missplouf

Oki je regarderai pour l'allègement. Et sinon ben la machine se comporte très bien là, et puis je crois que tous ces nettoyages ont aussi virer des choses qui ralentissaient le pc même avant cette infection car je la trouve plus rapide, plus fluide, et je n'ai plus aucun problème bien entendu avec cette bestiole. Donc en résumé, je te remercie beaucoup pour ton accompagnement et tes instructions, t'as fais du bon travail, et mon pc t'embrasse! lol ^^ merci bien encore une fois Falkra t'as géré Bon courage aux autres!

En effet il a viré 7 autres infections de ce même programme: Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3443 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28/12/2009 15:31:58 mbam-log-2009-12-28 (15-31-58).txt Type de recherche: Examen rapide Eléments examinés: 132959 Temps écoulé: 6 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Users\Administrateur.PC-de-Camille\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Users\Audrey\Desktop\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Users\Administrateur.PC-de-Camille\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Users\Audrey\Desktop\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Users\Administrateur.PC-de-Camille\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. C:\Users\Audrey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:50:36, on 28/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\idman.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Audition 1.5\Audition.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\Camille\Documents\Downloads\Programs\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download with Rapget - C:\Users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Camille\scriptjava.html O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: *.chat-land.org O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c99a591a621b8e) (gupdate1c99a591a621b8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 15367 bytes

Comme personne n'est là pour t'aider pour l'instant, je me permets: Est-ce que tu peux démarrer malwarebytes antimalware? Si oui recherche des mise à jour puis lance un examen rapide, ensuite si il trouve des erreurs ou trojans supprime la sélection qu'il te propose, mais dans tous les cas enregistre le rapport qu'il t'aura fait et redémarre ton pc suite à son examen. Poste son rapport ici, quelqu'un viendra s'occuper de ta machine

J'ai retrouvé l'accès à tous les fichiers, c'est cool, et donc oui l'opération s'est bien déroulé Voilà le rapport: 19:53:17:790 4960 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 19:53:17:790 4960 ================================================================================ 19:53:17:790 4960 SystemInfo: 19:53:17:790 4960 OS Version: 6.0.6002 ServicePack: 2.0 19:53:17:790 4960 Product type: Workstation 19:53:17:790 4960 ComputerName: PC-DE-CAMILLE 19:53:17:790 4960 UserName: Camille 19:53:17:790 4960 Windows directory: C:\Windows 19:53:17:790 4960 Processor architecture: Intel x86 19:53:17:790 4960 Number of processors: 2 19:53:17:790 4960 Page size: 0x1000 19:53:17:790 4960 Boot type: Normal boot 19:53:17:790 4960 ================================================================================ 19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2 19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2 19:53:17:805 4960 ForceUnloadDriver: NtUnloadDriver error 2 19:53:17:805 4960 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\Drivers\KLMD.sys) returned status 0 19:53:17:805 4960 main: Driver KLMD successfully dropped 19:53:30:790 4960 main: Driver KLMD successfully loaded 19:53:30:790 4960 Scanning Registry ... 19:53:30:805 4960 ScanServices: Searching service UACd.sys 19:53:30:805 4960 ScanServices: Open/Create key error 2 19:53:30:805 4960 ScanServices: Searching service TDSSserv.sys 19:53:30:805 4960 ScanServices: Open/Create key error 2 19:53:30:805 4960 ScanServices: Searching service gaopdxserv.sys 19:53:30:805 4960 ScanServices: Open/Create key error 2 19:53:30:805 4960 ScanServices: Searching service gxvxcserv.sys 19:53:30:805 4960 ScanServices: Open/Create key error 2 19:53:30:805 4960 ScanServices: Searching service MSIVXserv.sys 19:53:30:805 4960 ScanServices: Open/Create key error 2 19:53:30:805 4960 UnhookRegistry: Kernel module file name: C:\Windows\system32\ntoskrnl.exe, base addr: 82844000 19:53:30:821 4960 UnhookRegistry: Kernel local addr: 1B50000 19:53:30:821 4960 UnhookRegistry: KeServiceDescriptorTable addr: 1C7C8C0 19:53:30:884 4960 UnhookRegistry: KiServiceTable addr: 1BBD910 19:53:30:884 4960 UnhookRegistry: NtEnumerateKey service number (local): 85 19:53:30:884 4960 UnhookRegistry: NtEnumerateKey local addr: 1D23366 19:53:30:884 4960 KLMD_OpenDevice: Trying to open KLMD device 19:53:30:884 4960 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 19:53:30:884 4960 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x828999F5[0x4] 19:53:30:884 4960 UnhookRegistry: NtEnumerateKey service number (kernel): 85 19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x828B1B24[0x4] 19:53:30:884 4960 UnhookRegistry: NtEnumerateKey real addr: 82A17366 19:53:30:884 4960 UnhookRegistry: NtEnumerateKey calc addr: 82A17366 19:53:30:884 4960 UnhookRegistry: No SDT hooks found on NtEnumerateKey 19:53:30:884 4960 KLMD_ReadMem: Trying to ReadMemory 0x82A17366[0xA] 19:53:30:884 4960 UnhookRegistry: No splicing found on NtEnumerateKey 19:53:30:899 4960 Scanning Kernel memory ... 19:53:30:899 4960 KLMD_OpenDevice: Trying to open KLMD device 19:53:30:899 4960 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 19:53:30:899 4960 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 19:53:30:899 4960 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85973E80 19:53:30:899 4960 DetectCureTDL3: KLMD_GetDeviceObjectList returned 6 DevObjects 19:53:30:899 4960 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86EE8380 19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86EE8380 19:53:30:899 4960 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 86F05CB8 19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86F05CB8 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86F05CB8[0x38] 19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8] 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208] 19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:53:30:899 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400] 19:53:30:899 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0 19:53:30:899 4960 TDL3_FileDetect: Processing driver: USBSTOR 19:53:30:899 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 19:53:30:899 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 19:53:30:899 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 19:53:30:899 4960 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8659FAC8 19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8659FAC8 19:53:30:899 4960 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8648ECB8 19:53:30:899 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8648ECB8 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x8648ECB8[0x38] 19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8] 19:53:30:899 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208] 19:53:30:899 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:53:30:899 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8 19:53:30:899 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:899 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400] 19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0 19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR 19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 865431D8 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865431D8 19:53:30:915 4960 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8656F030 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8656F030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x8656F030[0x38] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8] 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400] 19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0 19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR 19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 864144C8 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 864144C8 19:53:30:915 4960 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 86575030 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86575030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86575030[0x38] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8] 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400] 19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0 19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR 19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86536AC8 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86536AC8 19:53:30:915 4960 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 86677030 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86677030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86677030[0x38] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 86448030 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86448030[0xA8] 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x86553798[0x208] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (2) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (3) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (4) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (14) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (15) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (22) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (23) addr: 860571E8 19:53:30:915 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:915 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x88FAEF26[0x400] 19:53:30:915 4960 TDL3_StartIoHookDetect: CheckParameters: 5, 88FB3000, 0, 0 19:53:30:915 4960 TDL3_FileDetect: Processing driver: USBSTOR 19:53:30:915 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\usbstor.sys, C:\Windows\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 19:53:30:915 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\usbstor.sys 19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 85A76098 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85A76098 19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 852D0A70 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 852D0A70 19:53:30:915 4960 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 852D1368 19:53:30:915 4960 KLMD_GetLowerDeviceObject: Trying to get lower device object for 852D1368 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852D1368[0x38] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT addr: 852B93C0 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852B93C0[0xA8] 19:53:30:915 4960 KLMD_ReadMem: Trying to ReadMemory 0x852B9370[0x208] 19:53:30:915 4960 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 19:53:30:915 4960 DetectCureTDL3: IrpHandler (0) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (1) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (2) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (3) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (4) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (5) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (6) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (7) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler ( addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (9) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (10) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (11) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (12) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (13) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (14) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (15) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (16) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (17) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (18) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (19) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (20) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (21) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (22) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (23) addr: 8486D1E8 19:53:30:930 4960 DetectCureTDL3: IrpHandler (24) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (25) addr: 828D37B7 19:53:30:930 4960 DetectCureTDL3: IrpHandler (26) addr: 828D37B7 19:53:30:930 4960 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 19:53:30:930 4960 KLMD_ReadMem: DeviceIoControl error 1 19:53:30:930 4960 TDL3_StartIoHookDetect: Unable to get StartIo handler code 19:53:30:930 4960 TDL3_FileDetect: Processing driver: atapi 19:53:30:930 4960 TDL3_FileDetect: Parameters: C:\Windows\system32\drivers\atapi.sys, C:\Windows\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 19:53:30:930 4960 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys 19:53:30:930 4960 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys 19:53:30:930 4960 Completed Results: 19:53:30:930 4960 Infected objects in memory: 0 19:53:30:930 4960 Cured objects in memory: 0 19:53:30:930 4960 Infected objects on disk: 0 19:53:30:930 4960 Objects on disk cured on reboot: 0 19:53:30:930 4960 Objects on disk deleted on reboot: 0 19:53:30:930 4960 Registry nodes deleted on reboot: 0 19:53:30:930 4960

ok, merci de ta présence, j'espère qu'après je pourrais me co pour lire tes instructions sinon ça va être galère ^^ à tout à lheure!

Conbofix me fait peur là...au secours...je suis chez ma soeur là, il a bloqué toutes les clé de registre, je peux plus accéder à internet ni rien du tout, ca donne à chaque ouverture un truc du genre "imposssible d'accéder, clé de registre marquée pour suppression" help j'ai envie de dire, parce que je peux pas accéder à regedit ou quoi que ce soit pour changer la donne Bon, tout de même le rapport donne ça: ComboFix 09-12-26.05 - Camille 27/12/2009 17:04:57.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1143 [GMT 1:00] Lancé depuis: c:\users\Camille\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Camille\Desktop\CFscript.txt AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 )))))))))))))))))))))))))))))))))))) . 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Audrey\AppData\Local\temp 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2009-12-27 16:17 . 2009-12-27 16:17 -------- d-----w- c:\users\Administrateur.PC-de-Camille\AppData\Local\temp 2009-12-27 15:38 . 2009-12-27 16:26 -------- d-----w- c:\users\Camille\AppData\Local\temp 2009-12-27 13:53 . 2009-12-27 13:53 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- c:\program files\trend micro 2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- C:\rsit 2009-12-26 10:38 . 2009-12-26 10:38 -------- d-----w- c:\program files\Micro Application 2009-12-20 17:03 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\CCERASER.DLL 2009-12-20 17:03 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX32A.DLL 2009-12-20 17:03 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX15.SYS 2009-12-20 17:03 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG.SYS 2009-12-20 17:03 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG32.DLL 2009-12-20 17:03 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ERASER.SYS 2009-12-20 17:03 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ECMSVR32.DLL 2009-12-20 17:03 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\EECTRL.SYS 2009-12-20 16:22 . 2009-12-20 16:44 -------- d-----w- c:\users\Camille\AppData\Roaming\MP-Manager 2009-12-20 16:22 . 2009-12-20 16:22 37345 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\controlPanelIcon.exe 2009-12-20 16:22 . 2009-12-20 16:22 10134 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\SystemFolder_msiexec.exe 2009-12-20 16:21 . 2009-12-20 16:21 -------- d-----w- c:\users\Camille\AppData\Roaming\MPMAN 2009-12-18 08:01 . 2009-12-18 08:01 17614320 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe 2009-12-18 08:01 . 2009-12-18 08:01 8405312 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2009-12-18 08:00 . 2009-12-18 08:00 149000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe 2009-12-18 08:00 . 2009-12-18 08:00 10309448 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe 2009-12-18 08:00 . 2009-12-18 08:00 79368 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe 2009-12-18 07:59 . 2009-12-18 07:59 52288 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll 2009-12-18 07:59 . 2009-12-18 07:59 64000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll 2009-12-18 07:59 . 2009-12-18 07:59 50688 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll 2009-12-18 07:59 . 2009-12-18 07:59 118784 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll 2009-12-17 17:06 . 2009-12-26 17:06 439816 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\setup.exe 2009-12-16 19:09 . 2009-12-16 19:09 -------- d-----w- c:\users\Camille\AppData\Roaming\Icones 2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL 2009-12-12 11:18 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-12 11:18 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-12 11:18 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-10 10:54 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2009-12-10 10:54 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll 2009-12-10 10:53 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-12-10 10:53 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-11-28 21:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-11-28 21:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-11-28 21:43 . 2009-11-28 21:43 -------- d-----w- c:\program files\iPod 2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\program files\iTunes 2009-11-28 21:39 . 2009-11-28 21:40 -------- d-----w- c:\program files\QuickTime 2009-11-28 21:32 . 2009-11-28 21:32 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-28 21:11 . 2009-11-28 21:11 -------- d-----w- c:\program files\Ashampoo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 16:26 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\IDM 2009-12-27 16:26 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\DMCache 2009-12-27 16:02 . 2008-01-11 15:32 -------- d-----w- c:\program files\Unlocker 2009-12-27 16:02 . 2007-09-03 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-27 16:02 . 2008-04-26 10:52 -------- d-----w- c:\program files\Internet Download Manager 2009-12-27 16:02 . 2008-04-26 10:11 -------- d-----w- c:\program files\RocketDock 2009-12-27 16:02 . 2008-04-25 20:52 -------- d-----w- c:\program files\PowerISO 2009-12-27 15:14 . 2007-09-03 21:35 -------- d-----w- c:\program files\Eset 2009-12-27 13:53 . 2009-02-09 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-27 01:44 . 2007-09-22 10:18 -------- d-----w- c:\users\Camille\AppData\Roaming\dvdcss 2009-12-26 22:07 . 2008-04-24 14:00 -------- d-----w- c:\users\Camille\AppData\Roaming\CoreFTP 2009-12-26 20:16 . 2009-01-24 19:53 -------- d-----w- c:\programdata\Google Updater 2009-12-25 17:00 . 2009-08-24 19:09 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-25 01:41 . 2006-11-02 15:48 741350 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-25 01:41 . 2006-11-02 15:48 147198 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-24 16:44 . 2007-09-03 22:34 -------- d-----w- c:\users\Camille\AppData\Roaming\Apple Computer 2009-12-23 18:32 . 2007-11-10 13:17 -------- d-----w- c:\program files\VST 2009-12-23 18:24 . 2008-10-06 11:43 -------- d-----w- c:\program files\Steinberg 2009-12-23 17:50 . 2009-07-20 19:00 -------- d-----w- c:\users\Camille\AppData\Roaming\Modartt 2009-12-21 17:03 . 2009-11-23 13:05 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND 2009-12-21 10:17 . 2009-11-13 15:23 -------- d-----w- c:\users\Camille\AppData\Roaming\FreeFLVConverter 2009-12-20 12:10 . 2007-09-03 22:45 -------- d-----w- c:\program files\Google 2009-12-15 13:44 . 2009-04-24 12:59 1367 ----a-w- c:\users\Camille\errorlog.tmp 2009-12-11 10:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-11 10:05 . 2007-11-24 10:03 -------- d-----w- c:\programdata\Microsoft Help 2009-12-03 15:14 . 2009-02-09 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13 . 2009-02-09 11:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-28 21:43 . 2007-10-31 13:07 -------- d-----w- c:\program files\Common Files\Apple 2009-11-28 21:40 . 2007-10-06 15:13 -------- d-----w- c:\program files\Bonjour 2009-11-25 11:32 . 2009-11-25 11:32 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-25 11:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-22 17:26 . 2008-09-25 07:41 -------- d-----w- c:\users\Camille\AppData\Roaming\uTorrent 2009-11-21 17:29 . 2009-01-26 12:30 140264 ----a-w- c:\users\Administrateur.PC-de-Camille\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-16 10:05 . 2009-11-16 10:05 120240 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc02\components\idmmzcc.dll 2009-11-16 09:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-11-15 16:55 . 2009-11-15 16:55 -------- d-----w- c:\program files\Spectrasonics 2009-11-14 11:11 . 2009-08-17 19:32 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-13 23:38 . 2009-11-13 23:38 -------- d-----w- c:\program files\VPSS 2009-11-13 22:11 . 2009-11-13 22:11 -------- d-----w- c:\program files\HyCam2 2009-11-13 15:23 . 2009-11-13 15:23 -------- d-----w- c:\program files\Free FLV Converter 2009-11-13 15:04 . 2009-11-13 15:04 198064 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll 2009-11-11 13:50 . 2009-11-13 15:23 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2009-11-10 15:00 . 2009-11-10 14:46 -------- d-----w- c:\program files\IDoser v4 2009-11-08 17:38 . 2007-09-03 22:46 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_4ae13d6c.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_2cd672ae.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_294823.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_18be6784.exe 2009-11-05 19:07 . 2008-12-28 13:08 -------- d-----w- c:\program files\Common Files\Steinberg 2009-11-05 19:07 . 2008-11-15 09:50 -------- d-----w- c:\program files\East West 2009-11-05 11:22 . 2007-09-24 17:07 -------- d-----w- c:\program files\Windows Live Safety Center 2009-11-02 19:42 . 2009-10-03 10:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-01 17:33 . 2008-08-19 10:28 -------- d-----w- c:\users\Camille\AppData\Roaming\Free Download Manager 2009-10-29 09:17 . 2009-11-26 09:28 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-19 08:50 . 2009-10-19 08:50 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-19 08:00 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL 2009-10-09 17:18 . 2007-09-03 20:30 140264 ----a-w- c:\users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-25 11:24 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-25 11:24 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-25 11:24 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-06 13:17 . 2009-10-06 13:17 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-06 13:17 . 2009-10-06 13:17 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-01 01:02 . 2009-11-25 11:25 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-25 11:26 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-25 11:25 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-25 11:25 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-17 15:16 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-25 11:25 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-25 11:25 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-25 11:25 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-25 11:25 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-25 11:25 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-25 11:25 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-25 11:26 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-25 11:25 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-25 11:25 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-25 11:25 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-25 11:25 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-29 12:45 . 2008-10-21 05:33 1 ----a-w- c:\users\Camille\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2008-08-26 19:27 . 2008-08-26 19:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-11-29 12:20 . 2007-11-29 12:20 88 --sha-r- c:\windows\System32\8FDDDADA67.sys 2007-11-29 15:42 . 2007-11-29 11:00 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-12-27_15.34.54 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-15 17:28 . 2009-12-27 16:27 81180 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-12-27 16:27 87274 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2007-09-04 10:11 . 2009-12-27 16:27 18200 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-769474302-834296891-2338562099-1000_UserData.bin - 2007-09-03 20:27 . 2009-12-27 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-09-03 20:27 . 2009-12-27 15:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-09-03 20:27 . 2009-12-27 15:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-09-03 20:27 . 2009-12-27 14:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-14 10:47 . 2009-12-27 16:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-14 10:47 . 2009-12-27 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-14 10:47 . 2009-12-27 15:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-10-14 10:47 . 2009-12-27 16:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-10-14 10:47 . 2009-12-27 15:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-14 10:47 . 2009-12-27 16:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-09-20 18:06 . 2009-12-27 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-09-20 18:06 . 2009-12-27 14:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-09-20 18:06 . 2009-12-27 16:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-09-20 18:06 . 2009-12-27 14:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2007-09-20 18:06 . 2009-12-27 16:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-09-20 18:06 . 2009-12-27 14:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-27 15:20 . 2009-12-27 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-12-27 16:18 . 2009-12-27 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-12-27 16:18 . 2009-12-27 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-12-27 15:20 . 2009-12-27 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176] [HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-13 3171760] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-09-28 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-10 185896] c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-9-28 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Excentrix.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Excentrix.lnk backup=c:\windows\pss\Excentrix.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk backup=c:\windows\pss\OFFICE One Startup v7.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapidown.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapidown.lnk backup=c:\windows\pss\Rapidown.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2007-10-30 18:07 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-30 18:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] 2008-05-20 15:27 2474031 ----a-w- c:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] 2005-10-31 22:00 307200 ------w- c:\program files\Syncrosoft\POS\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 06:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-08-04 15:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuschd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2007-09-28 15:34 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2005-06-08 12:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 13:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 13:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2008-05-15 16:25 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2008-05-10 11:26 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] 2007-09-20 07:23 132624 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-01-24 19:53 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-05-10 11:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2007-07-17 12:58 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2007-10-30 18:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] 2008-04-01 16:35 3587120 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] 2006-12-14 13:18 7558720 ----a-w- c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="c:\program files\Winamp\winampa.exe" "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ab,95,2f,2b,83,38,ca,01 R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [06/10/2008 12:42 33792] S2 gupdate1c99a591a621b8e;Service Google Update (gupdate1c99a591a621b8e);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 11:33 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/01/2009 17:15 1527900] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/07/2008 10:05 21504] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/08/2008 20:27 29744] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064] S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [06/10/2008 12:41 18432] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [07/01/2009 17:16 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.cherche.us/keyword/ uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Download with Rapget - c:\users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Recherche avec cherche.us - c:\users\Camille\scriptjava.html IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm Trusted Zone: chat-land.org FF - ProfilePath - c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe MSConfigStartUp-ooVoo - c:\program files\ooVoo\ooVoo.exe MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe MSConfigStartUp-SpotterChat - c:\program files\SpotterChat\SpotterChat.exe MSConfigStartUp-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe MSConfigStartUp-UVS11 Preload - c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 17:25 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8486D1E8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x88e8ad24 \Driver\ACPI -> acpi.sys @ 0x88762d68 \Driver\atapi -> 0x8486d1e8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{311ee8c0-0bcc-48b5-9021-5969b5f431f4}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000140 "Therad"=dword:00000005 "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a, 4b,7b,ad,b1,01,72,2f,c8,ca,b2,f4,08,aa,b4,f7,6e,37,9b,a2,94,80,b0,05,d4,61,\ [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5292f2f2-dfb4-42b1-8dbc-85f02839122f}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000013c "Therad"=dword:00000020 [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):50,ba,e1,71,e0,1f,de,5e,7d,06,86,0f,b5,f6,88,f0,73,ea,05,07,1b, 7d,b3,83,d2,15,c1,1e,73,15,86,ba,57,0e,55,57,68,bf,15,ba,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):41,0a,db,3a,76,5f,90,85,13,7b,a8,bd,c0,98,cb,23,50,52,ae,69,62, 5c,c5,63,cd,e4,a9,09,51,25,37,38,e1,c9,d9,77,2f,e8,b1,65,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OOCC06.00.00.01WSSV"="1D25CF0FB4E34D6A8B7CB11C889B069BE51425A056617D72006E9007FEBC9E127BECC74CFEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC7933BA7FD869164D6794FEBC9E127BECC74CA9C6AECB7A5D140771E48F2185DD0D483561C F8B5A6713A936835FDF3B7CB20B1AD12F28EAB9EFEA5349E721A0AE7D06A0C0AFD5B64D7538F05E48 CCAD6BD9F60323023DF9CE6A48DFF9EEDD27CDC8E1A766743F43FBEC40A3B3A732A6E76B6233BF784 97F6C880484522E5A330E1AF6997F37A18F66420423A03F664BA76DD828DA22B854282C9181B4A43B F40252C41C4002FB404172AA194948DF529F9ACCAFA5061EE5596D4C6905C3CB2D85072C28DAD4F18 A8630BF04D2EE3A898BE0136BD79BADB41C18EFA2AB717934B27F758A0BA1C9BB765F3335E8D2B651 6C62E153AD514057CF2B9F6C9588D571EDB8C9630FCF6EB1109AD752B987B89B0276D532E786D3F51 A5ADF54B2D417E3D9633627A7B9EEDF1D30E5557815C7F357287026C792074EE20E19BDF81C969F60 63AF9F1930FDCE25A0770B5CF88FF4B335952316BB2032D5E09AE15F90534AAFD18B693074F29876A 10C971E22E04EA9900FED2041870563A194CB64DEED9C387B84F4383E49EB249B09EEFDF4AE450ADF 86A233D2CBC2BED41D5A07A32DE52E5F380883391E8D84AE33DABD4991326C7E0F30A3161B76E1B22 D434DF17A098CB429396783B6D4312A38F9256A4601AC7B9A59C9244DC20725220DBF4E64FB8EE0BE F63D30F62B0814A53EFC192AB1E99704B4000A585CAFCD3D936A341D4737034281E447EC91ABA6706 B958943D807CA852C27485B0CA07E2407DD91788BCA6A626EBDC2C41B82CEEE1EC0E3399E2B3F4101 A2549530DFBE616B2F4772FA521BB1262D9153ED352E5C42D643D640C0D33BC2D997ED393BC96098F 62CA85A1A4F28659E970FC634995999AFB88D0C789ADA5AB8EDEB2DC111F238D08BDB0436721DBB7F 2B92F3B09C683BABC76FE7C3D9ED012EA8BCA448B6504C5FA073E7F7A4518FBF971D599F72F08EAD6 8364C5B0DA3C72F0E31CDE6128F28C61F7886FBBB6519D59B11ED3D0FBED41B073D44B9E0908FB2D5 BD68F9AFAFF32E2E19781C3FE1653CEA75BC0616019CDF8303701E3AAD8F34AE7CCAA14E90A9C3E42 665FC6B2FD370ABF4E4BCE0CA4D6A31AD858BAE57D2B2B729DE4161799B37D3978B01321D1CF37A5F 9A677D15A0AC5804CBC8884DB8B286A521021113EB3D7B064052B65DC3CB64A62550AEB8A31D36F19 EE146B5F2BC24F5214F37E99210D32F675ED186A9816D62DE85687639B7F90770251A9688DA0E4487 D9E670DB6AC3757B561113FDA30CCD375954F216FAC7F7C2A66BDCD39D35DB8B94DF7B678DACDE0BA EB3E0C444AC46B2E2D03344E7B71C" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(976) c:\windows\system32\relog_ap.dll - - - - - - - > 'Explorer.exe'(5656) c:\users\Camille\AppData\Local\Temp\IadHide4.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\PSIService.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Micro Application\Votre PC prend la parole\MDVox.exe c:\program files\Internet Download Manager\IEMonitor.exe . ************************************************************************** . Heure de fin: 2009-12-27 17:31:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-27 16:31 ComboFix2.txt 2009-12-27 15:38 Avant-CF: 29 522 874 368 octets libres Après-CF: 29 421 948 928 octets libres - - End Of File - - 67B986AC5EFE0B0E21C3ADE29C461F17

je ne comprends pas pourquoi il m'a indiqué qu'i y avait des anti vir/spy qui pourraient nuir à son fonctionnement vu que j'ai pris le soin de désinstaller ou désactiver ces programmes en questions. Enfin soit, voici le résultat de l'analyse: ComboFix 09-12-26.05 - Camille 27/12/2009 16:22:42.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1119 [GMT 1:00] Lancé depuis: c:\users\Camille\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\users\Camille\AppData\Roaming\inst.exe c:\windows\system32\krl32mainweq.dll c:\windows\system32\logs c:\windows\system32\lsprst7.dll c:\windows\system32\muzapp.exe c:\windows\system32\SIntf16.dll c:\windows\system32\srcr.dat c:\windows\system32\ssprs.dll D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 )))))))))))))))))))))))))))))))))))) . 2009-12-27 15:34 . 2009-12-27 15:34 -------- d-----w- c:\users\Camille\AppData\Local\temp 2009-12-27 13:53 . 2009-12-27 13:53 4844295 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- c:\program files\trend micro 2009-12-27 02:22 . 2009-12-27 02:22 -------- d-----w- C:\rsit 2009-12-26 10:38 . 2009-12-26 10:38 -------- d-----w- c:\program files\Micro Application 2009-12-20 17:03 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\CCERASER.DLL 2009-12-20 17:03 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX32A.DLL 2009-12-20 17:03 . 2009-08-27 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVEX15.SYS 2009-12-20 17:03 . 2009-08-27 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG.SYS 2009-12-20 17:03 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\NAVENG32.DLL 2009-12-20 17:03 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ERASER.SYS 2009-12-20 17:03 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\ECMSVR32.DLL 2009-12-20 17:03 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20091220.004\EECTRL.SYS 2009-12-20 16:22 . 2009-12-20 16:44 -------- d-----w- c:\users\Camille\AppData\Roaming\MP-Manager 2009-12-20 16:22 . 2009-12-20 16:22 37345 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\controlPanelIcon.exe 2009-12-20 16:22 . 2009-12-20 16:22 10134 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{2FD8A3D1-F72F-4EE9-9C67-C127E5AA38CD}\SystemFolder_msiexec.exe 2009-12-20 16:21 . 2009-12-20 16:21 -------- d-----w- c:\users\Camille\AppData\Roaming\MPMAN 2009-12-18 08:01 . 2009-12-18 08:01 17614320 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe 2009-12-18 08:01 . 2009-12-18 08:01 8405312 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2009-12-18 08:00 . 2009-12-18 08:00 149000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe 2009-12-18 08:00 . 2009-12-18 08:00 10309448 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe 2009-12-18 08:00 . 2009-12-18 08:00 79368 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe 2009-12-18 07:59 . 2009-12-18 07:59 52288 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll 2009-12-18 07:59 . 2009-12-18 07:59 64000 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll 2009-12-18 07:59 . 2009-12-18 07:59 50688 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll 2009-12-18 07:59 . 2009-12-18 07:59 118784 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll 2009-12-17 17:06 . 2009-12-26 17:06 439816 ----a-w- c:\users\Camille\AppData\Roaming\Real\Update\setup3.09\setup.exe 2009-12-16 19:09 . 2009-12-16 19:09 -------- d-----w- c:\users\Camille\AppData\Roaming\Icones 2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL 2009-12-12 11:18 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-12 11:18 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-12 11:18 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-10 10:54 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2009-12-10 10:54 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll 2009-12-10 10:53 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-12-10 10:53 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-11-28 21:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-11-28 21:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-11-28 21:43 . 2009-11-28 21:43 -------- d-----w- c:\program files\iPod 2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-11-28 21:43 . 2009-11-28 21:45 -------- d-----w- c:\program files\iTunes 2009-11-28 21:39 . 2009-11-28 21:40 -------- d-----w- c:\program files\QuickTime 2009-11-28 21:32 . 2009-11-28 21:32 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-11-28 21:11 . 2009-11-28 21:11 -------- d-----w- c:\program files\Ashampoo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 15:18 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\DMCache 2009-12-27 15:14 . 2007-09-03 21:35 -------- d-----w- c:\program files\Eset 2009-12-27 13:53 . 2009-02-09 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-27 13:52 . 2008-04-26 10:52 -------- d-----w- c:\users\Camille\AppData\Roaming\IDM 2009-12-27 01:44 . 2007-09-22 10:18 -------- d-----w- c:\users\Camille\AppData\Roaming\dvdcss 2009-12-26 22:07 . 2008-04-24 14:00 -------- d-----w- c:\users\Camille\AppData\Roaming\CoreFTP 2009-12-26 20:16 . 2009-01-24 19:53 -------- d-----w- c:\programdata\Google Updater 2009-12-25 17:00 . 2009-08-24 19:09 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-25 01:41 . 2006-11-02 15:48 741350 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-25 01:41 . 2006-11-02 15:48 147198 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-24 16:44 . 2007-09-03 22:34 -------- d-----w- c:\users\Camille\AppData\Roaming\Apple Computer 2009-12-23 18:32 . 2007-11-10 13:17 -------- d-----w- c:\program files\VST 2009-12-23 18:24 . 2008-10-06 11:43 -------- d-----w- c:\program files\Steinberg 2009-12-23 17:50 . 2009-07-20 19:00 -------- d-----w- c:\users\Camille\AppData\Roaming\Modartt 2009-12-21 17:03 . 2009-11-23 13:05 -------- d-----w- c:\program files\AV Vcs 5.0 DIAMOND 2009-12-21 10:17 . 2009-11-13 15:23 -------- d-----w- c:\users\Camille\AppData\Roaming\FreeFLVConverter 2009-12-20 12:10 . 2007-09-03 22:45 -------- d-----w- c:\program files\Google 2009-12-15 13:44 . 2009-04-24 12:59 1367 ----a-w- c:\users\Camille\errorlog.tmp 2009-12-11 10:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-11 10:05 . 2007-11-24 10:03 -------- d-----w- c:\programdata\Microsoft Help 2009-12-03 15:14 . 2009-02-09 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13 . 2009-02-09 11:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-28 21:43 . 2007-10-31 13:07 -------- d-----w- c:\program files\Common Files\Apple 2009-11-28 21:40 . 2007-10-06 15:13 -------- d-----w- c:\program files\Bonjour 2009-11-25 11:32 . 2009-11-25 11:32 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-25 11:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-22 17:26 . 2008-09-25 07:41 -------- d-----w- c:\users\Camille\AppData\Roaming\uTorrent 2009-11-21 17:29 . 2009-01-26 12:30 140264 ----a-w- c:\users\Administrateur.PC-de-Camille\AppData\Local\GDIPFONTCACHEV1.DAT 2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-17 18:01 . 2009-11-17 18:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-16 10:05 . 2009-11-16 10:05 120240 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll 2009-11-16 10:04 . 2008-04-26 10:52 -------- d-----w- c:\program files\Internet Download Manager 2009-11-16 09:41 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-11-16 09:36 . 2007-09-03 21:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-16 09:33 . 2008-04-26 10:11 -------- d-----w- c:\program files\RocketDock 2009-11-16 09:30 . 2008-04-25 20:52 -------- d-----w- c:\program files\PowerISO 2009-11-15 21:51 . 2008-01-11 15:32 -------- d-----w- c:\program files\Unlocker 2009-11-15 16:55 . 2009-11-15 16:55 -------- d-----w- c:\program files\Spectrasonics 2009-11-14 11:11 . 2009-08-17 19:32 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-13 23:38 . 2009-11-13 23:38 -------- d-----w- c:\program files\VPSS 2009-11-13 22:11 . 2009-11-13 22:11 -------- d-----w- c:\program files\HyCam2 2009-11-13 15:23 . 2009-11-13 15:23 -------- d-----w- c:\program files\Free FLV Converter 2009-11-13 15:04 . 2009-11-13 15:04 198064 ----a-w- c:\users\Camille\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll 2009-11-11 13:50 . 2009-11-13 15:23 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2009-11-10 15:00 . 2009-11-10 14:46 -------- d-----w- c:\program files\IDoser v4 2009-11-08 17:38 . 2007-09-03 22:46 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_4ae13d6c.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_2cd672ae.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_294823.exe 2009-11-05 19:07 . 2009-11-05 19:07 15086 ----a-r- c:\users\Camille\AppData\Roaming\Microsoft\Installer\{68B0CD06-006B-444E-BB91-FEF2A2CAC3C6}\_18be6784.exe 2009-11-05 19:07 . 2008-12-28 13:08 -------- d-----w- c:\program files\Common Files\Steinberg 2009-11-05 19:07 . 2008-11-15 09:50 -------- d-----w- c:\program files\East West 2009-11-05 11:22 . 2007-09-24 17:07 -------- d-----w- c:\program files\Windows Live Safety Center 2009-11-02 19:42 . 2009-10-03 10:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-01 17:33 . 2008-08-19 10:28 -------- d-----w- c:\users\Camille\AppData\Roaming\Free Download Manager 2009-10-29 09:17 . 2009-11-26 09:28 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-19 08:50 . 2009-10-19 08:50 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-19 08:00 . 2009-10-19 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL 2009-10-09 17:18 . 2007-09-03 20:30 140264 ----a-w- c:\users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-08 21:08 . 2009-11-25 11:24 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-25 11:24 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-25 11:24 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-06 13:17 . 2009-10-06 13:17 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-06 13:17 . 2009-10-06 13:17 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-01 01:02 . 2009-11-25 11:25 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-25 11:26 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-25 11:25 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-25 11:25 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-17 15:16 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-25 11:25 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-25 11:25 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-25 11:25 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-25 11:25 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-25 11:25 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-25 11:25 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-25 11:26 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-25 11:25 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-25 11:25 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-25 11:25 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-25 11:25 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-29 12:45 . 2008-10-21 05:33 1 ----a-w- c:\users\Camille\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2008-08-26 19:27 . 2008-08-26 19:27 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-11-29 12:20 . 2007-11-29 12:20 88 --sha-r- c:\windows\System32\8FDDDADA67.sys 2007-11-29 15:42 . 2007-11-29 11:00 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys . <pre> c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe c:\program files\Common Files\Adobe\Updater5\adobeupdater .exe c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\HP\HP Software Update\hpwuschd .exe c:\program files\HP\hpcoretech\hpcmpmgr .exe c:\program files\Internet Download Manager\idman .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480 .exe c:\program files\PowerISO\pwrisovm .exe c:\program files\RocketDock\rocketdock .exe c:\program files\Roxio\Media Experience\dmxlauncher .exe c:\program files\Spybot - Search & Destroy\teatimer .exe c:\program files\Unlocker\unlockerassistant .exe </pre> ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176] [HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}] [HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-16 2577840] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-10 185896] c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-9-28 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=ma_cmidn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Excentrix.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Excentrix.lnk backup=c:\windows\pss\Excentrix.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk backup=c:\windows\pss\OFFICE One Startup v7.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapidown.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rapidown.lnk backup=c:\windows\pss\Rapidown.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] path=c:\users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2007-10-30 18:07 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-30 18:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] 2007-08-01 18:17 222592 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 14:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] 2008-05-20 15:27 2474031 ----a-w- c:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] 2005-10-31 22:00 307200 ------w- c:\program files\Syncrosoft\POS\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] c:\program files\HP\hpcoretech\hpcmpmgr.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\program files\HP\HP Software Update\HPWuSchd.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2009-11-13 15:04 3171760 ----a-w- c:\program files\Internet Download Manager\idman .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanzarL2007] c:\users\Camille\AppData\Local\Temp\{4BCC7E8A-7677-4664-B364-87D6FB153215}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2005-06-08 12:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 13:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 13:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] c:\windows\system32\urqqRIca.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2008-05-15 16:25 54576 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] c:\program files\ooVoo\ooVoo.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] c:\program files\Winamp Remote\bin\OrbTray.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2008-05-10 11:26 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] 2007-09-20 07:23 132624 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotterChat] c:\program files\SpotterChat\SpotterChat.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-05-10 11:26 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] 2007-07-17 12:58 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2007-10-30 18:06 2595616 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] 2008-04-01 16:35 3587120 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] 2006-12-14 13:18 7558720 ----a-w- c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WinampAgent"="c:\program files\Winamp\winampa.exe" "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ab,95,2f,2b,83,38,ca,01 R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [06/10/2008 12:42 33792] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28/09/2008 12:12 685816] S2 gupdate1c99a591a621b8e;Service Google Update (gupdate1c99a591a621b8e);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 11:33 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/01/2009 17:15 1527900] S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/07/2008 10:05 21504] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/08/2008 20:27 29744] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 21:22 34064] S3 SynasUSB;SynasUSB;c:\windows\System32\drivers\synasUSB.sys [06/10/2008 12:41 18432] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [07/01/2009 17:16 544768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.cherche.us/keyword/ uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html IE: Download all by Rapidown... - c:\program files\Rapidown\rapidownGetAll.htm IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download by Rapidown... - c:\program files\Rapidown\rapidownGet.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Download with Rapget - c:\users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Recherche avec cherche.us - c:\users\Camille\scriptjava.html IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm Trusted Zone: chat-land.org FF - ProfilePath - c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\users\Camille\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll FF - component: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Camille\AppData\Roaming\Mozilla\Firefox\Profiles\bal4u0yx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false . - - - - ORPHELINS SUPPRIMES - - - - AddRemove-Combined Community Codec Pack_is1 - m:\combined community codec pack\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 16:34 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\windows\TEMP\TMP000000205E9D2B238478AB42 524288 bytes executable Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{311ee8c0-0bcc-48b5-9021-5969b5f431f4}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000140 "Therad"=dword:00000005 "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a, 4b,7b,ad,b1,01,72,2f,c8,ca,b2,f4,08,aa,b4,f7,6e,37,9b,a2,94,80,b0,05,d4,61,\ [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5292f2f2-dfb4-42b1-8dbc-85f02839122f}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000013c "Therad"=dword:00000020 [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):50,ba,e1,71,e0,1f,de,5e,7d,06,86,0f,b5,f6,88,f0,73,ea,05,07,1b, 7d,b3,83,d2,15,c1,1e,73,15,86,ba,57,0e,55,57,68,bf,15,ba,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-769474302-834296891-2338562099-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):41,0a,db,3a,76,5f,90,85,13,7b,a8,bd,c0,98,cb,23,50,52,ae,69,62, 5c,c5,63,cd,e4,a9,09,51,25,37,38,e1,c9,d9,77,2f,e8,b1,65,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OOCC06.00.00.01WSSV"="1D25CF0FB4E34D6A8B7CB11C889B069BE51425A056617D72006E9007FEBC9E127BECC74CFEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0 AC4980AC7933BA7FD869164D6794FEBC9E127BECC74CA9C6AECB7A5D140771E48F2185DD0D483561C F8B5A6713A936835FDF3B7CB20B1AD12F28EAB9EFEA5349E721A0AE7D06A0C0AFD5B64D7538F05E48 CCAD6BD9F60323023DF9CE6A48DFF9EEDD27CDC8E1A766743F43FBEC40A3B3A732A6E76B6233BF784 97F6C880484522E5A330E1AF6997F37A18F66420423A03F664BA76DD828DA22B854282C9181B4A43B F40252C41C4002FB404172AA194948DF529F9ACCAFA5061EE5596D4C6905C3CB2D85072C28DAD4F18 A8630BF04D2EE3A898BE0136BD79BADB41C18EFA2AB717934B27F758A0BA1C9BB765F3335E8D2B651 6C62E153AD514057CF2B9F6C9588D571EDB8C9630FCF6EB1109AD752B987B89B0276D532E786D3F51 A5ADF54B2D417E3D9633627A7B9EEDF1D30E5557815C7F357287026C792074EE20E19BDF81C969F60 63AF9F1930FDCE25A0770B5CF88FF4B335952316BB2032D5E09AE15F90534AAFD18B693074F29876A 10C971E22E04EA9900FED2041870563A194CB64DEED9C387B84F4383E49EB249B09EEFDF4AE450ADF 86A233D2CBC2BED41D5A07A32DE52E5F380883391E8D84AE33DABD4991326C7E0F30A3161B76E1B22 D434DF17A098CB429396783B6D4312A38F9256A4601AC7B9A59C9244DC20725220DBF4E64FB8EE0BE F63D30F62B0814A53EFC192AB1E99704B4000A585CAFCD3D936A341D4737034281E447EC91ABA6706 B958943D807CA852C27485B0CA07E2407DD91788BCA6A626EBDC2C41B82CEEE1EC0E3399E2B3F4101 A2549530DFBE616B2F4772FA521BB1262D9153ED352E5C42D643D640C0D33BC2D997ED393BC96098F 62CA85A1A4F28659E970FC634995999AFB88D0C789ADA5AB8EDEB2DC111F238D08BDB0436721DBB7F 2B92F3B09C683BABC76FE7C3D9ED012EA8BCA448B6504C5FA073E7F7A4518FBF971D599F72F08EAD6 8364C5B0DA3C72F0E31CDE6128F28C61F7886FBBB6519D59B11ED3D0FBED41B073D44B9E0908FB2D5 BD68F9AFAFF32E2E19781C3FE1653CEA75BC0616019CDF8303701E3AAD8F34AE7CCAA14E90A9C3E42 665FC6B2FD370ABF4E4BCE0CA4D6A31AD858BAE57D2B2B729DE4161799B37D3978B01321D1CF37A5F 9A677D15A0AC5804CBC8884DB8B286A521021113EB3D7B064052B65DC3CB64A62550AEB8A31D36F19 EE146B5F2BC24F5214F37E99210D32F675ED186A9816D62DE85687639B7F90770251A9688DA0E4487 D9E670DB6AC3757B561113FDA30CCD375954F216FAC7F7C2A66BDCD39D35DB8B94DF7B678DACDE0BA EB3E0C444AC46B2E2D03344E7B71C" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(888) c:\windows\system32\relog_ap.dll . Heure de fin: 2009-12-27 16:38:13 ComboFix-quarantined-files.txt 2009-12-27 15:38 Avant-CF: 29 372 411 904 octets libres Après-CF: 29 482 061 824 octets libres - - End Of File - - 771FA465A000078CE816A55DFCE2C72D

Voilà le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:53:27, on 27/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\mspaint.exe C:\Users\Camille\Documents\Downloads\Programs\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [richtx64.exe] C:\Users\Camille\AppData\Local\Temp\richtx64.exe O4 - HKCU\..\RunServices: [JavaWebTM,Inc] JavaWebInc.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download with Rapget - C:\Users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Camille\scriptjava.html O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c99a591a621b8e) (gupdate1c99a591a621b8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 16180 bytes Bon par contre Windows defender refuse de fonctionner, et voilà ce que j'ai à chaque démarrage: Trojan:Win32/Alureon.BT J'ai beau le supprimer il revient toujours ( il me semble qu'hier soir c'était plus fréquent, mais tout de même )

Edit !!! je me suis précipité, je vais relancer le pc, je ne l'ai pas encore fait, faudra que je vois si windows defender se relance, bon je te le refait au démarrage, désolé hein ^^

Voilou, aussitôt dit aussitôt fait ^^ : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:52, on 27/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Micro Application\Votre PC prend la parole\MDVox.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\Camille\Documents\Downloads\Programs\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [richtx64.exe] C:\Users\Camille\AppData\Local\Temp\richtx64.exe O4 - HKCU\..\RunServices: [JavaWebTM,Inc] JavaWebInc.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download with Rapget - C:\Users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Camille\scriptjava.html O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c99a591a621b8e) (gupdate1c99a591a621b8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 16228 bytes

ça y est, la mise à jour a dû servir, j'y avais pas pensé, rapport de MBAM: Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3289 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27/12/2009 15:00:02 mbam-log-2009-12-27 (15-00-02).txt Type de recherche: Examen rapide Eléments examinés: 124844 Temps écoulé: 5 minute(s), 26 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 17 Processus mémoire infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> Unloaded process successfully. C:\Program Files\Winsudate\gibusr.exe (Adware.édité) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.édité) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.édité) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Winsudate (Adware.édité) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Winsudate\gibsvc.exe (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibusr.exe (Adware.édité) -> Quarantined and deleted successfully. C:\Windows\System32\JavaWebStart.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Windows\System32\nvrtm.dll (Worm.MarioFever) -> Quarantined and deleted successfully. C:\Users\Camille\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\winsys.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibcom.dll (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibidl.dll (Adware.édité) -> Quarantined and deleted successfully. C:\Program Files\Winsudate\gibupt.exe (Adware.édité) -> Quarantined and deleted successfully. C:\Users\Public\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\Public\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Users\Public\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Windows\tmp17380078.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Windows\System32\H8SRTlxntwbgijk.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\H8SRTxqqewurpdb.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\System32\H8SRTgpemurqssp.dat (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Users\Camille\AppData\Local\Temp\H8SRTbc13.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

Windows security alert, malware defense, plus besoin d'expliquer, apparement c'est de mode ce truc, à 2h30 environ ma défense vista me dit de redémarrer mon pc suite au nettoyage d'une bestiole. Au redémarrage, j'ai le droit à des pub, à des alertes rocambolesques,malware defense veut me faire supprimer mes autres protections. Déjà avec Malwaresbytes anti malwares, plus aucune efficacité lors de l'analyse, il ne détecte rien. Donc je me tourne vers vous, parce que de chez moi windows defender et Eset ne servent à rien, ils ont été comme qui dirait bloqué par ce truc. Voici le rapport de RCIT ======System event log====== Computer Name: PC-de-Camille Event Code: 1003 Message: Record Number: 219287 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20090828110041.000000-000 Event Type: Avertissement User: Computer Name: PC-de-Camille Event Code: 6 Message: Certaines fonctionnalités de gestion de l’alimentation relatives aux performances du processeur ont été désactivées en raison d’un problème connu avec le microprogramme. Contactez le fabricant de l’ordinateur pour obtenir la mise à jour du microprogramme. Record Number: 219281 Source Name: Microsoft-Windows-Kernel-Processor-Power Time Written: 20090828110025.328125-000 Event Type: Erreur User: AUTORITE NT\SYSTEM Computer Name: PC-de-Camille Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {06D581FC-88FC-4F85-8EB6-77C14C4845EB} Utilisateur : PC-de-Camille\Camille Nom : Unknown ID : ID de gravité : ID de catégorie : Chemin d’accès trouvé : regkey:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Classes\VirtualStore\MACHINE\Software\Microsoft\Internet Explorer\Extensions\{57E91B47-F40A-11D1-B792-444553540011};ieext:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Classes\VirtualStore\MACHINE\Software\Microsoft\Internet Explorer\Extensions\{57E91B47-F40A-11D1-B792-444553540011};file:C:\Program Files\Rapidown\rapidown.exe Type d’alerte : Logiciel non classifié Type de détection : Record Number: 219256 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090827213942.000000-000 Event Type: Avertissement User: Computer Name: PC-de-Camille Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {BDEC4094-4720-4CDE-97C8-B2F52CC99B87} Utilisateur : PC-de-Camille\Camille Nom : Unknown ID : ID de gravité : ID de catégorie : Chemin d’accès trouvé : regkey:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Microsoft\Internet Explorer\MenuExt\Download by Rapidown...;iemenuext:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Microsoft\Internet Explorer\MenuExt\Download by Rapidown...;file:C:\Program Files\Rapidown\rapidownGet.htm Type d’alerte : Logiciel non classifié Type de détection : Record Number: 219253 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090827213936.000000-000 Event Type: Avertissement User: Computer Name: PC-de-Camille Event Code: 3004 Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez. Pour plus d’informations, consultez les données suivantes : Non applicable ID d’analyse : {CCCE3420-CA2A-4060-94DC-CEEAD989F2E4} Utilisateur : PC-de-Camille\Camille Nom : Unknown ID : ID de gravité : ID de catégorie : Chemin d’accès trouvé : regkey:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all by Rapidown...;iemenuext:HKCU@S-1-5-21-769474302-834296891-2338562099-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all by Rapidown...;file:C:\Program Files\Rapidown\rapidownGetAll.htm Type d’alerte : Logiciel non classifié Type de détection : Record Number: 219252 Source Name: Microsoft-Windows-Windows Defender Time Written: 20090827213936.000000-000 Event Type: Avertissement User: =====Application event log===== Computer Name: PC-de-Camille Event Code: 1001 Message: Échec de détection du produit ‘{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}’, fonctionnalité ‘SoleFeature’ lors de la demande du composant ‘{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}’ Record Number: 749432 Source Name: MsiInstaller Time Written: 20081223161619.000000-000 Event Type: Avertissement User: PC-de-Camille\Camille Computer Name: PC-de-Camille Event Code: 1004 Message: Échec de détection du produit ‘{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}’, fonctionnalité ‘SoleFeature’, composant ‘{5CBB9EB4-66EE-4C74-BC81-99C193FE4830}. La ressource ‘C:\Program Files\Common Files\InstallShield\UpdateService\images\’ n’existe pas. Record Number: 749431 Source Name: MsiInstaller Time Written: 20081223161619.000000-000 Event Type: Avertissement User: PC-de-Camille\Camille Computer Name: PC-de-Camille Event Code: 1001 Message: Échec de détection du produit ‘{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}’, fonctionnalité ‘SoleFeature’ lors de la demande du composant ‘{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}’ Record Number: 749428 Source Name: MsiInstaller Time Written: 20081223160618.000000-000 Event Type: Avertissement User: PC-de-Camille\Camille Computer Name: PC-de-Camille Event Code: 1004 Message: Échec de détection du produit ‘{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}’, fonctionnalité ‘SoleFeature’, composant ‘{5CBB9EB4-66EE-4C74-BC81-99C193FE4830}. La ressource ‘C:\Program Files\Common Files\InstallShield\UpdateService\images\’ n’existe pas. Record Number: 749427 Source Name: MsiInstaller Time Written: 20081223160618.000000-000 Event Type: Avertissement User: PC-de-Camille\Camille Computer Name: PC-de-Camille Event Code: 1001 Message: Échec de détection du produit ‘{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}’, fonctionnalité ‘SoleFeature’ lors de la demande du composant ‘{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}’ Record Number: 749426 Source Name: MsiInstaller Time Written: 20081223160618.000000-000 Event Type: Avertissement User: PC-de-Camille\Camille =====Security event log===== Computer Name: PC-de-Camille Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CAMILLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-20 Nom du compte : SERVICE RÉSEAU Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e4 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x3a0 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 101865 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090507092530.421875-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Camille Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 101864 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090507092529.953125-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Camille Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CAMILLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x3a0 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 101863 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090507092529.953125-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Camille Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-CAMILLE$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x3a0 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 101862 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090507092529.953125-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Camille Event Code: 4902 Message: La table de stratégie d’audit par utilisateur a été créée. Nombre d’éléments : 0 ID de la stratégie : 0xfb3b Record Number: 101861 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090507092529.546875-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc "MOMINDUM_STUDIO_HOME"=C:\Program Files\Momindum Studio "MOMINDUM_STUDIO_ALL_USERS_PROFILE"=C:\ProgramData\Momindum Studio "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Camille at 2009-12-27 03:22:04 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 28 GB (10%) free of 293 GB Total RAM: 2047 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:22:20, on 27/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Winsudate\gibusr.exe C:\Windows\System32\mobsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Camille\AppData\Local\Temp\wscsvc32.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Camille\Documents\Downloads\Programs\RSIT.exe C:\Program Files\trend micro\Camille.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cherche.us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wibeez.com/meteo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cherche.us R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cherche.us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [richtx64.exe] C:\Users\Camille\AppData\Local\Temp\richtx64.exe O4 - HKCU\..\RunServices: [JavaWebTM,Inc] JavaWebInc.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Download with Rapget - C:\Users\Camille\AppData\Local\Temp\Rar$EX00.641\RapGet [Wawa-Mania][by i_love_sexe]\rapget.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Camille\scriptjava.html O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate1c99a591a621b8e) (gupdate1c99a591a621b8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe -- End of file - 16516 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Maintenance en 1 clic.job C:\Windows\tasks\Norton Security Scan for Camille.job C:\Windows\tasks\User_Feed_Synchronization-{A2DBF1D5-B50E-4141-86C8-BC35B5924552}.job C:\Windows\tasks\WebReg 20091226131932.job C:\Windows\tasks\WebReg 20091226131937.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-01-21 95664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-02 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-10 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-07-10 1098576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-13 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-15 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-13 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccec60fc-2608-4e58-9659-3ffc159e8ea9}] SHOUTcast Loader - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256] {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080] {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - SHOUTcast Radio Toolbar - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll [2008-09-17 1275176] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-13 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] ""= [] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-10 185896] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-16 2577840] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-12-16 88304] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] "richtx64.exe"=C:\Users\Camille\AppData\Local\Temp\richtx64.exe [2009-12-27 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-10-30 140568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-30 909208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-08-01 222592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe [2008-05-20 2474031] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-31 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] C:\Program Files\Internet Download Manager\idman .exe [2009-11-13 3171760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanzarL2007] C:\Users\Camille\AppData\Local\Temp\{4BCC7E8A-7677-4664-B364-87D6FB153215}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe /SETUP:/l0x040c [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Windows\system32\urqqRIca.dll,#1 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-05-15 54576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-05-10 214560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotterChat] C:\Program Files\SpotterChat\SpotterChat.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox] C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe /hideme [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-10 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe [2007-07-17 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-30 2595616] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-04-01 3587120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe [2006-12-14 7558720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2009-04-10 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Excentrix.lnk] C:\Windows\EXCENT~1\EXCENT~1.EXE [2000-09-27 237568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk] C:\PROGRA~1\OFFICE~1\OF2AAE~1\OOSTAR~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rapidown.lnk] C:\PROGRA~1\Rapidown\rapidown.exe [2007-09-26 1044992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Camille^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-04-30 3450608] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe C:\Users\Camille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-04-24 122880] Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll [2008-04-30 87320] StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll [2008-05-05 591128] Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll [2008-03-29 103848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32b870fb-c872-11de-89c6-0019dbadcdfa}] shell\AutoRun\command - "N:\WD SmartWare.exe" autoplay=true [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c60c19c-c758-11dd-b0f8-0019dbadcdfa}] shell\Auto\command - bittorrent.exe e shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d67efbc-ed59-11de-964b-0019dbadcdfa}] shell\Auto\command - E:\launcher.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{741bea7d-5bb3-11dc-a071-0019dbadcdfa}] shell\AutoRun\command - E:\filesystem/pagefile.exe shell\eXpLorE\command - E:\filesystem/pagefile.exe shell\oPen\command - E:\filesystem/pagefile.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{850cceb6-8d4e-11dd-860d-0019dbadcdfa}] shell\AutoRun\command - K:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e2c1a0-b200-11dc-8765-0019dbadcdfa}] shell\AutoRun\command - L:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-12-27 03:22:05 ----D---- C:\Program Files\trend micro 2009-12-27 03:22:04 ----D---- C:\rsit 2009-12-27 03:08:43 ----A---- C:\TDSSKiller.2.1.1_27.12.2009_03.08.43_log.txt 2009-12-27 02:36:20 ----D---- C:\Program Files\Malware Defense 2009-12-27 02:31:25 ----A---- C:\Windows\system32\krl32mainweq.dll 2009-12-27 02:30:24 ----A---- C:\Windows\system32\H8SRTxqqewurpdb.dll 2009-12-27 02:30:22 ----A---- C:\Windows\system32\H8SRTlxntwbgijk.dll 2009-12-27 02:29:21 ----A---- C:\ProgramData\sysReserve.ini 2009-12-26 11:38:00 ----D---- C:\Program Files\Micro Application 2009-12-20 17:22:58 ----D---- C:\Users\Camille\AppData\Roaming\MP-Manager 2009-12-20 17:21:58 ----D---- C:\Users\Camille\AppData\Roaming\MPMAN 2009-12-17 18:06:47 ----D---- C:\ProgramData\Real 2009-12-16 20:09:46 ----D---- C:\Users\Camille\AppData\Roaming\Icones 2009-12-16 20:09:46 ----D---- C:\Program Files\Winsudate 2009-12-12 12:18:42 ----A---- C:\Windows\system32\nshhttp.dll 2009-12-12 12:18:38 ----A---- C:\Windows\system32\httpapi.dll 2009-12-10 11:54:21 ----A---- C:\Windows\system32\winhttp.dll 2009-12-10 11:54:00 ----A---- C:\Windows\system32\wininet.dll 2009-12-10 11:53:58 ----A---- C:\Windows\system32\mshtml.dll 2009-12-10 11:53:57 ----A---- C:\Windows\system32\urlmon.dll 2009-12-10 11:53:50 ----A---- C:\Windows\system32\ieframe.dll 2009-12-10 11:53:48 ----A---- C:\Windows\system32\ieui.dll 2009-12-10 11:53:45 ----A---- C:\Windows\system32\ieencode.dll 2009-12-10 11:53:42 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-10 11:53:24 ----A---- C:\Windows\system32\rastls.dll 2009-11-28 22:45:01 ----A---- C:\Windows\system32\GEARAspi.dll 2009-11-28 22:43:52 ----D---- C:\Program Files\iPod 2009-11-28 22:43:50 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-11-28 22:43:50 ----D---- C:\Program Files\iTunes 2009-11-28 22:39:58 ----D---- C:\Program Files\QuickTime 2009-11-28 22:11:02 ----D---- C:\Program Files\Ashampoo ======List of files/folders modified in the last 1 months====== 2009-12-27 03:22:05 ----RD---- C:\Program Files 2009-12-27 03:09:22 ----D---- C:\Windows\Temp 2009-12-27 03:08:43 ----D---- C:\Windows\system32\drivers 2009-12-27 03:02:18 ----SHD---- C:\Windows\Installer 2009-12-27 03:02:14 ----HD---- C:\Config.Msi 2009-12-27 03:02:04 ----HD---- C:\Windows\inf 2009-12-27 03:02:04 ----D---- C:\Windows\system32\catroot 2009-12-27 02:51:35 ----D---- C:\Program Files\Mozilla Firefox 2009-12-27 02:44:51 ----D---- C:\Users\Camille\AppData\Roaming\dvdcss 2009-12-27 02:37:37 ----D---- C:\Windows\Prefetch 2009-12-27 02:36:36 ----D---- C:\Windows\Tasks 2009-12-27 02:34:47 ----D---- C:\Users\Camille\AppData\Roaming\DMCache 2009-12-27 02:31:25 ----D---- C:\Windows\System32 2009-12-27 02:29:21 ----D---- C:\ProgramData 2009-12-26 23:07:19 ----D---- C:\Users\Camille\AppData\Roaming\CoreFTP 2009-12-26 21:16:22 ----D---- C:\ProgramData\Google Updater 2009-12-26 13:19:37 ----D---- C:\Windows\system32\Tasks 2009-12-25 18:00:53 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-12-25 14:13:20 ----D---- C:\Users\Camille\AppData\Roaming\WinRAR 2009-12-25 02:53:13 ----D---- C:\Program Files\WinRAR 2009-12-25 02:41:16 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-24 17:44:03 ----D---- C:\Users\Camille\AppData\Roaming\Apple Computer 2009-12-23 19:32:02 ----D---- C:\Program Files\VST 2009-12-23 19:31:01 ----A---- C:\Windows\NeroDigital.ini 2009-12-23 19:24:50 ----D---- C:\Program Files\Steinberg 2009-12-23 18:50:39 ----D---- C:\Users\Camille\AppData\Roaming\Modartt 2009-12-21 18:18:59 ----A---- C:\Windows\system32\ssprs.dll 2009-12-21 18:18:59 ----A---- C:\Windows\system32\lsprst7.dll 2009-12-21 18:03:14 ----D---- C:\Program Files\AV Vcs 5.0 DIAMOND 2009-12-21 11:17:21 ----D---- C:\Users\Camille\AppData\Roaming\FreeFLVConverter 2009-12-20 13:10:46 ----D---- C:\Program Files\Google 2009-12-17 18:06:42 ----D---- C:\Users\Camille\AppData\Roaming\Real 2009-12-16 20:12:09 ----SHD---- C:\$RECYCLE.BIN 2009-12-13 12:28:02 ----D---- C:\Windows\rescache 2009-12-13 12:22:37 ----D---- C:\Windows\winsxs 2009-12-12 12:19:09 ----D---- C:\Windows\system32\catroot2 2009-12-11 11:06:11 ----D---- C:\Windows\system32\fr-FR 2009-12-11 11:06:11 ----D---- C:\Program Files\Windows Mail 2009-12-11 11:05:07 ----D---- C:\ProgramData\Microsoft Help 2009-12-11 11:04:22 ----RSD---- C:\Windows\assembly 2009-12-01 21:06:20 ----A---- C:\Windows\system32\mrt.exe 2009-11-30 10:35:20 ----D---- C:\Windows 2009-11-28 22:45:01 ----DC---- C:\Windows\system32\DRVSTORE 2009-11-28 22:43:51 ----D---- C:\Program Files\Common Files\Apple 2009-11-28 22:40:55 ----D---- C:\Program Files\Bonjour ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652] R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2008-10-03 44384] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-04 4303360] R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792] R3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] R3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2005-01-31 22016] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-25 47360] R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2004-04-01 10368] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712] R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R4 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [] R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [] R4 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [] R4 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [] R4 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [] S2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys [2001-04-09 17784] S3 ah4slt4s;ah4slt4s; C:\Windows\system32\drivers\ah4slt4s.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 MA_CMIDI;M-Audio USB Driver; C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 21888] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560] S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\Windows\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2006-11-23 18432] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 w200bus;Sony Ericsson W200 driver (WDM); C:\Windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-02 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2006-12-13 50688] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-30 427288] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-04 729088] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704] R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-19 166648] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720] R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-10-06 603904] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-12-16 70896] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-19 887544] S2 gupdate1c99a591a621b8e;Service Google Update (gupdate1c99a591a621b8e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-01 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe [2006-12-11 301816] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-01-19 310008] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-18 72704] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-06 654848] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-26 29744] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [2006-12-11 64248] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe [2007-09-11 184504] S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe [2007-09-11 1265856] S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632] S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-01-23 73728] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-10-06 362240] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] -----------------EOF----------------- Merci d'avance, et désolé encore, j'attends surtout les programmes qui pourraient m'enlever ce que je juge très louche dans la liste là...

J'ai la même...mais du coup j'ose pas démarrer un autre sujet, Falkra va craquer moralement mdr 2009-12-27 02:30:24 ----A---- C:\Windows\system32\H8SRTxqqewurpdb.dll 2009-12-27 02:30:22 ----A---- C:\Windows\system32\H8SRTlxntwbgijk.dll Yeeeeah je suppose que cette saloperie fut le début d'une longue série vu l'heure qui correspond pour mon cas. Bref bon courage pour toi titAdonf, perso je passerai embêter Falkra demain lol, là dodo.