Virus ou autre joyeuseté...

Bonjour,

Mon ordinateur est infecté depuis deux jours par un virus, et après avoir fait tout ce qui est en mon pouvoir, je capitule et me décide à demander de l'aide à des gens bien plus expérimentés que moi.

Mon anti-virus était Avast, que j'ai désinstallé pour Avira quand on m'a dit que ce dernier était plus efficace pour éradiquer les virus. L'anti-virus ouvre des petites fenêtres toutes les deux secondes pour m'avertir de l'infection de mon ordinateur. Quand je clique sur "delete", rien ne se passe (quand je clique sur autre chose, rien ne se passe non plus, d'ailleurs).

J'aurais du mal à vous dire de quel de virus il s'agit, car comme par hasard à l'heure à la quelle je vous écrit, Avira a arrêté de m'envoyer des messages d'alerte. Je crois juste me souvenir qu'il y avait le mot "trojan".

Voilà si quelqu'un pouvait m'aider comme à un enfant de trois ans, je lui serais fort reconnaissante, car je suis loin d'être calée en informatique.

Bonne journée !

Maintenant y'a un autre truc qui me dit qu'il s'agit d'un spyware nommé SpyWorm.Win32

Merci beaucoup pour la rapidité de ta réponse !

Voici le rapport :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:39, on 29/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\BOULAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://windiwsfsearch.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll
O2 - BHO: 512686 helper - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\Windows\system32\512686\512686.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [wblogon] C:\Windows\System32\algg.exe
O4 - HKCU\..\Run: [VResLab] "C:\Program Files\VResLab\VResLab.exe"
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.onlyiesettings.com/redirect.php (file missing)
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8419 bytes

Re !
Voilà le rapport de ComboFix :





ComboFix 08-10-29.07 - Boulanger 2008-10-29 22:37:04.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1194 [GMT 1:00]
Lancé depuis: C:\Users\Boulanger\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Applications\iebt.dll
C:\Program Files\Applications\iebu.exe
C:\Program Files\Applications\myd.ico
C:\Program Files\Applications\mym.ico
C:\Program Files\Applications\myp.ico
C:\Program Files\Applications\myv.ico
C:\Program Files\Applications\ot.ico
C:\Program Files\Applications\ts.ico
C:\Program Files\Applications\wcm.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1\VirusResponse Lab 2009 2.1.lnk
C:\Users\Boulanger\AppData\Roaming\.#
C:\Users\Boulanger\Documents\My Documents.url
F:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-29 17:36 . 2008-10-29 17:36 <REP> d-------- C:\Program Files\Trend Micro
2008-10-29 14:50 . 2008-10-29 15:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-29 14:50 . 2008-10-29 15:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-29 14:50 . 2008-10-29 21:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-29 10:23 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-29 10:23 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-29 10:23 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-27 17:08 . 2008-10-27 17:08 <REP> d-------- C:\Program Files\CCleaner
2008-10-27 13:31 . 2008-10-27 17:26 <REP> d-------- C:\Windows\System32\512686
2008-10-27 13:31 . 2008-10-29 22:14 <REP> d-------- C:\Program Files\Applications
2008-10-17 17:03 . 2008-10-17 17:03 <REP> d-------- C:\Users\Boulanger\AppData\Roaming\Sony
2008-10-17 17:03 . 2008-10-17 17:03 <REP> d-------- C:\Users\Boulanger\AppData\Roaming\Publish Providers
2008-10-17 17:03 . 2008-10-17 17:03 <REP> d-------- C:\Users\Boulanger\AppData\Roaming\NetMedia Providers
2008-10-17 16:57 . 2008-10-17 16:57 <REP> d-------- C:\Program Files\Sony
2008-10-17 16:56 . 2008-10-17 16:56 <REP> d-------- C:\Program Files\Sony Setup
2008-10-17 16:35 . 2008-10-17 16:38 <REP> d-------- C:\Users\Boulanger\AppData\Roaming\REAPER
2008-10-17 16:35 . 2008-10-17 16:35 <REP> d-------- C:\Program Files\REAPER
2008-10-16 17:25 . 2008-10-16 17:25 <REP> d-------- C:\Program Files\Audacity
2008-10-16 17:24 . 2008-10-29 22:21 <REP> d-------- C:\Users\Boulanger\AppData\Roaming\EoRezo
2008-10-16 17:24 . 2008-10-27 17:04 <REP> d-------- C:\Program Files\EoRezo
2008-10-15 20:39 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 20:39 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 20:39 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 20:39 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 20:39 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 20:39 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-09-29 21:12 . 2008-09-29 21:12 <REP> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 21:21 --------- d-----w C:\Users\Boulanger\AppData\Roaming\OpenOffice.org2
2008-10-29 13:37 5,594 ----a-w C:\Users\Boulanger\AppData\Roaming\wklnhst.dat
2008-10-28 19:37 --------- d---a-w C:\ProgramData\TEMP
2008-10-16 19:06 --------- d-----w C:\Program Files\Windows Mail
2008-09-28 18:14 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-09-27 12:04 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-26 21:13 --------- d-----w C:\Program Files\IZArc
2008-09-25 18:48 --------- d-----w C:\Program Files\Cybercorder
2008-09-25 18:47 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-09-22 12:22 --------- d-----w C:\Users\Boulanger\AppData\Roaming\vlc
2008-09-22 12:19 --------- d-----w C:\Program Files\VideoLAN
2008-09-21 15:46 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-21 10:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-21 08:53 --------- d-----w C:\Program Files\Microsoft Works
2008-09-20 21:41 --------- d-----w C:\ProgramData\eMule
2008-09-20 21:41 --------- d-----w C:\Program Files\eMule
2008-09-20 15:21 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-20 15:08 --------- d-----w C:\Users\Boulanger\AppData\Roaming\Yahoo!
2008-09-20 15:08 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-09-20 15:03 --------- d-----w C:\Program Files\Windows Live
2008-09-20 15:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-20 14:57 --------- d-----w C:\ProgramData\WLInstaller
2008-09-20 14:50 --------- d-----w C:\Program Files\Alwil Software
2008-09-20 13:36 --------- d-----w C:\Program Files\OrangeHSS
2008-09-20 13:35 --------- d-----w C:\Program Files\Securitoo
2008-09-13 12:55 --------- d-----w C:\ProgramData\LKG
2008-09-13 12:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 12:54 --------- d-----w C:\Program Files\Langenscheidt
2008-09-11 19:09 --------- d-----w C:\Users\Boulanger\AppData\Roaming\CyberLink
2008-09-11 14:50 --------- d-----w C:\Users\Boulanger\AppData\Roaming\Big Fish Games
2008-09-11 14:44 --------- d-----w C:\ProgramData\InterAction studios
2008-09-08 20:19 --------- d-----w C:\Program Files\Orange
2008-09-08 20:18 --------- d-----w C:\Program Files\Common Files\France Telecom
2008-09-08 20:14 --------- d-----w C:\Program Files\CardDetector
2008-09-07 17:18 --------- d-----w C:\Program Files\Wanadoo
2008-09-07 14:29 --------- d-----w C:\Users\Boulanger\AppData\Roaming\Template
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 137752]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-01-08 842248]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"EoEngine"="C:\Program Files\EoRezo\EoEngine.exe" [2008-09-23 565248]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 C:\Windows\RtHDVCpl.exe]

C:\Users\Boulanger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-03 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ECAA5C33-6EF9-481B-A8FB-1FE1137C2B17}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{0CA090D9-B3E1-434F-90F3-36F94025ACB3}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{28740110-F50E-4C05-B15A-657958F19917}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{9EB1D7C3-8516-49F7-ABA0-76A4C9D2FB33}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exeV Wizard
"{114DB2C8-84AD-4A69-BE2E-D77C1BD0588E}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{B6FC9111-33EA-4B4C-A212-4882A3674D76}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{247854AD-FE69-4B9B-A593-6A36900FE077}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"{0C8F7D16-A280-4722-AC57-0C0D646B4F0C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-25 00:41 41456]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-23 180736]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-08-07 51712]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 27072]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d132d51-7dc2-11dd-9a11-001f3c03e720}]
\shell\AutoRun\command - F:\AutoRunCardDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4800af2-8d88-11dd-9306-001d72230306}]
\shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea4f7822-61a7-11dd-acad-99fc3cedd4e0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{51B15F5A-E98B-4658-B9CB-9307B74773A7} - C:\Windows\system32\512686\512686.dll
HKCU-Run-wblogon - C:\Windows\System32\algg.exe
HKCU-Run-VResLab - C:\Program Files\VResLab\VResLab.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Boulanger\AppData\Roaming\Mozilla\Firefox\Profiles\2dptqp46.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 22:39:57
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-29 22:41:17
ComboFix-quarantined-files.txt 2008-10-29 21:41:15

Avant-CF: 62,942,396,416 octets libres
Après-CF: 62,915,551,232 octets libres

190 --- E O F --- 2008-10-29 17:25:02