théo51

Rapport effectué Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:50, on 23/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\RtHDVCpl.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 8024 bytes

Voila normalmen c' est bon Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:51:05, on 22/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe c:\Program Files\Trend Micro\HijackThis\Mattanoll.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 7957 bytes Objection?? (Encore et encore merci pour ce suivi personel)

Sayez j' ai tou fai, l' antivirus est installé. C' est fini?

Ha je ne me rapel plus pour F-Secure:s. Et j' ai désinstallé emule donc de ce côté la , pas de problème. MErci des conseils! et oui je veux bien pour l' antivirus c' est super sympa:)

Et voila le dernier rapport;) # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3116 (20080521) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=b80cf141bd9db2469e3c29ce2fcbe239 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-05-21 01:18:15 # local_time=2008-05-21 03:18:15 (+0100, Paris, Madrid (heure d'été)) # country="France" # osver=6.0.6001 NT Service Pack 1 # scanned=526217 # found=1 # scan_time=6609 C:\Users\Mattanoll\Downloads\MSETUP.0XE Win32/Adware.IeDefender.NEF application BDFE27785915D0AD29F2F33F37504732

Les 2 premiers rapports déja Explorer killed successfully DllUnregisterServer procedure not found in C:\Windows\System32\ugmjyula.dll C:\Windows\System32\ugmjyula.dll NOT unregistered. C:\Windows\System32\ugmjyula.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\uvmirvvc.dll C:\Windows\System32\uvmirvvc.dll NOT unregistered. C:\Windows\System32\uvmirvvc.dll moved successfully. C:\Windows\system32\kr_done1de moved successfully. C:\Windows\winstart.bat moved successfully. File/Folder C:\Windows\System32\fccvedtl.dll not found. File/Folder C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll not found. Explorer started successfully < EmptyTemp > File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB5.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB7.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC4B.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC83.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFA9.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFDF.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA64.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA6E.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFF212.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\MATTAN~1\AppData\Local\Temp\~DFF21C.tmp scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\nvcbin.def.DD0B6467.TMP scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05212008_131052 Files moved on Reboot... C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB5.tmp moved successfully. C:\Users\MATTAN~1\AppData\Local\Temp\Acr6EB7.tmp moved successfully. File C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC4B.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFBC83.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFA9.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFCFDF.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA64.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFDA6E.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFF212.tmp not found! File C:\Users\MATTAN~1\AppData\Local\Temp\~DFF21C.tmp not found! File move failed. C:\Windows\temp\nvcbin.def.DD0B6467.TMP scheduled to be moved on reboot. L' autre Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:24:35, on 21/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\conime.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\Trend Micro\HijackThis\Mattanoll.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 8161 bytes Voila le dernier rapport arrive bientôt Et pour le fichier Wolfestein.exe, c' est un jeu en résau

Désolé pour le retard , je n' avais pas vu la réponse. J' ai fait le mode sans echec et arrivé sur le bureau quand j' ai glissé déposé le CFScript sur Combofix, il a commencé l' analyse et mon ordi c' est éteint. Je l' ai quand même fait mais sans le glissé déposé de CFScript Voici le rapport ComboFix 08-05-15.3 - Mattanoll 2008-05-20 21:05:24.2 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.643 [GMT 2:00] Endroit: C:\Users\Mattanoll\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\ltdevccf.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 18:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 18:04 --------- d-----w C:\ProgramData\Malwarebytes 2008-05-19 10:15 --------- d-----w C:\ProgramData\eMule 2008-05-19 10:15 --------- d-----w C:\Program Files\eMule 2008-05-19 09:06 --------- d-----w C:\Program Files\Trend Micro 2008-05-18 14:13 --------- d-----w C:\Program Files\IObit 2008-05-18 10:25 --------- d-----w C:\ProgramData\Lavasoft 2008-05-18 10:23 --------- d-----w C:\Program Files\Lavasoft 2008-05-18 10:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:42 --------- d-----w C:\Program Files\Riva 2008-05-17 10:42 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-05-15 20:27 --------- d-----w C:\Program Files\VirtualDJ 2008-05-15 20:27 --------- d-----w C:\Program Files\CCleaner 2008-05-14 21:52 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 12:18 --------- d-----w C:\Program Files\UnHackMe 2008-05-12 23:05 91,264 ------w C:\Windows\System32\ugmjyula.dll 2008-05-12 15:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-05-12 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-12 14:09 --------- d-----w C:\Program Files\a-squared Free 2008-05-12 11:04 91,264 ------w C:\Windows\System32\uvmirvvc.dll 2008-05-09 08:11 --------- d-----w C:\Program Files\Audacity 2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys 2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-05-02 17:04 --------- d-----w C:\Program Files\Safari 2008-05-02 17:01 --------- d-----w C:\Program Files\Apple Software Update 2008-04-28 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-28 19:34 --------- d-----w C:\Program Files\Hercules 2008-04-27 17:25 --------- d-----w C:\Program Files\Neuf 2008-04-26 14:22 --------- d-----w C:\ProgramData\WindowsSearch 2008-04-26 11:49 --------- d-----w C:\Program Files\Pack Securite 2008-04-26 11:45 --------- d-----w C:\ProgramData\fssg 2008-04-26 10:37 --------- d---a-w C:\Program Files\Propellerhead 2008-04-26 09:57 --------- d-----w C:\Program Files\Roxio 2008-04-26 09:57 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-04-26 09:56 --------- d-----w C:\ProgramData\Roxio 2008-04-26 09:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-04-26 08:49 --------- d-----w C:\Program Files\Line6 2008-04-21 21:27 --------- d-----w C:\Program Files\SendBlaster 2008-04-21 21:22 --------- d-----w C:\Program Files\Samsung 2008-04-21 21:12 --------- d-----w C:\Program Files\Image-Line 2008-04-20 13:24 --------- d-----w C:\Program Files\M-Audio 2008-04-19 21:39 --------- d-----w C:\Program Files\Evolution 2008-04-10 13:27 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys 2008-04-10 11:59 --------- d-----w C:\ProgramData\F-Secure 2008-04-10 11:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-10 11:54 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-07 14:55 --------- d-----w C:\Program Files\BonkEnc 2008-04-07 13:55 --------- d-----w C:\ProgramData\Apple Computer 2008-04-05 09:38 --------- d-----w C:\Program Files\TextAloud 2008-04-05 09:27 --------- d-----w C:\Program Files\Google 2008-04-05 09:19 --------- d-----w C:\Program Files\Flash Demo Builder 1.2 2008-04-05 09:17 --------- d-----w C:\ProgramData\Ciel 2008-04-04 20:38 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7 2008-04-04 17:02 --------- d-----w C:\Program Files\iTunes 2008-04-04 17:02 --------- d-----w C:\Program Files\iPod 2008-04-04 17:00 --------- d-----w C:\Program Files\QuickTime 2008-04-03 12:06 --------- d-----w C:\Program Files\MSN Messenger 2008-04-03 12:06 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-01 11:12 691,545 ----a-w C:\Windows\unins000.exe 2008-03-28 20:43 --------- d-----w C:\ProgramData\Adobe Systems 2008-03-28 20:31 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-28 20:30 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-03-23 17:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 23:03 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 22:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-19 22:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-19 21:22 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-19 21:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-01-26 16:13 480,848 ----a-w C:\Users\All Users\pswi_preloaded.exe 2008-01-26 16:13 480,848 ----a-w C:\ProgramData\pswi_preloaded.exe 2007-09-29 10:28 4,310,776 ----a-w C:\Program Files\MobilePre_V32_5.10.00.5099.exe 2007-07-24 16:29 2,863 ----a-w C:\Program Files\RegisterReaktor.html 2007-07-19 23:41 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe 2007-07-19 21:25 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe 2007-07-19 17:06 270,305,943 ----a-w C:\Program Files\Wolfestein.exe 2007-07-19 15:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat 2008-02-05 19:45 168 --sh--r C:\Windows\System32\6136618B3C.sys 2008-02-05 19:45 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-19_18.51.44.76 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-19 16:45:59 67,584 ----a-w C:\Windows\bootstat.dat + 2008-05-20 19:04:12 67,584 ----a-w C:\Windows\bootstat.dat - 2008-05-19 16:46:20 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-20 16:22:32 1,572,864 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-05-19 16:46:16 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-19 20:53:54 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-05-19 16:46:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-19 17:36:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-19 16:46:29 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-19 17:36:29 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-19 16:46:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-19 17:36:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-04-27 14:55:19 539,240 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-05-19 20:52:15 539,240 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-05-19 16:22:21 12,708 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3041004508-859247823-45256752-1003_UserData.bin + 2008-05-19 20:54:48 13,028 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3041004508-859247823-45256752-1003_UserData.bin - 2008-05-19 16:28:56 95,250 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-19 20:54:48 14,612 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-19 08:42:32 425,036 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-05-20 05:21:59 425,920 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}] C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "removecpl"="RemoveCpl.exe" [] "0845b171"="C:\Windows\system32\fccvedtl.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31 10134] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= ma_cmidn.dll "midi2"= ma_cmidn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C8B1A925-EBEA-4FAC-87E5-C100ED2EFAA8}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{AFBF5393-4EC4-447A-8BCC-A1E3ED68972B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{56342156-ADD0-43BD-8F38-C1F08E7D661E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{D6E2071B-1989-4AC3-97BE-85EF2440FEBA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B8152DF-70FD-4F5E-8E8C-28E7DEEE7E50}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{3537FE1E-C34F-417B-98B4-286477BDA53B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{945B3F98-6199-4DA5-BCD5-BB9071E9D08C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{4D14A297-B495-4CB7-9A9C-2C82BDB807FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B2AAAA2-B220-46F8-BEA1-B5A73E949C9D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{87E2715D-F3EB-41D0-891D-3C513CADC131}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{098BD692-FDF0-4EF7-A059-26E8264915F2}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{5A20CA79-9254-4990-8F8A-78CE7D773AB9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{8F88BF62-4B95-4004-89B3-928053736D8E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F466810E-055D-46BB-895B-5A56DCF80082}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus.sys [2007-01-04 19:06] S1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-04-10 15:27] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07] S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48] S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 10:23] S3 mfwagsif;MOTU Audio GSIF;C:\Windows\system32\drivers\mfwagsif.sys [2007-01-04 19:06] S3 mfwamidi;MOTU Audio MIDI;C:\Windows\system32\drivers\mfwamidi.sys [2007-01-04 19:06] S3 mfwawave;MOTU Audio Wave;C:\Windows\system32\drivers\mfwawave.sys [2007-01-04 19:05] S3 MotuFWA;MotuFWA;C:\Windows\system32\drivers\motufwa.sys [2007-01-04 19:06] S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01] S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}] \shell\AutoRun\command - K:\Autorun.exe *Newly Created Service* - ECACHE . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-19 20:12:06 C:\Windows\Tasks\User_Feed_Synchronization-{CF198DCE-5B92-49F7-AD74-887FEFAFA03C}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 21:09:17 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\ Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-20 21:13:21 ComboFix-quarantined-files.txt 2008-05-20 19:13:19 ComboFix2.txt 2008-05-19 16:52:47 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. 217 --- E O F --- 2008-05-17 08:29:55

Ayez c' est fait:) Deckard's System Scanner v20071014.68 Run by Mattanoll on 2008-05-19 22:05:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 1015 MiB (1024 MiB recommended). -- HijackThis (run as Mattanoll.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:05, on 2008-05-19 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Mattanoll\Desktop\dss.exe C:\PROGRA~1\Trend Micro\HijackThis\Mattanoll.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A} - C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [0845b171] rundll32.exe "C:\Windows\system32\fccvedtl.dll",b O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 9036 bytes -- Files created between 2008-04-19 and 2008-05-19 ----------------------------- 2008-05-19 20:04:57 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-19 19:51:22 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-05-19 18:37:08 68096 --a------ C:\Windows\zip.exe 2008-05-19 18:37:08 49152 --a------ C:\Windows\VFind.exe 2008-05-19 18:37:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-05-19 18:37:08 98816 --a------ C:\Windows\sed.exe 2008-05-19 18:37:08 80412 --a------ C:\Windows\grep.exe 2008-05-19 18:37:08 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-05-19 18:36:51 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-05-19 11:06:35 0 d-------- C:\Program Files\Trend Micro 2008-05-18 16:13:04 0 d-------- C:\Program Files\IObit 2008-05-17 12:42:36 0 d-------- C:\Program Files\Riva 2008-05-13 01:05:34 91264 -----n--- C:\Windows\system32\ugmjyula.dll 2008-05-12 13:04:31 91264 -----n--- C:\Windows\system32\uvmirvvc.dll 2008-05-12 12:58:07 1 --a------ C:\Windows\system32\kr_done1de 2008-05-11 01:35:31 2 -rahs-o-t C:\Windows\winstart.bat 2008-05-11 01:31:15 153088 --a------ C:\Windows\system32\UNRAR3.dll 2008-05-11 01:31:15 75264 --a------ C:\Windows\system32\unacev2.dll 2008-05-09 09:36:59 0 d-------- C:\Program Files\Audacity 2008-05-02 19:01:40 0 d-------- C:\Program Files\Apple Software Update 2008-04-28 21:34:20 0 d-------- C:\Program Files\Hercules 2008-04-27 12:54:21 0 d-------- C:\Program Files\a-squared Free 2008-04-26 13:01:07 0 d-------- C:\Windows\BDOSCAN8 2008-04-20 15:24:34 86016 --a------ C:\Windows\system32\MA_CMIDN.DLL <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface> 2008-04-20 15:24:32 21888 --a------ C:\Windows\system32\drivers\MA_CMIDI.SYS <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface> 2008-04-20 15:24:29 22208 --a------ C:\Windows\system32\drivers\USBMN1X1.SYS <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface> 2008-04-20 15:24:28 82944 --a------ C:\Windows\system32\USBMN1X1.DLL <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface> 2008-04-20 15:24:27 13504 --a------ C:\Windows\system32\drivers\USB11LDR.SYS <Not Verified; MIDIMAN; Midiman USB MidiSport 1x1 Loader> 2008-04-20 15:24:27 0 d-------- C:\Program Files\M-Audio 2008-04-19 23:39:38 0 d-------- C:\Program Files\Evolution -- Find3M Report --------------------------------------------------------------- 2008-05-19 12:25:00 685420 --a------ C:\Windows\system32\perfh00C.dat 2008-05-19 12:25:00 130782 --a------ C:\Windows\system32\perfc00C.dat 2008-05-19 12:15:36 0 d-------- C:\Program Files\eMule 2008-05-18 12:23:44 0 d-------- C:\Program Files\Lavasoft 2008-05-18 12:20:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 12:42:47 0 d-------- C:\Program Files\Common Files\SWF Studio 2008-05-15 22:27:39 0 d-------- C:\Program Files\VirtualDJ 2008-05-15 22:27:39 0 d-------- C:\Program Files\CCleaner 2008-05-14 23:52:02 0 d-------- C:\Program Files\Windows Mail 2008-05-02 19:04:28 0 d-------- C:\Program Files\Safari 2008-04-28 21:34:17 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-27 19:25:04 0 d-------- C:\Program Files\Neuf 2008-04-27 16:57:13 8224 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2008-04-26 13:49:45 0 d-------- C:\Program Files\Pack Securite 2008-04-26 12:37:22 0 d-a------ C:\Program Files\Propellerhead 2008-04-26 11:57:39 0 d-------- C:\Program Files\Roxio 2008-04-26 11:57:39 0 d-------- C:\Program Files\Common Files\Sonic Shared 2008-04-26 11:57:38 0 d-------- C:\Program Files\Common Files 2008-04-26 11:56:37 0 d-------- C:\Program Files\Common Files\Roxio Shared 2008-04-26 10:49:16 0 d-------- C:\Program Files\Line6 2008-04-21 23:27:01 0 d-------- C:\Program Files\SendBlaster 2008-04-21 23:22:14 0 d-------- C:\Program Files\Samsung 2008-04-21 23:12:24 0 d-------- C:\Program Files\Image-Line 2008-04-10 13:55:07 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-04-10 13:54:21 0 d-------- C:\Program Files\Windows Live Safety Center 2008-04-07 16:55:13 0 d-------- C:\Program Files\BonkEnc 2008-04-05 11:38:59 0 d-------- C:\Program Files\TextAloud 2008-04-05 11:27:00 0 d-------- C:\Program Files\Google 2008-04-05 11:19:42 0 d-------- C:\Program Files\Flash Demo Builder 1.2 2008-04-04 22:38:21 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7 2008-04-04 19:02:28 0 d-------- C:\Program Files\iTunes 2008-04-04 19:02:19 0 d-------- C:\Program Files\iPod 2008-04-04 19:00:31 0 d-------- C:\Program Files\QuickTime 2008-04-03 14:06:03 0 d-------- C:\Program Files\MSN Messenger 2008-04-03 14:06:02 0 d-------- C:\Program Files\Messenger Plus! Live 2008-04-01 21:04:36 16 --a------ C:\Windows\msocreg32.dat 2008-04-01 13:21:37 2551 --a------ C:\Windows\unins000.dat 2008-04-01 13:12:39 691545 --a------ C:\Windows\unins000.exe 2008-03-28 22:31:07 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-28 22:30:21 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-20 01:03:07 174 --ahs---- C:\Program Files\desktop.ini 2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Sidebar 2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Calendar 2008-03-20 00:49:26 0 d-------- C:\Program Files\Movie Maker 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Photo Gallery 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Journal 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Collaboration 2008-03-20 00:49:24 0 d-------- C:\Program Files\Windows Defender 2008-03-19 23:22:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-03-04 00:11:45 66 --a------ C:\Windows\system32\IPPROTIDE.SYS -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}] C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38] "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12] "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10] "removecpl"="RemoveCpl.exe" [] "0845b171"="C:\Windows\system32\fccvedtl.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16] MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}] AutoRun\command- K:\Autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-05-19 22:06:11 ------------

non il n' y a que les deux que j' ai envoyé

Le Pc Marche nikel c' est super voici les rapports dans l' ordre pushd "C:\327882R2FWJFW\" ============================================= ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Mattanoll\AppData\Roaming cfldr=327882R2FWJFW CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC-DE-MATTANOLL ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Mattanoll kmd=CF6257.exe LOCALAPPDATA=C:\Users\Mattanoll\AppData\Local LOGONSERVER=\\PC-DE-MATTANOLL NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\327882R2FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem PATHEXT=.cfexe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0604 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$ PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console sfxname=C:\Users\Mattanoll\Downloads\ComboFix.exe system=C:\Windows\system32 SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\MATTAN~1\AppData\Local\Temp TMP=C:\Users\MATTAN~1\AppData\Local\Temp USERDOMAIN=PC-de-MattAnoll USERNAME=Mattanoll USERPROFILE=C:\Users\Mattanoll windir=C:\Windows ============================================= if not defined sfxname goto END Nircmd win close ititle "ComboFix" If [C:\Users\Mattanoll\Downloads\CFScript.txt] == [] Set "SfxCmd=" if /I "C:\327882R2FWJFW" NEQ "C:\327882R2FWJFW" goto Abort if exist "C:\Users\MATTAN~1\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log" del "C:\Users\MATTAN~1\AppData\Local\Temp\327882R2FWJFW327882R2FWJFW.log" SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © Ownerchange for "C:\Windows\system32\cmd.exe" to Administrators group was successful copy /y "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF6257.exe" 1 fichier(s) copi‚(s). if not exist "C:\Windows\system32\CF6257.exe" catchme -l nul -c "C:\Windows\system32\cmd.exe" "C:\Windows\system32\CF6257.exe" For /F "tokens=*" %g in ("C:\Users\Mattanoll\Downloads\ComboFix.exe") do @( set "FileName=%~ng" set "FilePath=%~dpg" ) Set FileName 2>nul | GREP -Gisqx "FileName=[-[:alnum:]@.]*" || ( nircmd infobox "You cannot rename ComboFix as ComboFix~n~nPlease use another name, preferbaly made up of alphanumeric characters" "" goto END ) DIR /AD/B C:\* | FindStr.exe -IVX ComboFix 1>dirname00 FindStr.exe -LIXC:"ComboFix" dirname00 1>nul && call :NameChk If exist dirname0? del /Q dirname0? If exist "\ComboFix" DIR /AD "\ComboFix" 1>nul && ( rd /s/q "\ComboFix" If exist "\ComboFix" ( PV -kf findstr.exe *.cfexe rd /s/q "\ComboFix" ) If exist "\ComboFix" ( handle "C:\ComboFix" | SED -r "/pid:/!d; s/.*: (.*): .*/\1/" 1>temp00 for /F "tokens=1,2" %g in (temp00) do @echo.y | Handle -p %g -c %h del /q temp00 rd /s/q "\ComboFix" ) ) If exist "\ComboFix" rd /s/q "\ComboFix" If exist "\ComboFix" goto :eof VER | Findstr.exe -ic:"[Version 6.0" && (Call :Vista ) || Microsoft Windows [version 6.0.6001] type nul 1>Vista.mac swxcacls "C:\Windows\system32\cmd.exe" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q swxcacls "C:\Windows\system32\cmd.exe" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q swreg query "hkcu\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>MUI00 swreg query "hku\.default\control panel\international" /v localename | SED "/.*\t/!d;s///" 1>>MUI00 SED -r "$!N; /^(.*)\n\1$/!P; D" MUI00 1>MUI01 For /F "tokens=*" %g in (MUI01) do @if exist "C:\Windows\system32\%~g\cmd.exe.mui" ( swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /oa /q swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /p /ga:f /gs:f /gp:x /gu:x /q Copy /y "C:\Windows\system32\%~g\cmd.exe.mui" "C:\Windows\system32\en-us\CF6257.exe.mui" swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /ga:x /gs:x /gp:x /gu:x /q swxcacls "C:\Windows\system32\%~g\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /q ) SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © Ownerchange for "C:\Windows\system32\fr-FR\cmd.exe.mui" to Administrators group was successful 1 fichier(s) copi‚(s). GREP -sq . MUI01 && ( del /q MUI0? 2>nul goto :eof ) CD .. Set "comspec=C:\Windows\system32\CF6257.exe" ( echo.md "\ComboFix" echo.Move /y "\327882R2FWJFW\*" "\ComboFix" echo.RD /S/Q "\327882R2FWJFW" echo.Start "." /d"C:\ComboFix" "C:\Windows\system32\CF6257.exe" /k c.bat echo.pv -kf cmd.exe ) 1>Start_.cmd NirCmd exec hide "C:\Windows\system32\CF6257.exe" /f:off /d /c call Start_.cmd NirCmd execmd del "\327882R2FWJFW\prep.cmd" EXIT Et L' autre ComboFix 08-05-15.3 - Mattanoll 2008-05-19 18:38:34.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.242 [GMT 2:00] Endroit: C:\Users\Mattanoll\Downloads\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\834668\834668.dll C:\Windows\system32\ahanknol.ini C:\Windows\system32\aluyjmgu.ini C:\Windows\system32\cvvrimvu.ini C:\Windows\system32\ltdevccf.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\msvcsv60.dll C:\Windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))))))) . 2008-05-19 18:46 . 2008-05-19 18:46 294 ---hs---- C:\Windows\System32\ltdevccf.ini 2008-05-19 11:45 . 2008-05-19 11:45 <REP> d-------- C:\Deckard 2008-05-19 11:06 . 2008-05-19 11:06 <REP> d-------- C:\Program Files\Trend Micro 2008-05-18 16:13 . 2008-05-18 16:13 <REP> d-------- C:\Program Files\IObit 2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\Users\All Users\Lavasoft 2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\ProgramData\Lavasoft 2008-05-17 12:42 . 2008-05-17 12:42 <REP> d-------- C:\Program Files\Riva 2008-05-16 06:53 . 2008-05-16 06:53 91,264 --a------ C:\Windows\System32\fccvedtl.dll 2008-05-13 01:05 . 2008-05-13 01:05 91,264 --------- C:\Windows\System32\ugmjyula.dll 2008-05-13 01:03 . 2008-05-16 06:48 159,221,886 --a------ C:\Windows\MEMORY.DMP 2008-05-12 13:04 . 2008-05-12 13:04 91,264 --------- C:\Windows\System32\uvmirvvc.dll 2008-05-12 12:58 . 2008-05-12 12:58 1 --a------ C:\Windows\System32\kr_done1de 2008-05-12 12:50 . 2008-05-19 18:42 <REP> d-------- C:\Windows\System32\834668 2008-05-11 01:35 . 2008-05-14 14:18 <REP> d-------- C:\Program Files\UnHackMe 2008-05-11 01:35 . C:\Windows\(2) C:\ComboFix\winstart.bat 2008-05-11 01:31 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll 2008-05-11 01:31 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll 2008-05-09 09:36 . 2008-05-09 10:11 <REP> d-------- C:\Program Files\Audacity 2008-05-02 19:01 . 2008-05-02 19:01 <REP> d-------- C:\Program Files\Apple Software Update 2008-04-28 21:34 . 2008-04-28 21:34 <REP> d-------- C:\Program Files\Hercules 2008-04-28 21:33 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys 2008-04-27 12:54 . 2008-05-12 16:09 <REP> d-------- C:\Program Files\a-squared Free 2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\ProgramData\WindowsSearch 2008-04-26 13:01 . 2008-04-26 13:01 <REP> d-------- C:\Windows\BDOSCAN8 2008-04-20 15:24 . 2008-04-20 15:24 <REP> d-------- C:\Program Files\M-Audio 2008-04-20 15:24 . 2006-08-16 10:23 86,016 --a------ C:\Windows\System32\MA_CMIDN.DLL 2008-04-20 15:24 . 2006-08-16 10:24 82,944 --a------ C:\Windows\System32\USBMN1X1.DLL 2008-04-20 15:24 . 2006-08-16 10:24 22,208 --a------ C:\Windows\System32\drivers\USBMN1X1.SYS 2008-04-20 15:24 . 2006-08-16 10:23 21,888 --a------ C:\Windows\System32\drivers\MA_CMIDI.SYS 2008-04-20 15:24 . 2006-08-16 10:24 13,504 --a------ C:\Windows\System32\drivers\USB11LDR.SYS 2008-04-19 23:39 . 2008-04-19 23:39 <REP> d-------- C:\Program Files\Evolution . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 10:15 --------- d-----w C:\ProgramData\eMule 2008-05-19 10:15 --------- d-----w C:\Program Files\eMule 2008-05-18 10:23 --------- d-----w C:\Program Files\Lavasoft 2008-05-18 10:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:42 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-05-15 20:27 --------- d-----w C:\Program Files\VirtualDJ 2008-05-15 20:27 --------- d-----w C:\Program Files\CCleaner 2008-05-14 21:52 --------- d-----w C:\Program Files\Windows Mail 2008-05-12 15:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-05-12 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-02 17:04 --------- d-----w C:\Program Files\Safari 2008-04-28 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 17:25 --------- d-----w C:\Program Files\Neuf 2008-04-26 11:49 --------- d-----w C:\Program Files\Pack Securite 2008-04-26 11:45 --------- d-----w C:\ProgramData\fssg 2008-04-26 10:37 --------- d---a-w C:\Program Files\Propellerhead 2008-04-26 09:57 --------- d-----w C:\Program Files\Roxio 2008-04-26 09:57 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-04-26 09:56 --------- d-----w C:\ProgramData\Roxio 2008-04-26 09:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-04-26 08:49 --------- d-----w C:\Program Files\Line6 2008-04-21 21:27 --------- d-----w C:\Program Files\SendBlaster 2008-04-21 21:22 --------- d-----w C:\Program Files\Samsung 2008-04-21 21:12 --------- d-----w C:\Program Files\Image-Line 2008-04-10 13:27 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys 2008-04-10 11:59 --------- d-----w C:\ProgramData\F-Secure 2008-04-10 11:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-10 11:54 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-07 14:55 --------- d-----w C:\Program Files\BonkEnc 2008-04-07 13:55 --------- d-----w C:\ProgramData\Apple Computer 2008-04-05 09:38 --------- d-----w C:\Program Files\TextAloud 2008-04-05 09:27 --------- d-----w C:\Program Files\Google 2008-04-05 09:19 --------- d-----w C:\Program Files\Flash Demo Builder 1.2 2008-04-05 09:17 --------- d-----w C:\ProgramData\Ciel 2008-04-04 20:38 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7 2008-04-04 17:02 --------- d-----w C:\Program Files\iTunes 2008-04-04 17:02 --------- d-----w C:\Program Files\iPod 2008-04-04 17:00 --------- d-----w C:\Program Files\QuickTime 2008-04-03 12:06 --------- d-----w C:\Program Files\MSN Messenger 2008-04-03 12:06 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-01 11:12 691,545 ----a-w C:\Windows\unins000.exe 2008-03-28 20:43 --------- d-----w C:\ProgramData\Adobe Systems 2008-03-28 20:31 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-28 20:30 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-03-23 17:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 23:03 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Journal 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Defender 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Calendar 2008-03-19 22:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-19 22:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-19 21:22 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-19 21:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-01-26 16:13 480,848 ----a-w C:\Users\All Users\pswi_preloaded.exe 2008-01-26 16:13 480,848 ----a-w C:\ProgramData\pswi_preloaded.exe 2007-09-29 10:28 4,310,776 ----a-w C:\Program Files\MobilePre_V32_5.10.00.5099.exe 2007-07-24 16:29 2,863 ----a-w C:\Program Files\RegisterReaktor.html 2007-07-19 23:41 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe 2007-07-19 21:25 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe 2007-07-19 17:06 270,305,943 ----a-w C:\Program Files\Wolfestein.exe 2007-07-19 15:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat 2008-02-05 19:45 168 --sh--r C:\Windows\System32\6136618B3C.sys 2008-02-05 19:45 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}] C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22 171448] "0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208] "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208] "removecpl"="RemoveCpl.exe" [] "0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31 10134] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= ma_cmidn.dll "midi2"= ma_cmidn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C8B1A925-EBEA-4FAC-87E5-C100ED2EFAA8}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{AFBF5393-4EC4-447A-8BCC-A1E3ED68972B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{56342156-ADD0-43BD-8F38-C1F08E7D661E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{D6E2071B-1989-4AC3-97BE-85EF2440FEBA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B8152DF-70FD-4F5E-8E8C-28E7DEEE7E50}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{3537FE1E-C34F-417B-98B4-286477BDA53B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{945B3F98-6199-4DA5-BCD5-BB9071E9D08C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{4D14A297-B495-4CB7-9A9C-2C82BDB807FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B2AAAA2-B220-46F8-BEA1-B5A73E949C9D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{87E2715D-F3EB-41D0-891D-3C513CADC131}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{098BD692-FDF0-4EF7-A059-26E8264915F2}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{5A20CA79-9254-4990-8F8A-78CE7D773AB9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{8F88BF62-4B95-4004-89B3-928053736D8E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F466810E-055D-46BB-895B-5A56DCF80082}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-04-10 15:27] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48] R3 mfwagsif;MOTU Audio GSIF;C:\Windows\system32\drivers\mfwagsif.sys [2007-01-04 19:06] R3 mfwamidi;MOTU Audio MIDI;C:\Windows\system32\drivers\mfwamidi.sys [2007-01-04 19:06] R3 mfwawave;MOTU Audio Wave;C:\Windows\system32\drivers\mfwawave.sys [2007-01-04 19:05] R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus.sys [2007-01-04 19:06] R3 MotuFWA;MotuFWA;C:\Windows\system32\drivers\motufwa.sys [2007-01-04 19:06] R3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01] S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30] S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 10:23] S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}] \shell\AutoRun\command - K:\Autorun.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-18 19:31:22 C:\Windows\Tasks\User_Feed_Synchronization-{CF198DCE-5B92-49F7-AD74-887FEFAFA03C}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:46:35 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\ Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\fccvedtl.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-19 18:52:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 16:52:36 Pre-Run: 25,427,009,536 octets libres Post-Run: 25,162,919,936 octets libres 262 --- E O F --- 2008-05-17 08:29:55 Et aussi celui la ComboFix-quarantined-files.txt 2004-04-30 18:01 53 --a------ C:\Qoobox\Quarantine\D\autorun.inf.vir 2008-04-01 21:04 16 --a------ C:\Qoobox\Quarantine\C\Windows\System32\msvcsv60.dll.vir 2008-05-12 12:50 13824 --a------ C:\Qoobox\Quarantine\C\Windows\System32\834668\834668.dll.vir 2008-05-12 13:58 1505043 --a------ C:\Qoobox\Quarantine\C\Windows\System32\cvvrimvu.ini.vir 2008-05-14 14:24 143 --a------ C:\Qoobox\Quarantine\C\Windows\System32\mcrh.tmp.vir 2008-05-15 06:52 2866676 --a------ C:\Qoobox\Quarantine\C\Windows\System32\aluyjmgu.ini.vir 2008-05-15 19:27 2608294 --a------ C:\Qoobox\Quarantine\C\Windows\System32\ahanknol.ini.vir 2008-05-19 18:38 1448539 --a------ C:\Qoobox\Quarantine\C\Windows\System32\ltdevccf.ini.vir 2008-05-19 18:42 54 --a------ C:\Qoobox\Quarantine\catchme.log

Voici Le rapport de malwarebytes Malwarebytes' Anti-Malware 1.12 Version de la base de données: 768 Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|L:\|) Eléments examinés: 276204 Temps écoulé: 1 hour(s), 14 minute(s), 19 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Windows\System32\834668 (Trojan.BHO) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\QooBox\Quarantine\C\Windows\System32\834668\834668.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.

Re Quand j' applique la première étape avec le combo fix, il commence a scanner et d' un coup mon ordi sé éteint et m' affiche un écran bleu

OUps Petit problème quand je clik sur le lien, il m' envoie sur une page blanche avec écrit HTTP/1.0 404 Not Found je ne sais pas comment faire:s a non c' est bon sayez désolé

Re Votre professionnalisme et votre rapidité est remarquable Voici le rapport ComboFix 08-05-15.3 - Mattanoll 2008-05-19 18:38:34.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.242 [GMT 2:00] Endroit: C:\Users\Mattanoll\Downloads\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\834668\834668.dll C:\Windows\system32\ahanknol.ini C:\Windows\system32\aluyjmgu.ini C:\Windows\system32\cvvrimvu.ini C:\Windows\system32\ltdevccf.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\msvcsv60.dll C:\Windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))))))) . 2008-05-19 18:46 . 2008-05-19 18:46 294 ---hs---- C:\Windows\System32\ltdevccf.ini 2008-05-19 11:45 . 2008-05-19 11:45 <REP> d-------- C:\Deckard 2008-05-19 11:06 . 2008-05-19 11:06 <REP> d-------- C:\Program Files\Trend Micro 2008-05-18 16:13 . 2008-05-18 16:13 <REP> d-------- C:\Program Files\IObit 2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\Users\All Users\Lavasoft 2008-05-18 12:23 . 2008-05-18 12:25 <REP> d-------- C:\ProgramData\Lavasoft 2008-05-17 12:42 . 2008-05-17 12:42 <REP> d-------- C:\Program Files\Riva 2008-05-16 06:53 . 2008-05-16 06:53 91,264 --a------ C:\Windows\System32\fccvedtl.dll 2008-05-13 01:05 . 2008-05-13 01:05 91,264 --------- C:\Windows\System32\ugmjyula.dll 2008-05-13 01:03 . 2008-05-16 06:48 159,221,886 --a------ C:\Windows\MEMORY.DMP 2008-05-12 13:04 . 2008-05-12 13:04 91,264 --------- C:\Windows\System32\uvmirvvc.dll 2008-05-12 12:58 . 2008-05-12 12:58 1 --a------ C:\Windows\System32\kr_done1de 2008-05-12 12:50 . 2008-05-19 18:42 <REP> d-------- C:\Windows\System32\834668 2008-05-11 01:35 . 2008-05-14 14:18 <REP> d-------- C:\Program Files\UnHackMe 2008-05-11 01:35 . C:\Windows\(2) C:\ComboFix\winstart.bat 2008-05-11 01:31 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll 2008-05-11 01:31 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll 2008-05-09 09:36 . 2008-05-09 10:11 <REP> d-------- C:\Program Files\Audacity 2008-05-02 19:01 . 2008-05-02 19:01 <REP> d-------- C:\Program Files\Apple Software Update 2008-04-28 21:34 . 2008-04-28 21:34 <REP> d-------- C:\Program Files\Hercules 2008-04-28 21:33 . 2007-01-31 17:01 256,000 --a------ C:\Windows\System32\drivers\netr73.sys 2008-04-27 12:54 . 2008-05-12 16:09 <REP> d-------- C:\Program Files\a-squared Free 2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-04-26 16:22 . 2008-04-26 16:22 <REP> d-------- C:\ProgramData\WindowsSearch 2008-04-26 13:01 . 2008-04-26 13:01 <REP> d-------- C:\Windows\BDOSCAN8 2008-04-20 15:24 . 2008-04-20 15:24 <REP> d-------- C:\Program Files\M-Audio 2008-04-20 15:24 . 2006-08-16 10:23 86,016 --a------ C:\Windows\System32\MA_CMIDN.DLL 2008-04-20 15:24 . 2006-08-16 10:24 82,944 --a------ C:\Windows\System32\USBMN1X1.DLL 2008-04-20 15:24 . 2006-08-16 10:24 22,208 --a------ C:\Windows\System32\drivers\USBMN1X1.SYS 2008-04-20 15:24 . 2006-08-16 10:23 21,888 --a------ C:\Windows\System32\drivers\MA_CMIDI.SYS 2008-04-20 15:24 . 2006-08-16 10:24 13,504 --a------ C:\Windows\System32\drivers\USB11LDR.SYS 2008-04-19 23:39 . 2008-04-19 23:39 <REP> d-------- C:\Program Files\Evolution . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-19 10:15 --------- d-----w C:\ProgramData\eMule 2008-05-19 10:15 --------- d-----w C:\Program Files\eMule 2008-05-18 10:23 --------- d-----w C:\Program Files\Lavasoft 2008-05-18 10:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:42 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-05-15 20:27 --------- d-----w C:\Program Files\VirtualDJ 2008-05-15 20:27 --------- d-----w C:\Program Files\CCleaner 2008-05-14 21:52 --------- d-----w C:\Program Files\Windows Mail 2008-05-12 15:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-05-12 14:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-02 17:04 --------- d-----w C:\Program Files\Safari 2008-04-28 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 17:25 --------- d-----w C:\Program Files\Neuf 2008-04-26 11:49 --------- d-----w C:\Program Files\Pack Securite 2008-04-26 11:45 --------- d-----w C:\ProgramData\fssg 2008-04-26 10:37 --------- d---a-w C:\Program Files\Propellerhead 2008-04-26 09:57 --------- d-----w C:\Program Files\Roxio 2008-04-26 09:57 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-04-26 09:56 --------- d-----w C:\ProgramData\Roxio 2008-04-26 09:56 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-04-26 08:49 --------- d-----w C:\Program Files\Line6 2008-04-21 21:27 --------- d-----w C:\Program Files\SendBlaster 2008-04-21 21:22 --------- d-----w C:\Program Files\Samsung 2008-04-21 21:12 --------- d-----w C:\Program Files\Image-Line 2008-04-10 13:27 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys 2008-04-10 11:59 --------- d-----w C:\ProgramData\F-Secure 2008-04-10 11:55 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-10 11:54 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-07 14:55 --------- d-----w C:\Program Files\BonkEnc 2008-04-07 13:55 --------- d-----w C:\ProgramData\Apple Computer 2008-04-05 09:38 --------- d-----w C:\Program Files\TextAloud 2008-04-05 09:27 --------- d-----w C:\Program Files\Google 2008-04-05 09:19 --------- d-----w C:\Program Files\Flash Demo Builder 1.2 2008-04-05 09:17 --------- d-----w C:\ProgramData\Ciel 2008-04-04 20:38 --------- d-----w C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7 2008-04-04 17:02 --------- d-----w C:\Program Files\iTunes 2008-04-04 17:02 --------- d-----w C:\Program Files\iPod 2008-04-04 17:00 --------- d-----w C:\Program Files\QuickTime 2008-04-03 12:06 --------- d-----w C:\Program Files\MSN Messenger 2008-04-03 12:06 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-01 11:12 691,545 ----a-w C:\Windows\unins000.exe 2008-03-28 20:43 --------- d-----w C:\ProgramData\Adobe Systems 2008-03-28 20:31 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-28 20:30 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-03-23 17:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-03-19 23:03 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Journal 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Defender 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Collaboration 2008-03-19 22:49 --------- d-----w C:\Program Files\Windows Calendar 2008-03-19 22:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-19 22:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-19 21:22 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-19 21:22 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-01-26 16:13 480,848 ----a-w C:\Users\All Users\pswi_preloaded.exe 2008-01-26 16:13 480,848 ----a-w C:\ProgramData\pswi_preloaded.exe 2007-09-29 10:28 4,310,776 ----a-w C:\Program Files\MobilePre_V32_5.10.00.5099.exe 2007-07-24 16:29 2,863 ----a-w C:\Program Files\RegisterReaktor.html 2007-07-19 23:41 4,301,387 ----a-w C:\Program Files\Shareaza_2.2.5.0.exe 2007-07-19 21:25 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe 2007-07-19 17:06 270,305,943 ----a-w C:\Program Files\Wolfestein.exe 2007-07-19 15:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat 2008-02-05 19:45 168 --sh--r C:\Windows\System32\6136618B3C.sys 2008-02-05 19:45 2,828 --sha-w C:\Windows\System32\KGyGaAvL.sys . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD1878DA-A3F4-41CA-B6D5-CCA78B71F00A}] C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 11:22 171448] "0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208] "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208] "removecpl"="RemoveCpl.exe" [] "0845b171"="C:\Windows\system32\fccvedtl.dll" [2008-05-16 06:53 91264] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [2007-12-26 16:36:31 10134] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"= ma_cmidn.dll "midi2"= ma_cmidn.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C8B1A925-EBEA-4FAC-87E5-C100ED2EFAA8}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{AFBF5393-4EC4-447A-8BCC-A1E3ED68972B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{56342156-ADD0-43BD-8F38-C1F08E7D661E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{D6E2071B-1989-4AC3-97BE-85EF2440FEBA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B8152DF-70FD-4F5E-8E8C-28E7DEEE7E50}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "UDP Query User{3537FE1E-C34F-417B-98B4-286477BDA53B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger "TCP Query User{945B3F98-6199-4DA5-BCD5-BB9071E9D08C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{4D14A297-B495-4CB7-9A9C-2C82BDB807FD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{1B2AAAA2-B220-46F8-BEA1-B5A73E949C9D}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{87E2715D-F3EB-41D0-891D-3C513CADC131}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{098BD692-FDF0-4EF7-A059-26E8264915F2}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{5A20CA79-9254-4990-8F8A-78CE7D773AB9}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{8F88BF62-4B95-4004-89B3-928053736D8E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F466810E-055D-46BB-895B-5A56DCF80082}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 1 (0x1) R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-04-10 15:27] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 20:08] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48] R3 mfwagsif;MOTU Audio GSIF;C:\Windows\system32\drivers\mfwagsif.sys [2007-01-04 19:06] R3 mfwamidi;MOTU Audio MIDI;C:\Windows\system32\drivers\mfwamidi.sys [2007-01-04 19:06] R3 mfwawave;MOTU Audio Wave;C:\Windows\system32\drivers\mfwawave.sys [2007-01-04 19:05] R3 motubus;MOTU Audio MIDI Extension;C:\Windows\system32\drivers\MotuBus.sys [2007-01-04 19:06] R3 MotuFWA;MotuFWA;C:\Windows\system32\drivers\motufwa.sys [2007-01-04 19:06] R3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01] S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30] S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 10:23] S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18:20] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}] \shell\AutoRun\command - K:\Autorun.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-18 19:31:22 C:\Windows\Tasks\User_Feed_Synchronization-{CF198DCE-5B92-49F7-AD74-887FEFAFA03C}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 18:46:35 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\ Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\fccvedtl.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Securite\Common\FSMA32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsgk32.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\Pack Securite\Common\FSMB32.EXE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Program Files\Pack Securite\Common\FCH32.EXE C:\Program Files\Pack Securite\Common\FAMEH32.EXE C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe C:\Program Files\Pack Securite\FSPC\fspc.exe C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe C:\Program Files\Pack Securite\FWES\program\fsdfwd.exe C:\Program Files\Pack Securite\FSAUA\program\fsus.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-19 18:52:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 16:52:36 Pre-Run: 25,427,009,536 octets libres Post-Run: 25,162,919,936 octets libres 262 --- E O F --- 2008-05-17 08:29:55

Re bonjour Merci pour cette réponse que je n' attendais pas aussi rapide:) J' ai fait ce que vous m' avez demandé et voici le rapport main.txt Deckard's System Scanner v20071014.68 Run by Mattanoll on 2008-05-19 12:25:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 1015 MiB (1024 MiB recommended). System Drive C: has 24.46 GiB (less than 15%) free. -- HijackThis (run as Mattanoll.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:14, on 19/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Pack Securite\Common\FSM32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Pack Securite\FSGUI\fsguidll.exe C:\Users\Mattanoll\Desktop\dss.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Trend Micro\HijackThis\Mattanoll.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [0845b171] rundll32.exe "C:\Windows\system32\fccvedtl.dll",b O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll,c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MOTU Pedal Handler.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing) O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing) O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) -- End of file - 9447 bytes -- Files created between 2008-04-19 and 2008-05-19 ----------------------------- 2008-05-19 11:06:35 0 d-------- C:\Program Files\Trend Micro 2008-05-18 16:13:04 0 d-------- C:\Program Files\IObit 2008-05-17 12:42:36 0 d-------- C:\Program Files\Riva 2008-05-16 06:53:09 91264 --a------ C:\Windows\system32\fccvedtl.dll 2008-05-13 01:05:34 91264 -----n--- C:\Windows\system32\ugmjyula.dll 2008-05-12 13:04:31 91264 -----n--- C:\Windows\system32\uvmirvvc.dll 2008-05-12 12:58:07 1 --a------ C:\Windows\system32\kr_done1de 2008-05-12 12:50:35 0 d-------- C:\Windows\system32\834668 2008-05-11 01:35:31 2 -rahs-o-t C:\Windows\winstart.bat 2008-05-11 01:31:15 153088 --a------ C:\Windows\system32\UNRAR3.dll 2008-05-11 01:31:15 75264 --a------ C:\Windows\system32\unacev2.dll 2008-05-09 09:36:59 0 d-------- C:\Program Files\Audacity 2008-05-02 19:01:40 0 d-------- C:\Program Files\Apple Software Update 2008-04-28 21:34:20 0 d-------- C:\Program Files\Hercules 2008-04-27 12:54:21 0 d-------- C:\Program Files\a-squared Free 2008-04-26 13:01:07 0 d-------- C:\Windows\BDOSCAN8 2008-04-20 15:24:34 86016 --a------ C:\Windows\system32\MA_CMIDN.DLL <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface> 2008-04-20 15:24:32 21888 --a------ C:\Windows\system32\drivers\MA_CMIDI.SYS <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface> 2008-04-20 15:24:29 22208 --a------ C:\Windows\system32\drivers\USBMN1X1.SYS <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface> 2008-04-20 15:24:28 82944 --a------ C:\Windows\system32\USBMN1X1.DLL <Not Verified; M-Audio; M-Audio USB Midi 1x1 Midi Interface> 2008-04-20 15:24:27 13504 --a------ C:\Windows\system32\drivers\USB11LDR.SYS <Not Verified; MIDIMAN; Midiman USB MidiSport 1x1 Loader> 2008-04-20 15:24:27 0 d-------- C:\Program Files\M-Audio 2008-04-19 23:39:38 0 d-------- C:\Program Files\Evolution -- Find3M Report --------------------------------------------------------------- 2008-05-19 12:25:00 685420 --a------ C:\Windows\system32\perfh00C.dat 2008-05-19 12:25:00 130782 --a------ C:\Windows\system32\perfc00C.dat 2008-05-19 12:15:36 0 d-------- C:\Program Files\eMule 2008-05-18 12:23:44 0 d-------- C:\Program Files\Lavasoft 2008-05-18 12:20:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 12:42:47 0 d-------- C:\Program Files\Common Files\SWF Studio 2008-05-15 22:27:39 0 d-------- C:\Program Files\VirtualDJ 2008-05-15 22:27:39 0 d-------- C:\Program Files\CCleaner 2008-05-14 23:52:02 0 d-------- C:\Program Files\Windows Mail 2008-05-02 19:04:28 0 d-------- C:\Program Files\Safari 2008-04-28 21:34:17 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-27 19:25:04 0 d-------- C:\Program Files\Neuf 2008-04-27 16:57:13 8224 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2008-04-26 13:49:45 0 d-------- C:\Program Files\Pack Securite 2008-04-26 12:37:22 0 d-a------ C:\Program Files\Propellerhead 2008-04-26 11:57:39 0 d-------- C:\Program Files\Roxio 2008-04-26 11:57:39 0 d-------- C:\Program Files\Common Files\Sonic Shared 2008-04-26 11:57:38 0 d-------- C:\Program Files\Common Files 2008-04-26 11:56:37 0 d-------- C:\Program Files\Common Files\Roxio Shared 2008-04-26 10:49:16 0 d-------- C:\Program Files\Line6 2008-04-21 23:27:01 0 d-------- C:\Program Files\SendBlaster 2008-04-21 23:22:14 0 d-------- C:\Program Files\Samsung 2008-04-21 23:12:24 0 d-------- C:\Program Files\Image-Line 2008-04-10 13:55:07 0 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-04-10 13:54:21 0 d-------- C:\Program Files\Windows Live Safety Center 2008-04-07 16:55:13 0 d-------- C:\Program Files\BonkEnc 2008-04-05 11:38:59 0 d-------- C:\Program Files\TextAloud 2008-04-05 11:27:00 0 d-------- C:\Program Files\Google 2008-04-05 11:19:42 0 d-------- C:\Program Files\Flash Demo Builder 1.2 2008-04-04 22:38:21 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\OFFICE One v7 2008-04-04 19:02:28 0 d-------- C:\Program Files\iTunes 2008-04-04 19:02:19 0 d-------- C:\Program Files\iPod 2008-04-04 19:00:31 0 d-------- C:\Program Files\QuickTime 2008-04-03 14:06:03 0 d-------- C:\Program Files\MSN Messenger 2008-04-03 14:06:02 0 d-------- C:\Program Files\Messenger Plus! Live 2008-04-01 21:04:36 16 --a------ C:\Windows\system32\msvcsv60.dll 2008-04-01 21:04:36 16 --a------ C:\Windows\msocreg32.dat 2008-04-01 13:21:37 2551 --a------ C:\Windows\unins000.dat 2008-04-01 13:12:39 691545 --a------ C:\Windows\unins000.exe 2008-03-28 22:31:07 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-28 22:30:21 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-03-20 01:03:07 174 --ahs---- C:\Program Files\desktop.ini 2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Sidebar 2008-03-20 00:49:26 0 d-------- C:\Program Files\Windows Calendar 2008-03-20 00:49:26 0 d-------- C:\Program Files\Movie Maker 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Photo Gallery 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Journal 2008-03-20 00:49:25 0 d-------- C:\Program Files\Windows Collaboration 2008-03-20 00:49:24 0 d-------- C:\Program Files\Windows Defender 2008-03-19 23:22:02 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®> 2008-03-04 00:11:45 66 --a------ C:\Windows\system32\IPPROTIDE.SYS -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 00:38] "F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [26/04/2007 19:12] "F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [26/04/2007 19:10] "removecpl"="RemoveCpl.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 00:33] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 00:33] "@"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [19/07/2007 11:22] "0845b171"="C:\Windows\system32\fccvedtl.dll,b" [] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34] "cmds"="C:\Users\MATTAN~1\AppData\Local\Temp\rQHWopoP.dll,c" [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 03:38:16] MOTU Pedal Handler.lnk - C:\Windows\Installer\{FAAF4F08-107F-42B4-B01C-B5BACB65E7D3}\_B46567FF76B580C507E5B5.exe [26/12/2007 16:36:31] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cc9fdc-6918-11dc-85bd-001617ee374b}] AutoRun\command- K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bda066e-36ae-11dc-a0f8-001617ee374b}] Auto\command- K:\RavMonE.exe e AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52e3e6df-74c9-11dc-ab0e-001617ee374b}] Auto\command- F:\RavMonE.exe e AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a05aa55-d087-11dc-bc85-001617ee374b}] Auto\command- F:\RavMonE.exe e AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e3994b6-e082-11dc-a5be-001617ee374b}] Auto\command- AdobeR.exe e AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c170a70e-ab19-11dc-ab2f-806e6f6e6963}] Auto\command- F:\RavMonE.exe e AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMonE.exe e [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-05-19 12:26:50 ------------