chimay

Merci mille fois pour votre aide !

Bonsoir. Effectivement, ça va mieux ! Après la manip' "restauration système", j'ai vérifié les mises à jour ; java en avait besoin. Je saurai dorénavant qu'il est souhaitable de le faire régulièrement Question : dois-je (ou puis-je) vider la quarantaine de MBAM ?

Ca y est, j'ai réussi à installer et lancer MBAM, dont voici le rapport (je n'ai pas vidé la quarantaine) : Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3468 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 02/01/2010 01:58:11 mbam-log-2010-01-02 (01-58-11).txt Type de recherche: Examen complet (C:\|F:\|G:\|) Eléments examinés: 284402 Temps écoulé: 2 hour(s), 21 minute(s), 19 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 16 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Steinberg\WaveLab\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Program Files\Cycling '74\MaxMSP 4.5\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Malware Defense\mdefense.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Malware Defense\mdext.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Malware Defense\uninstall.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTipjlcounqm.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnoeqkexlsr.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTswaipsoddj.sys.vir (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259261.sys (Malware.Packer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259262.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259263.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259330.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259331.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{78E24CB3-7343-475B-86CB-990C20720B42}\RP1399\A0259332.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\Frank\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully. Celui d'HijackThis lancé ensuite : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25:00, on 02/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\DeezRip\DeezRipSvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Borland\IntrBase\BIN\ibserver.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Frank\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v0.battle-arenas.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - *{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [interBase Server] "C:\Program Files\Borland\IntrBase\BIN\ibserver.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'FRANCK') O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe (User 'FRANCK') O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'FRANCK') O4 - HKUS\S-1-5-21-1844237615-113007714-725345543-1004\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (User 'FRANCK') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1844237615-113007714-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'FRANCK') O4 - S-1-5-21-1844237615-113007714-725345543-1004 User Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'FRANCK') O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\MSINF16H.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://v0.battle-arenas.net O15 - Trusted Zone: http://www.battle-arenas.net O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9597CD35-4BEE-4CF5-9960-4805B70D397B}: NameServer = 86.64.145.147 84.103.237.147 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: DeezRip service (DeezRipSvc) - Unknown owner - C:\Program Files\DeezRip\DeezRipSvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 11802 bytes

Merci pour l'aide. J'ai lancé load_tdsskiller dont le rapport est ci-dessous. Après redémarrage, MBAM ne se lance toujours pas. J'ai réexécuté Rkill. 14:49:24:015 4064 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 14:49:24:015 4064 ================================================================================ 14:49:24:015 4064 SystemInfo: 14:49:24:015 4064 OS Version: 5.1.2600 ServicePack: 3.0 14:49:24:015 4064 Product type: Workstation 14:49:24:015 4064 ComputerName: ATHLON 14:49:24:015 4064 UserName: Frank 14:49:24:015 4064 Windows directory: C:\WINDOWS 14:49:24:015 4064 Processor architecture: Intel x86 14:49:24:015 4064 Number of processors: 1 14:49:24:015 4064 Page size: 0x1000 14:49:24:015 4064 Boot type: Normal boot 14:49:24:015 4064 ================================================================================ 14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2 14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2 14:49:24:015 4064 ForceUnloadDriver: NtUnloadDriver error 2 14:49:24:015 4064 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 14:49:24:015 4064 main: Driver KLMD successfully dropped 14:49:24:015 4064 main: Driver KLMD successfully loaded 14:49:24:015 4064 Scanning Registry ... 14:49:24:015 4064 ScanServices: Searching service UACd.sys 14:49:24:015 4064 ScanServices: Open/Create key error 2 14:49:24:015 4064 ScanServices: Searching service TDSSserv.sys 14:49:24:015 4064 ScanServices: Open/Create key error 2 14:49:24:015 4064 ScanServices: Searching service gaopdxserv.sys 14:49:24:015 4064 ScanServices: Open/Create key error 2 14:49:24:015 4064 ScanServices: Searching service gxvxcserv.sys 14:49:24:015 4064 ScanServices: Open/Create key error 2 14:49:24:015 4064 ScanServices: Searching service MSIVXserv.sys 14:49:24:015 4064 ScanServices: Open/Create key error 2 14:49:24:015 4064 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000 14:49:24:015 4064 UnhookRegistry: Kernel local addr: B80000 14:49:24:015 4064 UnhookRegistry: KeServiceDescriptorTable addr: C03220 14:49:24:015 4064 UnhookRegistry: KiServiceTable addr: B8B6A8 14:49:24:015 4064 UnhookRegistry: NtEnumerateKey service number (local): 47 14:49:24:015 4064 UnhookRegistry: NtEnumerateKey local addr: C1C5A4 14:49:24:031 4064 KLMD_OpenDevice: Trying to open KLMD device 14:49:24:031 4064 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 14:49:24:031 4064 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4] 14:49:24:031 4064 UnhookRegistry: NtEnumerateKey service number (kernel): 47 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4] 14:49:24:031 4064 UnhookRegistry: NtEnumerateKey real addr: 805735A4 14:49:24:031 4064 UnhookRegistry: NtEnumerateKey calc addr: 805735A4 14:49:24:031 4064 UnhookRegistry: No SDT hooks found on NtEnumerateKey 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA] 14:49:24:031 4064 UnhookRegistry: No splicing found on NtEnumerateKey 14:49:24:031 4064 Scanning Kernel memory ... 14:49:24:031 4064 KLMD_OpenDevice: Trying to open KLMD device 14:49:24:031 4064 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 14:49:24:031 4064 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 14:49:24:031 4064 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 842B6A08 14:49:24:031 4064 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects 14:49:24:031 4064 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 830CB9F0 14:49:24:031 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 830CB9F0 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x830CB9F0[0x38] 14:49:24:031 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B6A08 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B6A08[0xA8] 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0xE10100C0[0x208] 14:49:24:031 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 14:49:24:031 4064 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 14:49:24:031 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 14:49:24:031 4064 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 14:49:24:031 4064 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 14:49:24:031 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler ( addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 14:49:24:031 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 14:49:24:031 4064 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 14:49:24:031 4064 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 14:49:24:031 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 14:49:24:031 4064 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 14:49:24:031 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 14:49:24:031 4064 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 14:49:24:031 4064 KLMD_ReadMem: DeviceIoControl error 1 14:49:24:031 4064 TDL3_StartIoHookDetect: Unable to get StartIo handler code 14:49:24:031 4064 TDL3_FileDetect: Processing driver: Disk 14:49:24:031 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 14:49:24:031 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 14:49:24:031 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 14:49:24:062 4064 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8431CC68 14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431CC68 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x8431CC68[0x38] 14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B6A08 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B6A08[0xA8] 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0xE10100C0[0x208] 14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 14:49:24:062 4064 DetectCureTDL3: IrpHandler (0) addr: BA10EBB0 14:49:24:062 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (2) addr: BA10EBB0 14:49:24:062 4064 DetectCureTDL3: IrpHandler (3) addr: BA108D1F 14:49:24:062 4064 DetectCureTDL3: IrpHandler (4) addr: BA108D1F 14:49:24:062 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler ( addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (9) addr: BA1092E2 14:49:24:062 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (14) addr: BA1093BB 14:49:24:062 4064 DetectCureTDL3: IrpHandler (15) addr: BA10CF28 14:49:24:062 4064 DetectCureTDL3: IrpHandler (16) addr: BA1092E2 14:49:24:062 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (22) addr: BA10AC82 14:49:24:062 4064 DetectCureTDL3: IrpHandler (23) addr: BA10F99E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 14:49:24:062 4064 KLMD_ReadMem: DeviceIoControl error 1 14:49:24:062 4064 TDL3_StartIoHookDetect: Unable to get StartIo handler code 14:49:24:062 4064 TDL3_FileDetect: Processing driver: Disk 14:49:24:062 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 14:49:24:062 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 14:49:24:062 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8431EAB8 14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431EAB8 14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 843C19E8 14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C19E8 14:49:24:062 4064 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 842B8B00 14:49:24:062 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 842B8B00 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B8B00[0x38] 14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B9918 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B9918[0xA8] 14:49:24:062 4064 KLMD_ReadMem: Trying to ReadMemory 0xE1010F20[0x208] 14:49:24:062 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 14:49:24:062 4064 DetectCureTDL3: IrpHandler (0) addr: B9F0EB40 14:49:24:062 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 14:49:24:062 4064 DetectCureTDL3: IrpHandler (2) addr: B9F0EB40 14:49:24:062 4064 DetectCureTDL3: IrpHandler (3) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (4) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler ( addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (14) addr: B9F0EB40 14:49:24:078 4064 DetectCureTDL3: IrpHandler (15) addr: B9F0EB40 14:49:24:078 4064 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (22) addr: B9F0EB40 14:49:24:078 4064 DetectCureTDL3: IrpHandler (23) addr: B9F0EB40 14:49:24:078 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 14:49:24:078 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 14:49:24:078 4064 KLMD_ReadMem: Trying to ReadMemory 0xB9F0C864[0x400] 14:49:24:078 4064 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 14:49:24:078 4064 TDL3_FileDetect: Processing driver: atapi 14:49:24:078 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 14:49:24:078 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 14:49:24:078 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8431E030 14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8431E030 14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 843C3F18 14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C3F18 14:49:24:093 4064 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 843C0940 14:49:24:093 4064 KLMD_GetLowerDeviceObject: Trying to get lower device object for 843C0940 14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0x843C0940[0x38] 14:49:24:093 4064 DetectCureTDL3: DRIVER_OBJECT addr: 842B9918 14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0x842B9918[0xA8] 14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0xE1010F20[0x208] 14:49:24:093 4064 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 14:49:24:093 4064 DetectCureTDL3: IrpHandler (0) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (1) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (2) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (3) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (4) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (5) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (6) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (7) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler ( addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (9) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (10) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (11) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (12) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (13) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (14) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (15) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (16) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (17) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (18) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (19) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (20) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (21) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (22) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (23) addr: B9F0EB40 14:49:24:093 4064 DetectCureTDL3: IrpHandler (24) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (25) addr: 804FA87E 14:49:24:093 4064 DetectCureTDL3: IrpHandler (26) addr: 804FA87E 14:49:24:093 4064 KLMD_ReadMem: Trying to ReadMemory 0xB9F0C864[0x400] 14:49:24:093 4064 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0 14:49:24:093 4064 TDL3_FileDetect: Processing driver: atapi 14:49:24:093 4064 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 14:49:24:093 4064 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 14:49:24:093 4064 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 14:49:24:093 4064 Completed Results: 14:49:24:093 4064 Infected objects in memory: 0 14:49:24:093 4064 Cured objects in memory: 0 14:49:24:093 4064 Infected objects on disk: 0 14:49:24:093 4064 Objects on disk cured on reboot: 0 14:49:24:093 4064 Objects on disk deleted on reboot: 0 14:49:24:093 4064 Registry nodes deleted on reboot: 0 14:49:24:093 4064

Bonjour à tous, et bonne année 2010 ! Le titre de mon sujet est assez explicite : Malware Defense s'est installé, m'a viré AVG, et je n'arrive pas à m'en débarrasser... Avant de vous embêter, j'ai bien essayé de nettoyer mon PC par moi-même en suivant les méthodes décrites dans le sujet "Malware Defense" de Gropaké : J'ai fait un scan HijackThis, lancé l'outil rkill (de Grinler), j'ai pu ensuite télécharger Malwarebytes' Anti-Malware (MBAM) mais impossible de le lancer, ce qui est, selon Falkra, un symptôme. Je m'en remets donc à vous : voici le rapport d'HijackThis. D'avance merci pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:47:11, on 01/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DeezRip\DeezRipSvc.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Borland\IntrBase\BIN\ibserver.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\DOCUME~1\Frank\LOCALS~1\Temp\settdebugx.exe C:\Program Files\Malware Defense\mdefense.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\devldr32.exe C:\DOCUME~1\Frank\LOCALS~1\Temp\wscsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Frank\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v0.battle-arenas.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - *{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [interBase Server] "C:\Program Files\Borland\IntrBase\BIN\ibserver.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\Frank\LOCALS~1\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\MSINF16H.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://v0.battle-arenas.net O15 - Trusted Zone: http://www.battle-arenas.net O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9597CD35-4BEE-4CF5-9960-4805B70D397B}: NameServer = 86.64.145.141 84.103.237.141 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: DeezRip service (DeezRipSvc) - Unknown owner - C:\Program Files\DeezRip\DeezRipSvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 10906 bytes