8f0-49ae-9d60-9fd5fb44275a} - C:\Windows\system32\hvsyyp.dll
BHO-{7CE2557D-736F-468C-9B44-CF7EE5D30414} - C:\Windows\system32\ddcBQhHB.dll
HKLM-Run-MSServer - C:\Windows\system32\urqRHbAT.dll
HKLM-Run-40593758 - C:\Windows\system32\thhjaygh.dll
HKLM-Run-BM436a04c4 - C:\Windows\system32\neeqepdp.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://charon888.free.fr/plugins/hardwaredetection_3_0_0_29.cab
C:\Windows\Downloaded Program Files\hardwaredetection.inf

O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
C:\Windows\Downloaded Program Files\cab.inf
C:\Windows\Downloaded Program Files\iaplayer.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 16:59:15
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\conime.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-23 17:06:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 15:06:06

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 18,798,256,128 octets libres

220 --- E O F --- 2008-06-29 18:55:12

Re,

Fais un scan complet avec MBAM, poste le rapport