jojom

Oui il tourne parfaitement. J' ai vérifier la ou se trouver le fichier il n'y est pu . J ' ai un passer un coup de Spybot et ccleaner rien a signaler merci

Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3828 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 06/03/2010 18:27:30 mbam-log-2010-03-06 (18-27-30).txt Type de recherche: Examen rapide Eléments examinés: 106068 Temps écoulé: 2 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Merci beaucoup rapide et efficace.

ComboFix 10-03-05.06 - moi 06/03/2010 17:45:58.4.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3582.2470 [GMT 1:00] Lancé depuis: c:\users\moi\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\moi\Desktop\CFscript.txt SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} file zipped: c:\windows\system32\Drivers\wehgscl.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Drivers\wehgscl.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WEHGSCL -------\Service_wehgscl ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 )))))))))))))))))))))))))))))))))))) . 2010-03-06 16:50 . 2010-03-06 16:52 -------- d-----w- c:\users\moi\AppData\Local\temp 2010-03-06 16:50 . 2010-03-06 16:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-06 16:50 . 2010-03-06 16:50 -------- d-----w- c:\users\maman\AppData\Local\temp 2010-03-06 16:50 . 2010-03-06 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-06 15:13 . 2010-03-06 15:14 -------- d-----w- C:\rsit 2010-03-06 14:39 . 2010-03-06 14:57 -------- d-----w- c:\program files\ZHPDiag 2010-03-06 13:44 . 2010-03-06 15:56 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-03-06 13:44 . 2010-03-06 14:02 -------- d-----w- c:\programdata\Hitman Pro 2010-03-06 13:44 . 2010-03-06 13:44 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-03-06 03:45 . 2010-03-06 03:45 -------- d-----w- C:\$AVG 2010-03-06 03:43 . 2010-03-06 03:43 -------- d-----w- c:\program files\AVG 2010-03-06 00:44 . 2010-03-06 00:44 -------- d-----w- C:\VundoFix Backups 2010-03-05 23:34 . 2010-03-05 23:34 -------- d-----w- c:\program files\Nexus 2010-03-05 17:10 . 2010-03-05 17:10 -------- d-----w- c:\users\moi\VstPlugins 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\users\moi\AppData\Roaming\Malwarebytes 2010-02-26 00:56 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\programdata\Malwarebytes 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-26 00:56 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-24 01:55 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-24 01:54 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-24 01:54 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2010-02-24 01:54 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-24 01:54 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-24 01:54 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-02-24 01:54 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-24 01:54 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-24 01:54 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-24 01:54 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-24 01:54 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-02-24 01:54 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-02-24 01:54 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-06 16:52 . 2008-10-28 22:25 -------- d-----w- c:\programdata\NVIDIA 2010-03-06 16:52 . 2009-08-16 13:04 87029 ----a-w- c:\programdata\nvModes.dat 2010-03-06 16:52 . 2008-12-04 17:29 -------- d-----w- c:\program files\Steam 2010-03-06 16:17 . 2006-11-02 15:48 683422 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-06 16:17 . 2006-11-02 15:48 127848 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-06 04:13 . 2008-11-15 01:23 -------- d-----w- c:\program files\Curse 2010-03-06 04:13 . 2008-10-15 14:00 -------- d-----w- c:\program files\World of Warcraft 2010-03-06 04:05 . 2010-03-06 03:52 691 ----a-w- c:\users\moi\AppData\Roaming\GetValue.vbs 2010-03-06 04:05 . 2010-03-06 03:52 35 ----a-w- c:\users\moi\AppData\Roaming\SetValue.bat 2010-03-06 04:05 . 2010-03-06 03:52 35 ----a-w- c:\users\moi\AppData\Roaming\SetValue.bat 2010-03-06 00:47 . 2008-11-01 15:00 -------- d-----w- c:\program files\CCleaner 2010-03-06 00:31 . 2008-11-21 19:46 -------- d-----w- c:\users\moi\AppData\Roaming\uTorrent 2010-03-05 14:33 . 2010-01-24 01:40 -------- d-----w- c:\users\moi\AppData\Roaming\vlc 2010-02-28 08:17 . 2008-10-28 19:28 56576 ----a-w- c:\users\moi\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-26 00:53 . 2008-12-09 15:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-14 08:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-11 14:33 . 2010-01-09 17:49 -------- d-----w- c:\users\moi\AppData\Roaming\Mumble 2010-02-02 15:43 . 2009-04-09 14:10 -------- d-----w- c:\users\moi\AppData\Roaming\dvdcss 2010-02-01 20:04 . 2008-11-15 14:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-27 19:04 . 2008-11-15 14:48 1 ----a-w- c:\users\moi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-24 08:16 . 2009-03-22 14:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 20:17 . 2010-01-20 20:17 -------- d-----w- c:\users\moi\AppData\Roaming\streamripper 2010-01-20 20:17 . 2008-10-29 17:47 -------- d-----w- c:\users\moi\AppData\Roaming\Winamp 2010-01-20 20:17 . 2010-01-20 20:17 -------- d-----w- c:\program files\Streamripper 2010-01-20 11:35 . 2008-10-29 00:11 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-20 11:32 . 2008-10-28 20:48 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-09 17:32 . 2010-01-09 17:32 -------- d-----w- c:\program files\Mumble 2010-01-06 15:38 . 2010-02-24 01:54 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 01:54 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 01:54 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 01:54 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-02 06:38 . 2010-01-22 08:57 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 08:57 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-22 08:57 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-22 08:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-11 11:43 . 2010-02-09 20:03 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-09 20:03 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 01:39 . 2009-09-24 00:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 20:01 . 2010-02-09 20:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-09 20:03 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-09 20:03 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-09 20:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2010-02-28 1217872] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] c:\users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2009-12-31 0] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TrayMin200.exe.lnk - c:\program files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2008-10-28 278528] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=myokent.dll "midi2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):82,70,b5,25,e8,f4,c9,01 R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [2008-05-12 17408] R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2008-06-04 95744] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-05-29 234864] R3 PL-40R;CASIO USB MIDI;c:\windows\system32\Drivers\pl40rwdm.sys [2004-10-01 18048] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2009-08-06 260608] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-24 108289] S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648] S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Examen supplémentaire ------- . FF - ProfilePath - c:\users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\moqphw04.default\ FF - prefs.js: browser.search.selectedEngine - Megaupload - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-06 17:53 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x864AF1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8cba3d24 \Driver\ACPI -> acpi.sys @ 0x8c20ed68 \Driver\atapi -> 0x864af1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\conime.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Razer\Diamondback\razertra.exe c:\program files\Razer\Diamondback\razerofa.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Heure de fin: 2010-03-06 17:59:06 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-06 16:59 ComboFix2.txt 2010-03-06 16:21 ComboFix3.txt 2010-03-06 03:14 ComboFix4.txt 2010-03-06 02:45 Avant-CF: 89 538 777 088 octets libres Après-CF: 89 174 347 776 octets libres - - End Of File - - D997F39F7ECDCD03206E371D16BC0F2B L'envoi a r‚ussi

ComboFix 10-03-05.06 - moi 06/03/2010 17:10:23.3.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3582.2531 [GMT 1:00] Lancé depuis: c:\users\moi\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 )))))))))))))))))))))))))))))))))))) . 2010-03-06 16:18 . 2010-03-06 16:19 -------- d-----w- c:\users\moi\AppData\Local\temp 2010-03-06 16:18 . 2010-03-06 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-06 16:18 . 2010-03-06 16:18 -------- d-----w- c:\users\maman\AppData\Local\temp 2010-03-06 16:18 . 2010-03-06 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-06 15:13 . 2010-03-06 15:14 -------- d-----w- C:\rsit 2010-03-06 14:39 . 2010-03-06 14:57 -------- d-----w- c:\program files\ZHPDiag 2010-03-06 13:44 . 2010-03-06 15:56 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-03-06 13:44 . 2010-03-06 14:02 -------- d-----w- c:\programdata\Hitman Pro 2010-03-06 13:44 . 2010-03-06 13:44 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-03-06 03:52 . 2010-03-06 04:05 35 ----a-w- c:\users\moi\AppData\Roaming\SetValue.bat 2010-03-06 03:45 . 2010-03-06 03:45 -------- d-----w- C:\$AVG 2010-03-06 03:43 . 2010-03-06 03:43 -------- d-----w- c:\program files\AVG 2010-03-06 00:44 . 2010-03-06 00:44 -------- d-----w- C:\VundoFix Backups 2010-03-05 23:34 . 2010-03-05 23:34 -------- d-----w- c:\program files\Nexus 2010-03-05 17:10 . 2010-03-05 17:10 -------- d-----w- c:\users\moi\VstPlugins 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\users\moi\AppData\Roaming\Malwarebytes 2010-02-26 00:56 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\programdata\Malwarebytes 2010-02-26 00:56 . 2010-02-26 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-26 00:56 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-24 01:55 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-24 01:54 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-24 01:54 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2010-02-24 01:54 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-24 01:54 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-24 01:54 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-02-24 01:54 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-24 01:54 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-24 01:54 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-24 01:54 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-24 01:54 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-02-24 01:54 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-02-24 01:54 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-06 16:17 . 2006-11-02 15:48 683422 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-06 16:17 . 2006-11-02 15:48 127848 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-06 16:09 . 2008-10-28 22:25 -------- d-----w- c:\programdata\NVIDIA 2010-03-06 15:56 . 2009-08-16 13:04 87029 ----a-w- c:\programdata\nvModes.dat 2010-03-06 15:56 . 2008-12-04 17:29 -------- d-----w- c:\program files\Steam 2010-03-06 04:13 . 2008-11-15 01:23 -------- d-----w- c:\program files\Curse 2010-03-06 04:13 . 2008-10-15 14:00 -------- d-----w- c:\program files\World of Warcraft 2010-03-06 04:05 . 2010-03-06 03:52 691 ----a-w- c:\users\moi\AppData\Roaming\GetValue.vbs 2010-03-06 00:47 . 2008-11-01 15:00 -------- d-----w- c:\program files\CCleaner 2010-03-06 00:31 . 2008-11-21 19:46 -------- d-----w- c:\users\moi\AppData\Roaming\uTorrent 2010-03-05 14:33 . 2010-01-24 01:40 -------- d-----w- c:\users\moi\AppData\Roaming\vlc 2010-02-28 08:17 . 2008-10-28 19:28 56576 ----a-w- c:\users\moi\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-26 00:53 . 2008-12-09 15:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-14 08:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-11 14:33 . 2010-01-09 17:49 -------- d-----w- c:\users\moi\AppData\Roaming\Mumble 2010-02-02 15:43 . 2009-04-09 14:10 -------- d-----w- c:\users\moi\AppData\Roaming\dvdcss 2010-02-01 20:04 . 2008-11-15 14:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-27 19:04 . 2008-11-15 14:48 1 ----a-w- c:\users\moi\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-24 08:16 . 2009-03-22 14:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 20:17 . 2010-01-20 20:17 -------- d-----w- c:\users\moi\AppData\Roaming\streamripper 2010-01-20 20:17 . 2008-10-29 17:47 -------- d-----w- c:\users\moi\AppData\Roaming\Winamp 2010-01-20 20:17 . 2010-01-20 20:17 -------- d-----w- c:\program files\Streamripper 2010-01-20 11:35 . 2008-10-29 00:11 -------- d-----w- c:\programdata\Messenger Plus! 2010-01-20 11:32 . 2008-10-28 20:48 -------- d-----w- c:\program files\Messenger Plus! Live 2010-01-09 17:32 . 2010-01-09 17:32 -------- d-----w- c:\program files\Mumble 2010-01-06 15:38 . 2010-02-24 01:54 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 01:54 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 01:54 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 01:54 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-02 06:38 . 2010-01-22 08:57 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 08:57 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-22 08:57 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-22 08:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-11 11:43 . 2010-02-09 20:03 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-09 20:03 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-11 01:39 . 2009-09-24 00:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-08 20:01 . 2010-02-09 20:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-09 20:03 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-09 20:03 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-09 20:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2010-02-28 1217872] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] c:\users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2009-12-31 0] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TrayMin200.exe.lnk - c:\program files\Philips\SPC 200NC PC Camera\TrayMin200.exe [2008-10-28 278528] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=myokent.dll "midi2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):82,70,b5,25,e8,f4,c9,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] R3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\Drivers\HDJCtrl.sys [2008-05-12 17408] R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2008-06-04 95744] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-05-29 234864] R3 PL-40R;CASIO USB MIDI;c:\windows\system32\Drivers\pl40rwdm.sys [2004-10-01 18048] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2009-08-06 260608] R3 ZDPSp60;ZDPSp60 NDIS Protocol Driver;c:\windows\system32\Drivers\ZDPSp60.sys [x] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-24 108289] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648] S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225] --- Autres Services/Pilotes en mémoire --- *Deregistered* - wehgscl [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Examen supplémentaire ------- . FF - ProfilePath - c:\users\moi\AppData\Roaming\Mozilla\Firefox\Profiles\moqphw04.default\ FF - prefs.js: browser.search.selectedEngine - Megaupload - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q= FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-06 17:19 Windows 6.0.6002 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wehgscl] . Heure de fin: 2010-03-06 17:21:36 ComboFix-quarantined-files.txt 2010-03-06 16:21 ComboFix2.txt 2010-03-06 03:14 ComboFix3.txt 2010-03-06 02:45 Avant-CF: 89 538 342 912 octets libres Après-CF: 89 507 713 024 octets libres - - End Of File - - 9C0F5789EFA04E56253A35CC8155DB6D

rien de bien méchant docteur ? ^^ Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-06 16:49:15 Windows 6.0.6002 Service Pack 2 Running: 9c4m2g9m.exe; Driver: C:\Users\moi\AppData\Local\Temp\ugtyypob.sys ---- System - GMER 1.0.15 ---- SSDT 9EF6CA54 ZwCreateThread SSDT 9EF6CA40 ZwOpenProcess SSDT 9EF6CA45 ZwOpenThread SSDT 9EF6CA4F ZwTerminateProcess INT 0x52 ? 8772CBF8 INT 0x52 ? 8772CBF8 INT 0x52 ? 8772CBF8 INT 0x52 ? 8772CBF8 INT 0x62 ? 8772CBF8 INT 0x72 ? 864ABBF8 INT 0x82 ? 864ABBF8 INT 0x92 ? 864ABBF8 INT 0x92 ? 864ABBF8 INT 0x92 ? 864AABF8 INT 0x92 ? 8772CBF8 INT 0x92 ? 864ABBF8 INT 0xA2 ? 8772CBF8 INT 0xA2 ? 8772CBF8 INT 0xA3 ? 8772CBF8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 82AE5984 4 Bytes [54, CA, F6, 9E] {PUSH ESP; RETF 0x9ef6} .text ntkrnlpa.exe!KeSetEvent + 3F1 82AE5B54 4 Bytes [40, CA, F6, 9E] {INC EAX; RETF 0x9ef6} .text ntkrnlpa.exe!KeSetEvent + 40D 82AE5B70 4 Bytes [45, CA, F6, 9E] {INC EBP; RETF 0x9ef6} .text ntkrnlpa.exe!KeSetEvent + 621 82AE5D84 4 Bytes [4F, CA, F6, 9E] {DEC EDI; RETF 0x9ef6} ? System32\Drivers\spdp.sys Le chemin d'accès spécifié est introuvable. ! ? System32\Drivers\wehgscl.sys Un périphérique attaché au système ne fonctionne pas correctement. ! .text USBPORT.SYS!DllUnload 8CB5241B 5 Bytes JMP 8772C1D8 .text a3n58mzw.SYS 8C76B000 22 Bytes [82, D3, A0, 82, 6C, D2, A0, ...] .text a3n58mzw.SYS 8C76B017 181 Bytes [00, 32, 47, 3A, 8C, 3D, 45, ...] .text a3n58mzw.SYS 8C76B0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text a3n58mzw.SYS 8C76B0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text a3n58mzw.SYS 8C76B0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!FindResourceExA 779E2575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!FindResourceA 779E2653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!CreateEventA 77A044C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!LockResource 77A068DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!FindResourceExW 77A069FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!LoadResource 77A06ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!FindResourceW 77A07FA1 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] kernel32.dll!SizeofResource 77A07FBF 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] ADVAPI32.dll!CryptDeriveKey 778FFCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] ADVAPI32.dll!CryptDecrypt 778FFE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!CreateDialogParamW 772772A2 5 Bytes JMP 28006090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!SetWindowPlacement 77277963 5 Bytes JMP 28005E10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!SetWindowRgn 7727A221 7 Bytes JMP 28005F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!LoadImageW 7727C9E5 5 Bytes JMP 280066E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!LoadIconW 7727DA9F 5 Bytes JMP 280068D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!CreateWindowExW 77281305 5 Bytes JMP 28003C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!GetWindowLongW 7728F8BF 7 Bytes JMP 28006A70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!PeekMessageW 7729045A 5 Bytes JMP 28004630 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!TrackPopupMenuEx 772A0CE7 5 Bytes JMP 28004F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] USER32.dll!MessageBoxIndirectW 772CD5D3 5 Bytes JMP 28006280 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] SHELL32.dll!Shell_NotifyIconW 767B8626 5 Bytes JMP 280033B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] ole32.dll!CoRegisterClassObject 76627DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] ole32.dll!CoCreateInstance 76669EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] ole32.dll!CoInitializeEx 7666AD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] WININET.dll!InternetReadFile 77AB654B 5 Bytes JMP 2800A090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] WININET.dll!InternetCloseHandle 77AB9088 5 Bytes JMP 2800A240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] WININET.dll!HttpOpenRequestA 77ABD508 5 Bytes JMP 28009F00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1908] WININET.dll!HttpSendRequestA 77ACEE89 5 Bytes JMP 2800A170 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 87748B50 Device \FileSystem\Ntfs \Ntfs 864B11F8 Device \FileSystem\fastfat \FatCdrom 8883A1F8 Device \FileSystem\udfs \UdfsCdRom 877351F8 Device \FileSystem\udfs \UdfsDisk 877351F8 Device \Driver\volmgr \Device\VolMgrControl 864AD1F8 Device \Driver\usbuhci \Device\USBPDO-0 874C11F8 Device \Driver\sptd \Device\390620351 spdp.sys Device \Driver\netbt \Device\NetBT_Tcpip_{BF287B4E-DB63-43C5-A67B-CA958A2F798D} 87E751F8 Device \Driver\usbuhci \Device\USBPDO-1 874C11F8 Device \Driver\usbuhci \Device\USBPDO-2 874C11F8 Device \Driver\usbehci \Device\USBPDO-3 8773E1F8 Device \Driver\usbuhci \Device\USBPDO-4 874C11F8 Device \Driver\usbuhci \Device\USBPDO-5 874C11F8 Device \Driver\usbuhci \Device\USBPDO-6 874C11F8 Device \Driver\volmgr \Device\HarddiskVolume1 864AD1F8 Device \Driver\usbehci \Device\USBPDO-7 8773E1F8 Device \Driver\cdrom \Device\CdRom0 87733500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 864AF1F8 Device \Driver\atapi \Device\Ide\IdePort0 864AF1F8 Device \Driver\atapi \Device\Ide\IdePort1 864AF1F8 Device \Driver\atapi \Device\Ide\IdePort2 864AF1F8 Device \Driver\atapi \Device\Ide\IdePort3 864AF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 864AF1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3 864AF1F8 Device \Driver\cdrom \Device\CdRom1 87733500 Device \Driver\cdrom \Device\CdRom2 87733500 Device \Driver\netbt \Device\NetBt_Wins_Export 87E751F8 Device \Driver\PCI_PNP0341 \Device\0000004b spdp.sys Device \Driver\Smb \Device\NetbiosSmb 87E781F8 Device \Driver\iScsiPrt \Device\RaidPort0 8774D1F8 Device \Driver\usbuhci \Device\USBFDO-0 874C11F8 Device \Driver\usbuhci \Device\USBFDO-1 874C11F8 Device \Driver\usbuhci \Device\USBFDO-2 874C11F8 Device \Driver\usbehci \Device\USBFDO-3 8773E1F8 Device \Driver\usbuhci \Device\USBFDO-4 874C11F8 Device \Driver\usbuhci \Device\USBFDO-5 874C11F8 Device \Driver\usbuhci \Device\USBFDO-6 874C11F8 Device \Driver\usbehci \Device\USBFDO-7 8773E1F8 Device \Driver\a3n58mzw \Device\Scsi\a3n58mzw1Port6Path0Target0Lun0 877491F8 Device \Driver\a3n58mzw \Device\Scsi\a3n58mzw1 877491F8 Device \Driver\JRAID \Device\Scsi\JRAID1 864B01F8 Device \FileSystem\fastfat \Fat 8883A1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 878CB1F8 ---- Services - GMER 1.0.15 ---- Service (*** hidden *** ) [bOOT] wehgscl <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0x89 0x61 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xF2 0x62 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x88 0x56 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x75 0x0E 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB5 0x49 0xC8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x6B 0x13 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\wehgscl@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wehgscl@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wehgscl@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wehgscl@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD0 0x89 0x61 0x63 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x32 0xF2 0x62 0xDE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF0 0x88 0x56 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x34 0x75 0x0E 0xE2 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0xB5 0x49 0xC8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x6B 0x13 0x43 ... Reg HKLM\SYSTEM\ControlSet003\Services\wehgscl@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\wehgscl@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\wehgscl@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\wehgscl@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ----

merci de ton aide voila les rapport info.txt logfile of random's system information tool 1.06 2010-03-06 16:14:06 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} ACID Pro 7.0-->MsiExec.exe /X{BFA5441E-B7E6-46F5-A15D-1B74707AE93A} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe Cool Record Edit Pro v7.3.1-->"C:\Program Files\Cool Record Edit Pro\unins000.exe" Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10 Curse Client-->C:\Program Files\Curse\uninstall.exe Deckadance-->C:\Program Files\VstPlugins\Deckadance\uninstall.exe Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/5 DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN FileZilla Client 3.1.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe" Flash Decompiler Trillix-->"C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe" Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ-->C:\PROGRA~1\GFORCE~1\MINIMO~1\UNWISE.EXE C:\PROGRA~1\GFORCE~1\MINIMO~1\INSTALL.LOG Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe Hercules DJ Products Series drivers-->C:\Program Files\InstallShield Installation Information\{33999F1F-EA46-4E55-A239-1BA803235396}\setup.exe -runfromtemp -l0x040c -removeonly HijackThis 2.0.2-->"C:\Users\moi\Desktop\HijackThis.exe" /uninstall Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JMicron JMB36X Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Kaspersky Online Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe Left 4 Dead Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/510 Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MIDI Yoke-->MsiExec.exe /I{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.5.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PartyPoker-->"C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log" Philips SPC 200NC PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2646FB-7BAC-451B-BF90-4889C4429C5E}\Setup.exe" -l0x40c PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Razer Diamondback-->C:\Program Files\InstallShield Installation Information\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}\setup.exe -runfromtemp -l0x0009 -removeonly Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly reFX Nexus 1.3.5-->"C:\Program Files\Nexus\unins000.exe" reFX Nexus 1.4.0-->"C:\Program Files\Image-Line\FL Studio 8\Plugins\VST\nexus\Nexus Content\Nexus\unins000.exe" Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe" SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~3\UNWISE.EXE C:\PROGRA~1\VIRTUA~3\INSTALL.LOG VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wow Cartographe 1.10-->C:\Program Files\WowCartographe\uninst.exe ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe" =====HijackThis Backups===== O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab [2010-03-06] O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [2010-03-06] O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [2010-03-06] O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [2010-03-06] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-03-06] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2010-03-06] O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe [2010-03-06] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2010-03-06] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2010-03-06] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-03-06] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local [2010-03-06] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2010-03-06] O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe [2010-03-06] O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe [2010-03-06] O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab [2010-03-06] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab [2010-03-06] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2010-03-06] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2010-03-06] O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [2010-03-06] O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2010-03-06] O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent [2010-03-06] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AS: Windows Defender (disabled) (outdated) ======System event log====== Computer Name: PC-de-moi Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 94915 Source Name: Microsoft-Windows-Servicing Time Written: 20090605125721.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-moi Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 94913 Source Name: Microsoft-Windows-Servicing Time Written: 20090605125721.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-moi Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 94818 Source Name: Microsoft-Windows-Servicing Time Written: 20090605125721.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-moi Event Code: 4376 Message: Servicing a requis un redémarrage pour terminer la définition du package KB936330(Service Pack) à l’état Installation demandée(Install Requested) Record Number: 94809 Source Name: Microsoft-Windows-Servicing Time Written: 20090605125720.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-moi Event Code: 10010 Message: Le serveur {752073A1-23F2-4396-85F0-8FDB879ED0ED} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Record Number: 94722 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090605125322.000000-000 Event Type: Erreur User: =====Application event log===== Computer Name: PC-de-moi Event Code: 8194 Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur. Opération : Données du rédacteur en cours de collecte Contexte : ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220} Nom du rédacteur: System Writer ID d’instance du rédacteur: {a274e260-8204-4e8d-bebc-7661bb826efa} Record Number: 121 Source Name: VSS Time Written: 20081028195917.000000-000 Event Type: Erreur User: Computer Name: PC-de-moi Event Code: 1000 Message: Application défailla Logfile of random's system information tool 1.06 (written by random/random) Run by moi at 2010-03-06 16:18:36 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 85 GB (28%) free of 305 GB Total RAM: 3582 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:44, on 06/03/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\VM_STI.EXE C:\Program Files\Razer\Diamondback\razerhid.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Steam\Steam.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Users\moi\Desktop\RSIT.exe C:\Users\moi\Desktop\moi.exe O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: CurseClientStartup.ccip O4 - Global Startup: TrayMin200.exe.lnk = ? O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 3452 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184] "BigDogPath"=C:\Windows\VM_STI.EXE [2004-06-09 40960] "Diamondback"=C:\Program Files\Razer\Diamondback\razerhid.exe [2007-02-14 147456] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=c:\program files\steam\steam.exe [2010-02-28 1217872] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup TrayMin200.exe.lnk - C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Users\moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup CurseClientStartup.ccip [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-03-06 16:13:56 ----D---- C:\rsit 2010-03-06 15:55:37 ----A---- C:\Windows\system32\PerfStringBackup.TMP_001 2010-03-06 15:40:57 ----A---- C:\Windows\system32\PerfStringBackup.TMP 2010-03-06 15:39:40 ----D---- C:\Program Files\ZHPDiag 2010-03-06 14:44:16 ----D---- C:\ProgramData\Hitman Pro 2010-03-06 14:44:13 ----D---- C:\Program Files\Hitman Pro 3.5 2010-03-06 05:02:48 ----D---- C:\Windows\Minidump 2010-03-06 04:52:49 ----A---- C:\Users\moi\AppData\Roaming\SetValue.bat 2010-03-06 04:52:49 ----A---- C:\Users\moi\AppData\Roaming\GetValue.vbs 2010-03-06 04:50:40 ----A---- C:\Windows\system32\tmp.txt 2010-03-06 04:50:27 ----A---- C:\Windows\system32\o4Patch.exe 2010-03-06 04:50:27 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2010-03-06 04:50:26 ----A---- C:\Windows\system32\IEDFix.C.exe 2010-03-06 04:50:26 ----A---- C:\Windows\system32\404Fix.exe 2010-03-06 04:50:25 ----A---- C:\Windows\system32\VACFix.exe 2010-03-06 04:50:24 ----A---- C:\Windows\system32\WS2Fix.exe 2010-03-06 04:50:24 ----A---- C:\Windows\system32\IEDFix.exe 2010-03-06 04:50:23 ----A---- C:\Windows\system32\VCCLSID.exe 2010-03-06 04:50:23 ----A---- C:\Windows\system32\swxcacls.exe 2010-03-06 04:50:22 ----A---- C:\Windows\system32\swsc.exe 2010-03-06 04:50:22 ----A---- C:\Windows\system32\SrchSTS.exe 2010-03-06 04:50:22 ----A---- C:\Windows\system32\dumphive.exe 2010-03-06 04:50:21 ----A---- C:\Windows\system32\swreg.exe 2010-03-06 04:50:20 ----A---- C:\Windows\system32\Process.exe 2010-03-06 04:45:04 ----HD---- C:\$AVG 2010-03-06 04:43:59 ----D---- C:\Program Files\AVG 2010-03-06 04:14:09 ----SHD---- C:\$RECYCLE.BIN 2010-03-06 04:14:07 ----D---- C:\Windows\temp 2010-03-06 04:14:06 ----A---- C:\ComboFix.txt 2010-03-06 04:00:53 ----D---- C:\ComboFix 2010-03-06 04:00:36 ----A---- C:\Windows\SWXCACLS.exe 2010-03-06 03:51:18 ----D---- C:\Avenger 2010-03-06 03:51:17 ----A---- C:\avenger.txt 2010-03-06 03:33:03 ----A---- C:\Windows\zip.exe 2010-03-06 03:33:03 ----A---- C:\Windows\SWSC.exe 2010-03-06 03:33:03 ----A---- C:\Windows\SWREG.exe 2010-03-06 03:33:03 ----A---- C:\Windows\sed.exe 2010-03-06 03:33:03 ----A---- C:\Windows\PEV.exe 2010-03-06 03:33:03 ----A---- C:\Windows\NIRCMD.exe 2010-03-06 03:33:03 ----A---- C:\Windows\MBR.exe 2010-03-06 03:33:03 ----A---- C:\Windows\grep.exe 2010-03-06 03:32:54 ----D---- C:\Windows\ERDNT 2010-03-06 03:30:42 ----D---- C:\Qoobox 2010-03-06 01:44:16 ----D---- C:\VundoFix Backups 2010-03-06 01:44:16 ----A---- C:\VundoFix.txt 2010-03-06 00:34:20 ----D---- C:\Program Files\Nexus 2010-02-26 01:56:45 ----D---- C:\Users\moi\AppData\Roaming\Malwarebytes 2010-02-26 01:56:33 ----D---- C:\ProgramData\Malwarebytes 2010-02-26 01:56:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-24 02:55:42 ----A---- C:\Windows\system32\jscript.dll 2010-02-24 02:55:36 ----A---- C:\Windows\system32\tzres.dll 2010-02-24 02:54:50 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-24 02:54:50 ----A---- C:\Windows\system32\secproc.dll 2010-02-24 02:54:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-24 02:54:49 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-24 02:54:49 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-24 02:54:49 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-24 02:54:49 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-24 02:54:49 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-24 02:54:49 ----A---- C:\Windows\system32\msdrm.dll 2010-02-24 02:54:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2010-02-24 02:54:45 ----A---- C:\Windows\system32\gameux.dll 2010-02-24 02:54:45 ----A---- C:\Windows\system32\Apphlpdm.dll 2010-02-09 21:03:32 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-09 21:03:32 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-09 21:03:25 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\quartz.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\msyuv.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\msrle32.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-09 21:03:25 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-09 21:03:24 ----A---- C:\Windows\system32\avifil32.dll ======List of files/folders modified in the last 1 months====== 2010-03-06 16:14:05 ----D---- C:\Windows\Prefetch 2010-03-06 16:11:41 ----D---- C:\Windows\system32\drivers 2010-03-06 16:11:41 ----D---- C:\Windows\Microsoft.NET 2010-03-06 15:55:37 ----D---- C:\Windows\System32 2010-03-06 15:51:05 ----D---- C:\Program Files\Mozilla Firefox 2010-03-06 15:49:27 ----D---- C:\ProgramData\NVIDIA 2010-03-06 15:49:20 ----D---- C:\Program Files\Steam 2010-03-06 15:39:40 ----RD---- C:\Program Files 2010-03-06 15:33:11 ----A---- C:\Windows\ntbtlog.txt 2010-03-06 15:31:22 ----D---- C:\Windows\Tasks 2010-03-06 15:25:56 ----D---- C:\Windows\inf 2010-03-06 15:25:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-06 14:44:16 ----D---- C:\ProgramData 2010-03-06 14:44:14 ----D---- C:\Windows\system32\Tasks 2010-03-06 14:32:09 ----SHD---- C:\System Volume Information 2010-03-06 14:08:01 ----SD---- C:\Users\moi\AppData\Roaming\Microsoft 2010-03-06 14:08:01 ----D---- C:\Windows 2010-03-06 05:13:14 ----D---- C:\Program Files\World of Warcraft 2010-03-06 05:13:14 ----D---- C:\Program Files\Curse 2010-03-06 05:07:33 ----A---- C:\rapport.txt 2010-03-06 04:43:44 ----SHD---- C:\Windows\Installer 2010-03-06 04:43:43 ----D---- C:\Windows\winsxs 2010-03-06 04:11:41 ----A---- C:\Windows\system.ini 2010-03-06 04:08:30 ----D---- C:\Windows\AppPatch 2010-03-06 04:08:29 ----D---- C:\Program Files\Common Files 2010-03-06 03:24:55 ----SD---- C:\Windows\Downloaded Program Files 2010-03-06 02:56:42 ----D---- C:\Windows\schemas 2010-03-06 02:40:23 ----D---- C:\Windows\RaidTool 2010-03-06 02:29:42 ----D---- C:\Windows\twain_32 2010-03-06 02:29:42 ----D---- C:\Windows\Provisioning 2010-03-06 01:47:16 ----D---- C:\Program Files\CCleaner 2010-03-06 01:34:26 ----D---- C:\Windows\LiveKernelReports 2010-03-06 01:31:33 ----D---- C:\Users\moi\AppData\Roaming\uTorrent 2010-03-06 01:29:53 ----D---- C:\Windows\PLA 2010-03-05 15:33:14 ----D---- C:\Users\moi\AppData\Roaming\vlc 2010-02-28 09:32:59 ----D---- C:\Windows\rescache 2010-02-28 09:17:43 ----D---- C:\Windows\system32\catroot2 2010-02-28 09:15:27 ----D---- C:\Windows\system32\fr-FR 2010-02-28 09:15:25 ----RSD---- C:\Windows\Fonts 2010-02-26 10:40:21 ----D---- C:\Windows\system32\catroot 2010-02-26 01:53:01 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-02-14 09:15:33 ----D---- C:\Program Files\Windows Mail 2010-02-11 15:33:19 ----D---- C:\Users\moi\AppData\Roaming\Mumble ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-09-24 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-11 56816] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216] R3 Razerlow;Razerlow USB Filter Driver; C:\Windows\System32\Drivers\Razerlow.sys [2005-04-24 13225] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-10-28 133120] S3 a3n58mzw;a3n58mzw; C:\Windows\system32\drivers\a3n58mzw.sys [] S3 catchme;catchme; \??\C:\Users\moi\AppData\Local\Temp\catchme.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-29 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 HDJCtrl;Hercules DJ Control MP3 Service; C:\Windows\System32\Drivers\HDJCtrl.sys [2008-05-12 17408] S3 HDJMidi;Hercules DJ Control MP3 MIDI; C:\Windows\system32\DRIVERS\HDJMidi.sys [2008-06-04 95744] S3 LoopBeMidi1;nerds.de LoopBe1 - Internal Midi Port SvcDesc(WDM); C:\Windows\system32\drivers\loopbe1.sys [] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 PL-40R;CASIO USB MIDI; C:\Windows\System32\Drivers\pl40rwdm.sys [2004-10-01 18048] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver; C:\Windows\system32\DRIVERS\WlanUZXP.sys [2009-08-06 260608] S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] S3 ZDPSp60;ZDPSp60 NDIS Protocol Driver; C:\Windows\System32\Drivers\ZDPSp60.sys [] S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2005-02-26 91527] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-11 611664] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-09-24 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-24 185089] R2 HerculesDJControlMP3;Hercules DJ Control MP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-10-29 316664] -----------------EOF-----------------

Après avoir effectuer un scan avec malwarbytes il a détecter C:\Windows\system32\Drivers\wehgscl.sys (Rootkit.Agent) il mais impossible de le supprimer même en mode sans echec . Quel logiciel pour me débarrasser de lui merci je tourne sous vista