Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 · le 29 juillet 2009

Bonsoir,

J'ai vraiment besoin de votre aide, depuis peu mon poste est infecté par un virus (rootkit ou trojan) et je n'arrive pas à m'en débarrassé.

C'est en téléchargeant une archive auto-extractable (winrar en sfx.exe) sur un site douteux que le problème est apparu.

Voici donc le message d'erreur de mon antivirus (ESET NOD32 Smart Security 4.0437.0) que j'ai en démarrant mon PC :

"Analyseur au démarrage mémoire vive Mémoire vive Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer"

J'ai déjà fait pas mal de ménage car au démarrage j'avais des écrans de warning qui apparaissaient de je ne sais pas quel logiciel spyware, puis maintenant il me reste que celà, mais impossible de l'éliminer.

Déjà fait sur mon poste : Spybot, Malwarebytes, Trojan Remover, Analyse NOD32, Analyse en ligne avec Panda, Bitdefender, Kaspersky... Mais le rootkit est toujours présent.

De l'aide SVP.

Merci et bonne soirée.

Falkra · le 29 juillet 2009

Bonsoir, bienvenue.

Messages : 1

Si jamais tu as besoin de quelques infos ou dun peu d'aide pour retrouver tes posts :

Je vais te demander 3 rapports, tu peux faire plusieurs posts à la suite ici.

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.

Télécharge Gmer.

Dézippe le dans un dossier ou sur ton bureau.

Double-clique sur Gmer.exe.

NB : Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'exécuter.

Clique sur l'onglet rootkit/malware (déjà actif).

A droite, coche Processes, Files , Registry et Services uniquement.

Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle son contenu dans ta prochaine réponse.

Christophe75015 · le 30 juillet 2009

Bonjour Falkra,

Et encore merci pour ta bienvenue et ton aide, voici donc les rapports comme tu me l'as demandé.

Rapport RSIT :

info.txt logfile of random's system information tool 1.06 2009-07-30 09:02:42

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}

Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}

Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}

Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUn040c.exe -f"e:\program files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"e:\program files\Canon\ScanGear Toolbox CS\uninst.dll"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDex extraction audio-->"F:\Audio\CDex\uninstall.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf

COWON S9 User's Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F41D847E-D635-4A60-B3CB-E08CFB24F1F9}\Setup.exe" -l0x9

DameWare NT Utilities-->MsiExec.exe /I{3FB6C2CA-D6FB-422D-80CB-F0B0A72CD382}

Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x40c ControlPanel

Exact Audio Copy 0.99pb5-->E:\Program Files\Exact Audio Copy\uninst.exe

FileZilla Client 3.1.1.1-->E:\Program Files\FileZilla FTP Client\uninstall.exe

FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe

FlashGet 1.9.6.1073-->E:\Program Files\FlashGet\uninst.exe

foobar2000 v0.9.6.7-->"E:\Program Files\foobar2000\uninstall.exe" _?=E:\Program Files\foobar2000

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

GeekBox-->"C:\Program Files\GeekBox\Désinstaller.exe"

GrabIt 1.7.2 Beta 4 (build 997)-->"F:\GrabIt\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HomePlayer 1.5.6b-->E:\Program Files\HomePlayer\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Mega Codec Pack 4.1.7-->"E:\Program Files\K-Lite Codec Pack\unins000.exe"

LClock-->"C:\Program Files\LClock\Désinstaller.exe"

LimeWire PRO 5.1.1-->"E:\Program Files\LimeWire\uninstall.exe"

Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe

LucasArts-->"C:\WINDOWS\LucasArts\uninstall.exe" "/U:E:\Program Files\LucasArts\Uninstall\uninstall.xml"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marsu-Fix-->C:\WINDOWS\Marsu-Fix Uninstaller.exe

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mio Technology SpeedCam Tool-->E:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove

MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5}

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}

mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"

Nero Move it-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M09-01AC-5TE3-KEU9-177W-C6E0-6KCT-2W4K"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}

Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}

Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_fre_web.exe

Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}

Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Package de pilotes Windows - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf

Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}

PeerGuardian 2.0-->"F:\PeerGuardian2\unins000.exe"

Picasa 3-->"E:\Program Files\Picasa3\Uninstall.exe"

POI Loader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B076678-4FDB-4EFD-A962-E5DF53A08DC5}\Setup.exe" -l0x40c

PokerStars-->"E:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

QuickPar 0.9-->E:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

RegSupreme Pro-->"C:\Program Files\RegSupreme Pro\unins000.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly

Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe"

SuperCopier2-->"E:\Program Files\SuperCopier2\SC2Uninst.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Taskix-->"C:\Program Files\Taskix\Désinstaller.exe"

Trojan Remover 6.7.9-->"E:\Program Files\Trojan Remover\unins000.exe"

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

UltraISO Premium V9.12-->"E:\Program Files\UltraISO\unins000.exe"

uTorrent-->"C:\Program Files\uTorrent\Désinstaller.exe"

VistaDriveIcon-->"C:\Program Files\VistaDriveIcon\Désinstaller.exe"

VLC media player 0.9.2-->E:\Program Files\VLC\uninstall.exe

WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}

WinAVI Video Converter 8.0-->"E:\Program Files\WinAVI Video Converter\unins000.exe"

Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Trust Anti-Pub-->"C:\WINDOWS\System32\Drivers\Etc\UnHosts.exe"

Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"

WinRAR-->"C:\Program Files\WinRAR\uninstall.exe"

WinRoll-->"C:\Program Files\WinRoll\Désinstaller.exe"

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

Wipe-->C:\PROGRA~1\Wipe\wipe.exe uninstall

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

XtremSplit-->"C:\Program Files\XtremSplit\Désinstaller.exe"

======Hosts File======

127.0.0.1 localhost

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 rad.msn.com

127.0.0.1 rad.live.com

127.0.0.1 ads1.msn.com

127.0.0.1 adfarm.mediaplex.com

127.0.0.1 101com.com

127.0.0.1 101order.com

127.0.0.1 103bees.com

127.0.0.1 1100i.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: MICROSOF-FF9156

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service pgfilter.

Record Number: 11432

Source Name: Service Control Manager

Time Written: 20090623185729.000000+120

Event Type: Informations

User: MICROSOF-FF9156\MALIK

Computer Name: MICROSOF-FF9156

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Pilote de filtre de trafic IP.

Record Number: 11431

Source Name: Service Control Manager

Time Written: 20090623185729.000000+120

Event Type: Informations

User: MICROSOF-FF9156\MALIK

Computer Name: MICROSOF-FF9156

Event Code: 4201

Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

Record Number: 11430

Source Name: Tcpip

Time Written: 20090623184131.000000+120

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 4201

Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

Record Number: 11429

Source Name: Tcpip

Time Written: 20090623184116.000000+120

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 4201

Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

Record Number: 11428

Source Name: Tcpip

Time Written: 20090623184101.000000+120

Event Type: Informations

User:

=====Application event log=====

Computer Name: MICROSOF-FF9156

Event Code: 0

Message:

Record Number: 3647

Source Name: EvtEng

Time Written: 20090209192110.000000+060

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 0

Message:

Record Number: 3646

Source Name: btwdins

Time Written: 20090209192110.000000+060

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 1000

Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

Record Number: 3645

Source Name: LoadPerf

Time Written: 20090208225210.000000+060

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 1001

Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.

Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système

et les dernières entrées du registre d'aide.

Record Number: 3644

Source Name: LoadPerf

Time Written: 20090208225210.000000+060

Event Type: Informations

User:

Computer Name: MICROSOF-FF9156

Event Code: 101

Message: MsnMsgr (2412) Le moteur de base de données est arrêté.

Record Number: 3643

Source Name: ESENT

Time Written: 20090208225034.000000+060

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\GTK\2.0\bin

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"LANG"=fr

-----------------EOF-----------------

Le 2éme :

Logfile of random's system information tool 1.06 (written by random/random)

Run by MALIK at 2009-07-30 09:02:11

Microsoft Windows XP Professionnel Service Pack 3, v.5755

System drive C: has 5 GB (35%) free of 15 GB

Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:02:40, on 30/07/2009

Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Taskix\Taskix32.exe

C:\Program Files\VistaDriveIcon\DrvIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\WinRoll\winroll.exe

C:\Program Files\LClock\LClock.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

E:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Documents and Settings\MALIK\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\MALIK.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start

O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe

O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [superCopier2.exe] E:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221945683140

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223209880015

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 9820 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

FlashGet GetFlash Class - E:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 124416]

"DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2008-04-13 49152]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]

"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]

"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]

"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]

"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2004-04-07 15360]

"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

"SuperCopier2.exe"=E:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

E:\Program Files\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

E:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

E:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

E:\Program Files\Trojan Remover\Trjscan.exe [2009-06-01 1059720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MALIK^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]

E:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe /Quick []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-22 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDesktopCleanupWizard"=1

"NoInstrumentation"=1

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoSMBalloonTip"=1

"NoSMConfigurePrograms"=1

"NoStartMenuMFUprogramsList"=1

"NoStrCmpLogical"=0

"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HideRunAsVerb"=

"NoDriveTypeAutoRun"=

"NoInstrumentation"=

"NoResolveTrack"=

"NoStartMenuMFUprogramsList"=

"HonorAutoRunSetting"=

"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fff82c-8f2c-11dd-b8f1-0018dee273b9}]

shell\AutoRun\command - H:\LiberKey\LiberKey.exe

shell\Menu1\command - H:\LiberKey\LiberKey.exe

======File associations======

.reg - edit -

.reg - open -

======List of files/folders created in the last 1 months======

2009-07-30 09:02:11 ----D---- C:\rsit

2009-07-30 09:02:11 ----D---- C:\Program Files\trend micro

2009-07-29 09:21:38 ----D---- C:\WINDOWS\Performance

2009-07-28 22:05:39 ----D---- C:\Documents and Settings\MALIK\Application Data\LucasArts

2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-07-28 22:03:31 ----D---- C:\WINDOWS\Logs

2009-07-28 21:57:57 ----D---- C:\WINDOWS\LucasArts

2009-07-27 03:05:25 ----D---- C:\Documents and Settings\MALIK\Application Data\AccurateRip

2009-07-27 01:03:13 ----D---- C:\Program Files\Panda Security

2009-07-25 22:44:31 ----D---- C:\WINDOWS\BDOSCAN8

2009-07-25 18:31:30 ----D---- C:\Program Files\UlisesSoft

2009-07-25 18:23:03 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-25 17:42:08 ----D---- C:\Documents and Settings\MALIK\Application Data\Malwarebytes

2009-07-25 17:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-25 17:42:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-24 22:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\13490464

2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\unacev2.dll

2009-07-24 22:18:02 ----D---- C:\Documents and Settings\MALIK\Application Data\Simply Super Software

2009-07-24 22:18:02 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2009-07-16 05:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-07-16 05:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-07-16 05:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

2009-07-16 03:32:02 ----D---- C:\WINDOWS\system32\IOSUBSYS

2009-07-16 03:32:01 ----D---- C:\Program Files\Google

2009-07-15 05:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData

2009-07-15 05:33:54 ----A---- C:\AdobeDebug.txt

2009-07-15 05:29:37 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsi64.exe

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpyi64.exe

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\px.dll

2009-07-12 18:02:27 ----D---- C:\Program Files\FLAC

2009-07-12 17:25:37 ----D---- C:\Documents and Settings\MALIK\Application Data\.easytag

2009-07-06 15:15:09 ----D---- C:\Program Files\Adobe Photoshop CS4 FR Portable - Majax31

======List of files/folders modified in the last 1 months======

2009-07-30 09:02:13 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-30 09:02:11 ----D---- C:\Program Files

2009-07-30 09:01:50 ----D---- C:\WINDOWS\Temp

2009-07-30 09:01:50 ----D---- C:\WINDOWS\system32

2009-07-29 21:32:28 ----D---- C:\Program Files\Mozilla Firefox

2009-07-29 21:32:05 ----D---- C:\WINDOWS

2009-07-29 09:56:26 ----D---- C:\WINDOWS\system32\dllcache

2009-07-29 09:56:25 ----D---- C:\Program Files\Internet Explorer

2009-07-29 09:56:17 ----D---- C:\WINDOWS\inf

2009-07-29 09:56:14 ----HD---- C:\WINDOWS\$hf_mig$

2009-07-29 09:56:08 ----SHD---- C:\WINDOWS\Installer

2009-07-29 09:56:08 ----D---- C:\WINDOWS\WinSxS

2009-07-28 22:05:01 ----D---- C:\WINDOWS\system32\DirectX

2009-07-28 22:03:51 ----D---- C:\WINDOWS\Microsoft.NET

2009-07-27 02:25:02 ----D---- C:\WINDOWS\Prefetch

2009-07-27 01:06:03 ----D---- C:\WINDOWS\system32\drivers

2009-07-25 23:43:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-25 23:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-25 23:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor

2009-07-25 22:44:34 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-07-25 22:33:56 ----SH---- C:\boot.ini

2009-07-25 22:33:56 ----N---- C:\WINDOWS\win.ini

2009-07-25 22:33:56 ----N---- C:\WINDOWS\system.ini

2009-07-24 22:14:43 ----D---- C:\WINDOWS\repair

2009-07-24 21:56:31 ----D---- C:\Documents and Settings\MALIK\Application Data\uTorrent

2009-07-24 17:21:43 ----D---- C:\Program Files\Windows Trust

2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll

2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-07-18 05:29:23 ----D---- C:\WINDOWS\Debug

2009-07-15 05:45:38 ----D---- C:\Documents and Settings\MALIK\Application Data\Adobe

2009-07-15 05:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs

2009-07-14 05:04:43 ----D---- C:\Documents and Settings\MALIK\Application Data\foobar2000

2009-07-09 05:32:57 ----HD---- C:\Program Files\InstallShield Installation Information

2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

2009-07-06 15:23:28 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll

2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\jsproxy.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll

2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-07-03 18:57:41 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2009-07-03 13:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2009-07-01 21:03:07 ----D---- C:\Program Files\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-22 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-22 14720]

R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-11 21361]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []

R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]

R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]

R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]

R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]

R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]

R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]

R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]

R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]

R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]

R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-08-22 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-22 10368]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]

R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-22 12288]

R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-08-22 79232]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]

S3 alck6oh7;alck6oh7; C:\WINDOWS\system32\drivers\alck6oh7.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-08-22 60800]

S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]

S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]

S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-08-22 61824]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 pgfilter;pgfilter; \??\F:\PeerGuardian2\pgfilter.sys []

S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-08-22 11904]

S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-08-22 11008]

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-08-22 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\MALIK\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-07-13 211216]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-31 604416]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-08-22 14336]

R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-08-22 14336]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-15 651720]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-31 361216]

S4 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S4 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]

S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]

S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 StarWindServiceAE;StarWind AE Service; E:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe []

S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Christophe75015 · le 30 juillet 2009

Et voici le rapport GMER :