Hello oneyed

Welcome to PC Help Forum.

Please click this link called Prework and follow the instructions and a member of the Security Team will assist you as soon as possible.

Ok, here are all the logs...
I didn't do anything special except ccleaner/spybot.
I have Comodo and avast installed and running.
I changed the ram from 512Mo to 1024, it's not much but should be more than enough for what I do with this laptop...

Thanks for you help.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Propri‚taire at 15:53:58,04 on 14/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.766.320 [GMT 0:00]

AV: avast! antivirus 4.8.1335 [VPS 091114-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR GA511 Adapter\GA511.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Propriétaire\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~ 1\ga511s~1.lnk - c:\windows\installer\{52cad7c7-1e41-43fe-8613-ab9d79b2dbbc}\NewShortcut1.exe
StartupFolder: c:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~ 1\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245798116125
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\propri~1\applic~1\mozilla\firefox\prof iles\hmlyq8da.default\
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-17 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-24 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-24 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2009-7-17 20560]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2006-11-28 8440]
S3 Diag69xpiag69xp;c:\windows\system32\drivers\diag69 xp.sys [2006-11-28 11237]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-9-23 238960]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\driv ers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-11-14 13:33:20 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-11 23:49:50 0 d--h--r- c:\documents and settings\propriétaire\Recent
2009-10-29 13:42:00 182 ----a-w- c:\windows\INSTAT.INI
2009-10-29 13:34:56 0 d-----w- c:\program files\InStat3
2009-10-24 17:16:35 230432 ----a-w- C:\StiImg.dat
2009-10-22 15:43:58 0 d-----w- c:\docume~1\propri~1\applic~1\Trusteer
2009-10-22 15:40:18 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Trusteer
2009-10-21 08:32:15 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-21 08:32:15 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-10-21 08:32:14 0 d-----w- c:\program files\Realtek
2009-10-21 08:29:02 0 d-----w- c:\program files\Realtek AC97
2009-10-21 08:24:12 0 d-----w- c:\program files\ma-config.com

==================== Find3M ====================

2009-11-14 14:50:03 8912896 ---ha-w- c:\documents and settings\propriétaire\NTUSER.DAT
2009-11-09 17:03:53 80946 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-09 17:03:53 501138 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-02 10:40:49 60918 ----a-w- c:\windows\fonts\AdobeFnt09.lst
2009-09-22 10:52:04 19704 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18:20 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:01:24 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 15:55:35,20 ===============



Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
avast! updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
TuneUp Utilities 2008
CCleaner
Java(TM) 6 Update 14
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

I dont see any sign of malware but lets take a look.

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.41 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3174
Windows 5.1.2600 Service Pack 3

15/11/2009 13:28:48
mbam-log-2009-11-15 (13-28-48).txt

Type de recherche: Examen rapide
Eléments examinés: 134162
Temps écoulé: 9 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.


thanks for your help!

If you are still having a problem,run this.At the moment I dont see any malware problems.

You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

Hi, thanks for your help!
here is the combofix log:

ComboFix 09-11-16.05 - Propriétaire 16/11/2009 9:24..1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.766.432 [GMT 0:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\CombFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jerome\new.txt
c:\documents and settings\Jerome\RavMonLog
c:\recycler\S-1-5-21-1993962763-573735546-839522115-1004
c:\windows\system32\AutoRun.inf
c:\windows\system32\oem2.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-16 au 2009-11-16 ))))))))))))))))))))))))))))))))))))
.

2009-11-15 13:13 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 13:13 . 2009-11-15 13:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-15 13:13 . 2009-11-15 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 13:13 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 13:33 . 2009-11-14 13:33 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-29 13:34 . 2009-11-06 16:53 -------- d-----w- c:\program files\InStat3
2009-10-24 17:16 . 2009-10-24 17:16 230432 ----a-w- C:\StiImg.dat
2009-10-23 08:16 . 2009-10-23 08:16 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT\Application Data\Trusteer
2009-10-22 15:40 . 2009-10-22 15:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer
2009-10-21 08:32 . 2009-03-25 13:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-10-21 08:32 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-10-21 08:32 . 2009-10-21 08:32 -------- d-----w- c:\program files\Realtek
2009-10-21 08:29 . 2009-10-21 08:29 -------- d-----w- c:\program files\Realtek AC97
2009-10-21 08:24 . 2009-10-21 08:24 -------- d-----w- c:\program files\ma-config.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 15:00 . 2004-08-05 12:00 80946 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-15 15:00 . 2004-08-05 12:00 501138 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 16:26 . 2009-07-11 18:43 -------- d-----w- c:\program files\Flickr Uploadr
2009-11-14 15:43 . 2009-06-25 08:10 -------- d-----w- c:\program files\BitTorrent
2009-11-14 14:24 . 2006-12-21 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 14:23 . 2009-08-26 17:09 -------- d-----w- c:\program files\Trend Micro
2009-11-14 10:44 . 2006-12-23 10:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-11 23:49 . 2009-08-28 12:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-10 21:07 . 2007-10-31 17:30 -------- d-----r- c:\program files\Skype
2009-11-10 21:07 . 2007-12-28 21:18 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-11-10 21:07 . 2009-06-24 18:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-11-09 16:57 . 2009-06-27 16:51 -------- d-----w- c:\program files\CCleaner
2009-10-23 15:35 . 2009-10-10 17:23 -------- d-----w- c:\program files\FoxTarot4
2009-10-21 08:24 . 2009-06-23 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com
2009-10-18 20:35 . 2009-01-05 12:01 -------- d-----w- c:\program files\ACD Systems
2009-10-18 20:33 . 2006-12-22 10:24 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 10:23 . 2009-10-11 10:23 -------- d-----w- c:\program files\TCP Optimizer
2009-10-06 21:34 . 2008-01-13 14:39 -------- d-----w- c:\program files\Windows Live
2009-10-06 15:38 . 2009-10-06 15:38 -------- d-----w- c:\program files\MSECache
2009-09-30 16:23 . 2009-09-30 16:22 -------- d-----w- c:\program files\SoundRuler
2009-09-29 12:06 . 2007-03-03 16:07 -------- d-----w- c:\program files\Fichiers communs\PCCamera
2009-09-27 19:48 . 2007-01-04 12:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-27 10:52 . 2009-09-27 10:52 -------- d-----w- c:\program files\FDRTools Basic 2.3.0
2009-09-27 10:51 . 2009-09-27 10:51 -------- d-----w- c:\program files\Photomatix
2009-09-22 10:52 . 2009-09-22 10:52 19704 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 11:59 . 2009-07-17 08:42 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2009-07-17 08:42 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2009-07-17 08:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2009-07-17 08:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-07-17 08:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2009-07-17 08:43 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-07-17 08:43 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-07-17 08:43 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2009-07-17 08:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-11 14:18 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:01 . 2004-08-05 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-04 1793808]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-11 20992]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
GA511 Smart Wizard Utility.lnk - c:\windows\Installer\{52CAD7C7-1E41-43FE-8613-AB9D79B2DBBC}\NewShortcut1.exe [2009-6-24 40960]
Post-it© Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/07/2009 08:42 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/06/2009 11:21 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/06/2009 11:21 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [17/07/2009 08:42 20560]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [28/11/2006 09:48 8440]
R3 Diag69xpiag69xp;c:\windows\system32\drivers\diag 69xp.sys [28/11/2006 09:48 11237]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11:29 162176]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIV ERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\hmlyq8da.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-16 09:52
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

************************************************** ************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(900)
c:\windows\system32\guard32.dll
.
Heure de fin: 2009-11-16 09:58
ComboFix-quarantined-files.txt 2009-11-16 09:57

Avant-CF: 6 998 814 720 octets libres
Après-CF: 7 085 703 168 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP �dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 98229DAB22944DDC2904624E8D7FE885