Je n'arrive pas à me débarrasser d'un Trojan[résolu]

Bonjour,

• Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
• Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
• Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
• Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
• Sélectionne Exécuter un examen rapide.
• Clique sur Rechercher. L'analyse démarre.
• A la fin de l'analyse, un message s'affiche :

• Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
• Ferme tes navigateurs.
• Si des malwares ont été détectés, clique sur Afficher les résultats.
• Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

• Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Je vais vérifier autrement.

• Relance MBAM, va dans Quarantaine et supprime tout.

• Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
• Clique droit sur catchme.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
• Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)

Tu peux supprimer Catchme.

• Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
• Double-clique sur RSIT.exe afin de lancer le programme.

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

• Clique sur Continue à l'écran Disclaimer.
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

• Désinstalle les programmes suivants :

- Java 6 Update 10
- Java 6 Update 2
- Java 6 Update 3
- Java 6 Update 5

• Supprime les traces d'AVG avec ceci.

• Refais un scan RSIT et poste le rapport log.

ca été bcp plus vite, tout ca à cause de java et de avg ???

voici le log

Logfile of random's system information tool 1.06 (written by random/random)
Run by laurent at 2009-05-03 18:29:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 41 GB (31%) free of 131 GB
Total RAM: 2047 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:34, on 03/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\laurent\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\laurent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7475 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
"Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe


======List of files/folders created in the last 1 months======

2009-05-03 17:34:28 ----D---- C:\rsit
2009-05-03 14:27:26 ----D---- C:\Windows\temp
2009-05-03 14:19:09 ----D---- C:\ComboFix
2009-05-03 14:19:08 ----A---- C:\Windows\system32\CF7448.exe
2009-05-03 12:07:00 ----A---- C:\Windows\PSEXESVC.EXE
2009-05-03 12:05:24 ----A---- C:\Windows\zip.exe
2009-05-03 12:05:24 ----A---- C:\Windows\vFind.exe
2009-05-03 12:05:24 ----A---- C:\Windows\SWREG.exe
2009-05-03 12:05:24 ----A---- C:\Windows\NIRCMD.exe
2009-05-03 12:05:23 ----A---- C:\Windows\SWXCACLS.exe
2009-05-03 12:05:23 ----A---- C:\Windows\SWSC.exe
2009-05-03 12:05:23 ----A---- C:\Windows\sed.exe
2009-05-03 12:05:23 ----A---- C:\Windows\grep.exe
2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
2009-05-03 12:04:38 ----A---- C:\Windows\system32\swsc.exe
2009-05-03 12:04:28 ----D---- C:\Qoobox
2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
2009-05-01 00:40:11 ----A---- C:\Windows\ntbtlog.txt
2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
2009-04-16 10:45:35 ----D---- C:\ProgramData\is-3CCN3
2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-05-03 18:27:09 ----SHD---- C:\Windows\Installer
2009-05-03 18:27:09 ----SHD---- C:\Config.Msi
2009-05-03 18:26:48 ----D---- C:\Windows\System32
2009-05-03 18:26:17 ----SHD---- C:\System Volume Information
2009-05-03 18:24:45 ----D---- C:\Program Files\Java
2009-05-03 18:24:44 ----D---- C:\Program Files\Common Files
2009-05-03 15:18:25 ----D---- C:\Windows\inf
2009-05-03 15:18:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-03 15:12:15 ----D---- C:\Windows\system32\drivers
2009-05-03 15:08:08 ----A---- C:\Windows\system32\xcomm.dll
2009-05-03 15:06:16 ----D---- C:\Windows
2009-05-03 15:00:08 ----D---- C:\ProgramData\BitDefender
2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-03 14:54:19 ----HD---- C:\ProgramData
2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
2009-05-03 14:27:36 ----A---- C:\Windows\system.ini
2009-05-03 14:23:57 ----D---- C:\Windows\AppPatch
2009-05-03 14:19:08 ----D---- C:\Windows\system32\fr-FR
2009-05-03 14:16:52 ----AD---- C:\ProgramData\TEMP
2009-05-03 12:08:09 ----D---- C:\Windows\Prefetch
2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-02 20:43:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-02 20:29:38 ----RD---- C:\Program Files
2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
2009-05-01 22:48:49 ----D---- C:\Windows\Minidump
2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
2009-05-01 12:31:15 ----D---- C:\Program Files\Mozilla Firefox
2009-05-01 09:55:26 ----D---- C:\Windows\system32\catroot2
2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
2009-04-16 17:43:21 ----D---- C:\Windows\Debug
2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
R1 is-3CCN3drv;is-3CCN3drv; C:\Windows\system32\DRIVERS\90033959.sys [2008-07-08 148496]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-03 86792]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 catchme;catchme; \??\C:\Users\laurent\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 651720]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe []

-----------------EOF-----------------

Si explorer.exe est supprimé, mon micro ne fonctionnera plus...

ok je comprends

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver AVG Anti-Spyware Guard deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\laurent\AppData\Local\Temp\etilqs_LJtzmZzGyY4XyocF1P6b scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05032009_185905

Files moved on Reboot...
File C:\Users\laurent\AppData\Local\Temp\etilqs_LJtzmZzGyY4XyocF1P6b not found!
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_001_ moved successfully.
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_002_ moved successfully.
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_003_ moved successfully.
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\urlclassifier3.sqlite moved successfully.
C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\XUL.mfl moved successfully.

il semble fonctionner normalement, firefox ne me fait plus de trucs bizarre, genre ouvrir une page de pub

tu penses que le nettoyage est complet ?

les types de trojans qui m'ont infectés ("generic", "autorun", "DNSChanger" ) sont dangereux jusqu'à quel point ? je ne trouve pas bcp d'infos sur le net

l'autorun a à un moment touché mon disque dur externe. Je l'ai scanné, a priori il est ok. Penses-tu que c ok ?

Merci

voici

j'ai l'impression qu'il a trouvé qq chose


############################## [ UsbFix V3.016 # Scan ]

# User : laurent (Administrateurs) # PC-DE-LAURENT
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:25:46 | 03/05/2009

# Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ Enabled ]8.0

# C:\ # Disque fixe local # 127,99 Go (35,85 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 7,5 Go (3,51 Go free) # FAT32
# I:\ # Disque fixe local # 298,02 Go (213,86 Go free) [My Book] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.msn.com/"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: Eraser=C:\Program Files\Eraser\Eraser.exe -hide
HKCU_Run: Google Update="C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: Messenger (Yahoo!)="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! I:\Setup.exe

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\I\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

voici

############################## [ UsbFix V3.016 # Cleaning ]

# User : laurent (Administrateurs) # PC-DE-LAURENT
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 20:41:27 | 03/05/2009

# Intel(R) Pentium(R) 4 CPU 2.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ Enabled ]8.0

# C:\ # Disque fixe local # 127,99 Go (35,77 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible # 7,5 Go (3,51 Go free) # FAT32
# I:\ # Disque fixe local # 298,02 Go (213,86 Go free) [My Book] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Windows Calendar\wincal.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! I:\Setup.exe

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\I\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[27/09/2007 21:55|---hs----|356] - C:\Boot.BAK
[27/09/2007 23:11|-rahs----|356] - C:\Boot.ini.saved
[28/08/2001 14:00|-rahs----|4952] - C:\Bootfont.bin
[19/01/2008 09:45|-rahs----|333203] - C:\bootmgr
[27/09/2007 23:11|-ra-s----|8192] - C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] - C:\config.sys
[10/09/2007 00:17|--a------|1634] - C:\DVD2Mp4_Log.txt
[02/07/2007 20:18|-rahs----|0] - C:\IO.SYS
[02/07/2007 20:18|-rahs----|0] - C:\MSDOS.SYS
[02/07/2007 22:12|-rahs----|47564] - C:\NTDETECT.COM
[02/07/2007 22:12|-rahs----|251712] - C:\ntldr
[18/09/2007 20:52|--a------|9323] - C:\OldSDB_log.txt
[?|?|?] - C:\pagefile.sys
[25/08/2007 00:48|--ah-----|268] - C:\sqmdata00.sqm
[26/08/2007 00:31|--ah-----|268] - C:\sqmdata01.sqm
[26/08/2007 23:56|--ah-----|268] - C:\sqmdata02.sqm
[28/08/2007 00:11|--ah-----|268] - C:\sqmdata03.sqm
[28/08/2007 21:36|--ah-----|268] - C:\sqmdata04.sqm
[30/08/2007 00:30|--ah-----|268] - C:\sqmdata05.sqm
[02/09/2007 00:14|--ah-----|268] - C:\sqmdata06.sqm
[05/09/2007 00:14|--ah-----|268] - C:\sqmdata07.sqm
[06/09/2007 00:31|--ah-----|268] - C:\sqmdata08.sqm
[07/09/2007 00:12|--ah-----|268] - C:\sqmdata09.sqm
[10/09/2007 01:09|--ah-----|268] - C:\sqmdata10.sqm
[25/08/2007 00:48|--ah-----|244] - C:\sqmnoopt00.sqm
[26/08/2007 00:31|--ah-----|244] - C:\sqmnoopt01.sqm
[26/08/2007 23:56|--ah-----|244] - C:\sqmnoopt02.sqm
[28/08/2007 00:11|--ah-----|244] - C:\sqmnoopt03.sqm
[28/08/2007 21:36|--ah-----|244] - C:\sqmnoopt04.sqm
[30/08/2007 00:30|--ah-----|244] - C:\sqmnoopt05.sqm
[02/09/2007 00:14|--ah-----|244] - C:\sqmnoopt06.sqm
[05/09/2007 00:14|--ah-----|244] - C:\sqmnoopt07.sqm
[06/09/2007 00:31|--ah-----|244] - C:\sqmnoopt08.sqm
[07/09/2007 00:12|--ah-----|244] - C:\sqmnoopt09.sqm
[10/09/2007 01:09|--ah-----|244] - C:\sqmnoopt10.sqm
[03/05/2009 20:44|--a------|5036] - C:\UsbFix.txt
[15/07/2007 13:06|--a------|186] - C:\VundoFix.txt
[27/09/2007 23:56|--a------|158] - C:\YServer.txt
[19/12/2008 09:18|--a------|511254] - I:\resistancecgtDPR.bmp
[10/05/2005 14:54|--a------|231936] - I:\ChefAmediter.doc
[30/06/2005 08:27|--a------|41472] - I:\ArtDuMgtResumes.doc
[30/06/2005 08:49|--a------|301056] - I:\ArtDuMgt2.doc
[29/04/2005 10:37|--a------|111616] - I:\ABC CGoshn.doc
[25/04/2005 12:26|--a------|885760] - I:\QE.doc
[08/07/2004 08:08|--a------|1009432] - I:\Xcanadair.exe
[06/08/2008 08:41|--a------|101888] - I:\Helic_ptero.pps
[14/12/2007 08:39|--a------|4840000] - I:\debit051207.rtf
[14/12/2007 08:41|--a------|75776] - I:\debit051207.doc
[14/12/2007 13:45|--a------|33792] - I:\LettreoppositionHSBC France.doc
[24/07/2007 10:07|--a------|29184] - I:\Lettre Police Levallois.doc
[14/04/2006 16:12|--a------|288319] - I:\MgtAvecChinois20060414_6.pdf
[22/11/2006 16:17|--a------|1088512] - I:\VTT.doc
[25/10/2006 13:40|--a------|84355] - I:\FormulesExcel.zip
[21/11/2008 13:14|--a------|35532] - I:\bordeaux-carte.gif

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# E:\autorun.inf -> Folder created by UsbFix.
# I:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

ok, j'ai tout purgé. J'avais deja remis l'uac
je ne connaissais pas mbam, je le garde effectivement, meme si j'ai l'impression que à partir du moment ou un malware est passé, il faut chercher les fix et savoir analyser les logs pour s'en sortir. les logiciels" cles en main" ne sont pas assez puissants.
les articles sont intéressants, je suis dans le cas du telechargement de video (erreur num 1). Windows media n'avait pas le codec appropriés, qu'il m'a proposé de telechargé, je me suis dit c'est sans danger car windows media (seconde erreur). Et la j'étais mort quand j'ai vu mon antivirus tout de suite m'alerter qu'un trojan voulait s'executer.

En tout cas je te remercie bcp. J'ai été très impressionné par ta vitesse d'analyse et par ta disponibilité en ce dimanche !

Merci encore
salut ;-)

Bonsoir

Malheureusement il y a encore des trucs qui trainent. Et pourtant je n'ai rien téléchargé.

Voici ce qu'à trouvé mbam hier

04/05/2009 00:30:16
mbam-log-2009-05-04 (00-30-16).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 175241
Temps écoulé: 49 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Common Files\NMSAccessU.exe (Trojan.Agent) -> Delete on reboot.

EN ce moment j'ai A2 squared qui scan, et a déjà trouvé un trojan dans un fichier

C:\Windows\System32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys.vir Objets détectés : Trojan.Win32.Agent2.iml!A2

galère...

Une idée pour arriver à tout nettoyer ?

merci par avance

bonjour Destrio

voici le log de Combofix

ComboFix 09-05-07.06 - laurent 08/05/2009 1:10.5 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.1434 [GMT 2:00]
Lancé depuis: c:\users\laurent\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\windows\system32\xcomm.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-07 au 2009-05-07 ))))))))))))))))))))))))))))))))))))
.

2009-05-03 18:24 . 2009-05-03 18:54 -------- d-----w C:\UsbFix
2009-05-02 08:52 . 2009-05-02 08:52 -------- d-----w c:\users\laurent\AppData\Roaming\Malwarebytes
2009-05-02 08:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 08:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\programdata\Malwarebytes
2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-02 08:51 . 2009-05-02 08:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 08:32 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-02 08:32 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-02 08:32 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-02 08:32 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-02 08:32 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\programdata\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\All Users\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\laurent\AppData\Roaming\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\program files\Trojan Remover
2009-05-01 09:25 . 2009-05-04 21:39 -------- d-----w c:\program files\a-squared Free
2009-04-30 21:10 . 2009-04-30 21:10 -------- d-----w c:\users\laurent\AppData\Local\Yahoo
2009-04-17 18:27 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-17 18:27 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-17 18:26 . 2009-04-17 18:26 -------- d-----w c:\program files\iPod
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\program files\iTunes
2009-04-16 08:46 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-16 08:45 . 2009-04-16 08:45 -------- d-----w c:\programdata\is-3CCN3
2009-04-16 08:45 . 2009-04-16 08:45 -------- d-----w c:\users\All Users\is-3CCN3
2009-04-16 08:44 . 2009-05-07 23:17 234969120 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 08:44 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\90033959.sys
2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 08:31 . 2009-04-16 08:31 -------- d-----w c:\program files\Lavasoft
2009-04-15 21:44 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 21:44 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 21:44 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 23:05 . 2006-11-02 15:48 668580 ----a-w c:\windows\system32\perfh00C.dat
2009-05-07 23:05 . 2006-11-02 15:48 122972 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 23:01 . 2007-09-27 20:28 8620 ----a-w c:\users\laurent\AppData\Local\d3d9caps.dat
2009-05-07 22:59 . 2009-04-16 08:44 2744492 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-07 22:40 . 2007-10-28 23:02 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-03 21:30 . 2008-09-15 21:50 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 17:07 . 2007-09-27 20:30 56712 ----a-w c:\users\laurent\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-03 16:24 . 2007-09-27 21:05 -------- d-----w c:\program files\Java
2009-05-03 13:08 . 2007-07-30 16:47 86792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-05-03 13:02 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-03 13:02 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-03 13:02 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-02 18:43 . 2007-09-27 20:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 10:45 . 2009-03-22 18:41 -------- d-----w c:\program files\Free Hide Folder
2009-04-17 18:26 . 2007-09-27 23:08 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 13:55 . 2008-03-07 20:46 -------- d-----w c:\program files\Common Files\BitDefender
2009-03-28 19:46 . 2009-03-28 19:46 -------- d-----w c:\program files\WinHTTrack
2009-03-28 18:49 . 2009-03-28 18:49 -------- d-----w c:\program files\FastStone Image Viewer
2009-03-28 17:46 . 2008-03-01 23:51 -------- d-----w c:\program files\Windows Live
2009-03-28 17:46 . 2009-03-28 17:46 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Microsoft
2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-28 17:18 . 2009-03-28 17:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-26 21:43 . 2008-11-21 22:52 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 21:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-22 19:17 . 2007-09-29 11:47 1801 ----a-w c:\users\All Users\xmlDC30.tmp
2009-03-22 19:17 . 2007-09-29 11:47 1801 ----a-w c:\programdata\xmlDC30.tmp
2009-03-22 19:17 . 2008-07-15 18:26 13283 ----a-w c:\users\All Users\xml3647.tmp
2009-03-22 19:17 . 2008-07-15 18:26 13283 ----a-w c:\programdata\xml3647.tmp
2009-03-22 19:17 . 2007-09-29 11:46 9017 ----a-w c:\users\All Users\xmlC8E4.tmp
2009-03-22 19:17 . 2007-09-29 11:46 9017 ----a-w c:\programdata\xmlC8E4.tmp
2009-03-22 19:00 . 2007-09-29 19:27 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-22 19:00 . 2007-09-30 11:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 18:30 . 2009-03-22 18:30 -------- d-----w c:\program files\CCleaner
2009-03-17 03:38 . 2009-04-15 21:43 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 21:43 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-13 19:11 . 2009-03-13 19:10 -------- d-----w c:\program files\QuickTime
2009-03-03 04:46 . 2009-04-15 21:43 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 21:43 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 21:43 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 21:43 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 21:43 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 21:43 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 21:43 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 21:43 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 21:43 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 21:43 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 21:43 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 21:43 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 21:43 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-15 21:43 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 21:43 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 17:08 2033152 ----a-w c:\windows\system32\win32k.sys
2008-06-15 20:57 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-11-06 23:41 . 2007-11-06 23:41 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_22.43.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-27 21:20 . 2009-05-07 23:02 64064 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-07 23:02 64234 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-27 20:30 . 2009-05-07 23:02 18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2619479018-2474381927-3083531991-1000_UserData.bin
- 2009-05-07 22:41 . 2009-05-07 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-07 23:00 . 2009-05-07 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-07 22:41 . 2009-05-07 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-07 23:00 . 2009-05-07 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-07 23:05 586568 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 16:57 586568 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-07 23:05 100640 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-07 16:57 100640 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
"Google Update"="c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-04-16 368640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" /reg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC4B21C0-FE86-4E39-8C1F-8BC87A2B8421}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3F76248B-A444-4625-96AD-A7D10E26F888}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{85C997BA-912A-43BA-B3BB-274A12C2F54B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AC717F5B-391F-4D8B-81AE-91DE3336E012}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B3A77AE9-3890-4AAC-A302-AD4E9C2D89A2}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{78F81B8B-67F3-4EE0-BCEF-0D5F3E41C2FA}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{C0EB25DA-F2CF-4923-B43F-22961196180C}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{7B2B3E1F-43EE-4613-842E-9AAEDAB68BE2}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{A3264C63-F061-4221-8DF9-FEA74E51890A}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DFC88F7E-E252-463A-B23B-B30CEFCE4904}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{16D8786F-AB7C-4178-87EC-CF12CEE7D3E4}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{7BA2704D-85C8-41FD-8263-F5D6E87D7906}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{249EC9AC-1C0A-48F6-B58B-7CF3E8F64D2E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{45FEBFD6-E7BF-4B5E-91CE-A105831F69C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{EC568267-D96C-4700-B020-8F0E68A2E93F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{15D61B21-B028-4AD8-B315-1B1766136084}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FF365487-B197-4D61-BC7A-1219A78A497B}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E9F16C3F-0FB1-4480-87B7-82F4526B5945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{92456BAA-0402-41FD-8540-EE7C2EA1D985}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [16/04/2009 10:46 64160]
R1 is-3CCN3drv;is-3CCN3drv;c:\windows\System32\drivers\90033959.sys [16/04/2009 10:44 148496]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 15:02 163840]
R2 dvdmmg;dvdmmg;c:\windows\System32\drivers\dvdmmg.sys [06/09/2007 12:15 5504]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [30/07/2007 18:47 86792]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [28/03/2009 19:46 55280]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/11/2007 01:40 1840128]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 951632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
- c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 19:54]

2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
- c:\windows\system32\msfeedssync.exe [2008-06-15 07:33]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\0arp8l29.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?client=firefox-a&rls=org.mozilla:frfficial&oe=UTF-8&hl=fr&channel=s&tab=wn&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\laurent\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 01:17
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\laurent\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Heure de fin: 2009-05-07 2:14
ComboFix-quarantined-files.txt 2009-05-08 00:14

Avant-CF: 44 974 252 032 octets libres
Après-CF: 44 942 753 792 octets libres

235 --- E O F --- 2009-05-07 16:55

c'est dait, voici le rapport:

ComboFix 09-05-02.4 - laurent 08/05/2009 22:38.6 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.1174 [GMT 2:00]
Lancé depuis: c:\users\laurent\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\laurent\Desktop\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*

FILE ::
c:\programdata\xml3647.tmp
c:\programdata\xmlC8E4.tmp
c:\programdata\xmlDC30.tmp
c:\users\All Users\xml3647.tmp
c:\users\All Users\xmlC8E4.tmp
c:\users\All Users\xmlDC30.tmp
c:\windows\system32\drivers\90033959.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\is-3CCN3
c:\programdata\is-3CCN3\~PRCustomProps#122.dat
c:\programdata\is-3CCN3\~PRObjects#122.dat
c:\programdata\xml3647.tmp
c:\programdata\xmlC8E4.tmp
c:\programdata\xmlDC30.tmp
c:\users\All Users\is-3CCN3\~PRCustomProps#122.dat
c:\users\All Users\is-3CCN3\~PRObjects#122.dat
c:\windows\system32\drivers\90033959.sys
c:\windows\system32\xcomm.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-3CCN3DRV
-------\Service_is-3CCN3drv


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
.

2009-05-03 18:24 . 2009-05-03 18:54 -------- d-----w C:\UsbFix
2009-05-02 08:52 . 2009-05-02 08:52 -------- d-----w c:\users\laurent\AppData\Roaming\Malwarebytes
2009-05-02 08:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 08:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\programdata\Malwarebytes
2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-02 08:51 . 2009-05-02 08:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 08:32 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-05-02 08:32 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-05-02 08:32 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-05-02 08:32 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-05-02 08:32 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\programdata\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\All Users\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\laurent\AppData\Roaming\Simply Super Software
2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\program files\Trojan Remover
2009-05-01 09:25 . 2009-05-08 15:40 -------- d-----w c:\program files\a-squared Free
2009-04-30 21:10 . 2009-04-30 21:10 -------- d-----w c:\users\laurent\AppData\Local\Yahoo
2009-04-17 18:27 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-17 18:27 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-17 18:26 . 2009-04-17 18:26 -------- d-----w c:\program files\iPod
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\program files\iTunes
2009-04-16 08:46 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-16 08:44 . 2009-05-08 20:45 248352800 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 08:31 . 2009-04-16 08:31 -------- d-----w c:\program files\Lavasoft
2009-04-15 21:44 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 21:44 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 21:44 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 20:49 . 2007-09-27 20:28 8620 ----a-w c:\users\laurent\AppData\Local\d3d9caps.dat
2009-05-08 20:46 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-08 20:45 . 2009-04-16 08:44 2911460 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-08 20:45 . 2007-10-28 23:02 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-08 18:36 . 2007-09-27 21:08 422 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
2009-05-08 16:07 . 2008-12-30 12:25 864 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
2009-05-08 11:45 . 2007-09-29 09:42 -------- d-----w c:\program files\SpywareBlaster
2009-05-08 10:12 . 2006-11-02 15:48 668580 ----a-w c:\windows\system32\perfh00C.dat
2009-05-08 10:12 . 2006-11-02 15:48 122972 ----a-w c:\windows\system32\perfc00C.dat
2009-05-08 09:56 . 2007-07-30 16:47 86792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-05-08 09:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-08 09:24 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-08 09:24 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-03 21:30 . 2008-09-15 21:50 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 17:07 . 2007-09-27 20:30 56712 ----a-w c:\users\laurent\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-03 16:24 . 2007-09-27 21:05 -------- d-----w c:\program files\Java
2009-05-02 18:43 . 2007-09-27 20:45 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-01 10:45 . 2009-03-22 18:41 -------- d-----w c:\program files\Free Hide Folder
2009-04-17 18:26 . 2007-09-27 23:08 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 13:55 . 2008-03-07 20:46 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-16 11:56 . 2009-04-16 08:46 512 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-03-28 19:46 . 2009-03-28 19:46 -------- d-----w c:\program files\WinHTTrack
2009-03-28 18:49 . 2009-03-28 18:49 -------- d-----w c:\program files\FastStone Image Viewer
2009-03-28 17:46 . 2008-03-01 23:51 -------- d-----w c:\program files\Windows Live
2009-03-28 17:46 . 2009-03-28 17:46 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Microsoft
2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-28 17:18 . 2009-03-28 17:18 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-26 21:43 . 2008-11-21 22:52 -------- d-----w c:\program files\Common Files\Adobe
2009-03-22 21:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-22 19:00 . 2007-09-29 19:27 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-22 19:00 . 2007-09-30 11:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 18:30 . 2009-03-22 18:30 -------- d-----w c:\program files\CCleaner
2009-03-17 03:38 . 2009-04-15 21:43 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 21:43 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 21:43 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-13 19:11 . 2009-03-13 19:10 -------- d-----w c:\program files\QuickTime
2009-03-03 04:46 . 2009-04-15 21:43 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 21:43 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 21:43 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 21:43 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 21:43 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 21:43 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 21:43 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 21:43 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 21:43 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 21:43 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 21:43 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 21:43 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 21:43 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-15 21:43 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 21:43 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 17:08 2033152 ----a-w c:\windows\system32\win32k.sys
2008-06-15 20:57 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-11-06 23:41 . 2007-11-06 23:41 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_22.43.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-27 21:20 . 2009-05-08 10:08 64460 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-08 10:08 64242 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-27 20:30 . 2009-05-08 10:08 18106 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2619479018-2474381927-3083531991-1000_UserData.bin
- 2006-11-02 13:02 . 2009-05-07 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-05-08 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-05-07 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-05-08 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-05-07 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-05-08 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 20:49 . 2009-05-08 09:24 57344 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\texticon.exe
- 2008-03-07 20:49 . 2009-05-03 13:02 57344 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\texticon.exe
- 2008-03-07 20:49 . 2009-05-03 13:02 22486 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\register_icon.exe
+ 2008-03-07 20:49 . 2009-05-08 09:25 22486 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\register_icon.exe
- 2008-03-07 20:49 . 2009-05-03 13:02 32768 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\maintenance_icon.exe
+ 2008-03-07 20:49 . 2009-05-08 09:25 32768 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\maintenance_icon.exe
- 2008-03-07 20:49 . 2009-05-03 13:02 61440 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\helpicon.exe
+ 2008-03-07 20:49 . 2009-05-08 09:25 61440 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\helpicon.exe
+ 2006-11-02 10:33 . 2009-05-08 10:12 586568 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 16:57 586568 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-08 10:12 100640 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-07 16:57 100640 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
"Google Update"="c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-04-16 368640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-08 516440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" /reg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC4B21C0-FE86-4E39-8C1F-8BC87A2B8421}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3F76248B-A444-4625-96AD-A7D10E26F888}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{85C997BA-912A-43BA-B3BB-274A12C2F54B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AC717F5B-391F-4D8B-81AE-91DE3336E012}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B3A77AE9-3890-4AAC-A302-AD4E9C2D89A2}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{78F81B8B-67F3-4EE0-BCEF-0D5F3E41C2FA}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
"{C0EB25DA-F2CF-4923-B43F-22961196180C}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{7B2B3E1F-43EE-4613-842E-9AAEDAB68BE2}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{A3264C63-F061-4221-8DF9-FEA74E51890A}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{DFC88F7E-E252-463A-B23B-B30CEFCE4904}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{16D8786F-AB7C-4178-87EC-CF12CEE7D3E4}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{7BA2704D-85C8-41FD-8263-F5D6E87D7906}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{249EC9AC-1C0A-48F6-B58B-7CF3E8F64D2E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{45FEBFD6-E7BF-4B5E-91CE-A105831F69C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{EC568267-D96C-4700-B020-8F0E68A2E93F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{15D61B21-B028-4AD8-B315-1B1766136084}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FF365487-B197-4D61-BC7A-1219A78A497B}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E9F16C3F-0FB1-4480-87B7-82F4526B5945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{92456BAA-0402-41FD-8540-EE7C2EA1D985}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-06 1840128]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-08 953168]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-05-08 86792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:11]

2009-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
- c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 19:54]

2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
- c:\windows\system32\msfeedssync.exe [2008-06-15 07:33]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\0arp8l29.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?client=firefox-a&rls=org.mozilla:frfficial&oe=UTF-8&hl=fr&channel=s&tab=wn&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\laurent\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 22:47
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\laurent\AppData\Local\Temp\BIT7039.tmp

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(9240)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Heure de fin: 2009-05-08 23:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-08 21:38
ComboFix2.txt 2009-05-08 00:14

Avant-CF: 42 410 430 464 octets libres
Après-CF: 42 241 388 544 octets libres

291 --- E O F --- 2009-05-07 16:55

Et bien ca allait mieux ce we - à part qques alertes "weborama"' éliminés par a2free. Et puis en allumant mon ordi tout à l'heure, une fenetre (ms dos je pense) s'est rapidement ouverte puis fermée (genre un prog qui se lance) juste au moment ou mon bureau apparaissait.
Qques secondes après j'avais des messages parasite dans MSN venant de l'adresse d'un pote... J'ai lancé un scan MBAM qui n'a rien trouvé. En ce moment A2free tourne.

salut
voici:

Logfile of random's system information tool 1.06 (written by random/random)
Run by laurent at 2009-05-12 21:04:56
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 32 GB (25%) free of 131 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:43, on 12/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\laurent\Documents\Securite\Scanneurs\RSIT.exe
C:\Program Files\trend micro\laurent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6910 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-08 516440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-03 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
"Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-05-12 21:04:56 ----D---- C:\rsit
2009-05-10 14:55:05 ----D---- C:\Users\laurent\AppData\Roaming\Flickr
2009-05-10 14:54:25 ----D---- C:\Program Files\Flickr Uploadr
2009-05-09 14:10:04 ----D---- C:\Program Files\CCleaner
2009-05-09 13:55:53 ----D---- C:\Windows\system32\syncdb
2009-05-09 13:47:42 ----A---- C:\Windows\system32\lsdelete.exe
2009-05-08 23:38:16 ----D---- C:\Windows\temp
2009-05-08 23:38:15 ----A---- C:\ComboFix.txt
2009-05-08 00:31:41 ----A---- C:\Windows\zip.exe
2009-05-08 00:31:41 ----A---- C:\Windows\vFind.exe
2009-05-08 00:31:41 ----A---- C:\Windows\SWSC.exe
2009-05-08 00:31:41 ----A---- C:\Windows\SWREG.exe
2009-05-08 00:31:41 ----A---- C:\Windows\sed.exe
2009-05-08 00:31:41 ----A---- C:\Windows\NIRCMD.exe
2009-05-08 00:31:41 ----A---- C:\Windows\grep.exe
2009-05-08 00:31:40 ----A---- C:\Windows\SWXCACLS.exe
2009-05-08 00:25:29 ----D---- C:\Qoobox
2009-05-03 23:31:03 ----A---- C:\Windows\system32\javaws.exe
2009-05-03 23:30:48 ----A---- C:\Windows\system32\javaw.exe
2009-05-03 23:30:48 ----A---- C:\Windows\system32\java.exe
2009-05-03 20:44:59 ----RASHD---- C:\autorun.inf
2009-05-03 20:41:23 ----A---- C:\UsbFix.txt
2009-05-03 20:24:06 ----D---- C:\UsbFix
2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-05-12 21:05:43 ----D---- C:\Program Files\Trend Micro
2009-05-12 21:05:20 ----D---- C:\Windows\Prefetch
2009-05-12 20:56:19 ----D---- C:\Windows\System32
2009-05-12 19:31:02 ----D---- C:\Windows\inf
2009-05-12 19:31:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-11 19:49:13 ----AD---- C:\ProgramData\TEMP
2009-05-11 19:24:44 ----D---- C:\Windows\system32\catroot2
2009-05-11 19:24:39 ----SHD---- C:\System Volume Information
2009-05-11 19:18:45 ----SHD---- C:\Config.Msi
2009-05-11 19:18:45 ----D---- C:\Windows
2009-05-10 23:51:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-10 23:51:26 ----D---- C:\Windows\Debug
2009-05-10 14:54:43 ----SHD---- C:\Windows\Installer
2009-05-10 14:54:25 ----RD---- C:\Program Files
2009-05-09 14:05:37 ----D---- C:\Program Files\Mozilla Firefox
2009-05-09 14:01:27 ----D---- C:\Users\laurent\AppData\Roaming\Adobe
2009-05-09 14:01:26 ----D---- C:\Program Files\Adobe
2009-05-09 13:59:40 ----D---- C:\Program Files\Common Files\Adobe
2009-05-09 13:58:05 ----D---- C:\Program Files\Common Files
2009-05-09 00:40:53 ----D---- C:\Windows\system32\drivers
2009-05-09 00:20:01 ----D---- C:\ProgramData\BitDefender
2009-05-08 23:49:36 ----A---- C:\Windows\system32\xcomm.dll
2009-05-08 23:38:18 ----D---- C:\Windows\system32\fr-FR
2009-05-08 22:47:55 ----A---- C:\Windows\system.ini
2009-05-08 22:45:20 ----SHD---- C:\Boot
2009-05-08 22:45:20 ----D---- C:\Windows\system32\config
2009-05-08 22:42:23 ----D---- C:\Windows\AppPatch
2009-05-08 22:39:12 ----HD---- C:\ProgramData
2009-05-08 13:45:07 ----D---- C:\Program Files\SpywareBlaster
2009-05-03 23:30:17 ----A---- C:\Windows\system32\deploytk.dll
2009-05-03 21:06:04 ----D---- C:\Windows\Minidump
2009-05-03 18:24:45 ----D---- C:\Program Files\Java
2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-09 86792]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-08 953168]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]

-----------------EOF-----------------



------------------------------
info.txt logfile of random's system information tool 1.06 2009-05-12 21:05:47

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
AV Video Morpher-->C:\Program Files\AV Video Morpher\uninstall.exe
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BitDefender Internet Security 2008-->MsiExec.exe /I{2E105DF6-3210-4B9A-B584-B94645D7C0A8}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eraser-->"C:\ProgramData\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\ProgramData\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
FastStone Image Viewer 3.7-->C:\Program Files\FastStone Image Viewer\uninst.exe
FileZilla Client 3.2.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Flickr Uploadr 3.1.4-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
Free Hide Folder-->C:\PROGRA~1\FREEHI~1\UNWISE.EXE C:\PROGRA~1\FREEHI~1\INSTALL.LOG
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2A1AA9CF-2E7D-4235-BDAB-8FA4291DD5D8}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PENTAX Digital Camera Utility-->C:\PROGRA~1\PENTAX\DIGITA~1\UNINST.EXE C:\PROGRA~1\PENTAX\DIGITA~1\INSTALL.LOG
PENTAX Raw Codec-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{E52226B3-808E-403C-A9C0-6904BFC80ED8} /l1033 UNINSTALL
PENTAX REMOTE Assistant version 3.50-->C:\PROGRA~1\PENTAX\DIGITA~1\RAUNIN~1.EXE C:\PROGRA~1\PENTAX\DIGITA~1\RAINSTALL03.LOG
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RarZilla Free Unrar 2.12-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SiSoftware Sandra Lite XIIc-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\unins000.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
StudioLine Photo Basic-->C:\Program Files\StudioLine Photo Basic\SLUninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tor 0.1.2.17-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Trojan Remover 6.7.8-->"C:\Program Files\Trojan Remover\unins000.exe"
TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Vidalia 0.0.14-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"
XPC Tools-->C:\Windows\IsUninst.exe -f"C:\Program Files\Shuttle\XPC Tools\Uninst.isu"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Bitdefender Antivirus
FW: Bitdefender Firewall
AS: BitDefender AntiSpam
AS: Lavasoft Ad-Watch Live! (disabled)

======System event log======

Computer Name: PC-de-laurent
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 160099
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090511213550.278625-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laurent
Event Code: 49
Message: Échec de la configuration du fichier d'échange pour le vidage sur incident. Vérifiez qu'un fichier d'échange est présent sur la partition de démarrage et qu'il est assez grand pour contenir toute la mémoire physique.
Record Number: 160106
Source Name: volmgr
Time Written: 20090512172515.703125-000
Event Type: Erreur
User:

Computer Name: PC-de-laurent
Event Code: 49
Message: Échec de la configuration du fichier d'échange pour le vidage sur incident. Vérifiez qu'un fichier d'échange est présent sur la partition de démarrage et qu'il est assez grand pour contenir toute la mémoire physique.
Record Number: 160110
Source Name: volmgr
Time Written: 20090512172535.703125-000
Event Type: Erreur
User:

Computer Name: PC-de-laurent
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 160113
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090512172545.610290-000
Event Type: Erreur
User:

Computer Name: PC-de-laurent
Event Code: 7001
Message: Le service NVIDIA Display Driver Service dépend du service nvlddmkm qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 160121
Source Name: Service Control Manager
Time Written: 20090512172710.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-laurent
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2619479018-2474381927-3083531991-1000:
Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2619479018-2474381927-3083531991-1000

Record Number: 194181
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090511213540.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laurent
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2619479018-2474381927-3083531991-1000_Classes:
Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2619479018-2474381927-3083531991-1000_CLASSES

Record Number: 194182
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090511213542.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-laurent
Event Code: 20
Message:
Record Number: 194207
Source Name: Google Update
Time Written: 20090512174959.000000-000
Event Type: Erreur
User: PC-de-laurent\laurent

Computer Name: PC-de-laurent
Event Code: 20
Message:
Record Number: 194209
Source Name: Google Update
Time Written: 20090512185000.000000-000
Event Type: Erreur
User: PC-de-laurent\laurent

Computer Name: PC-de-laurent
Event Code: 1000
Message: Application défaillante prevhost.exe, version 6.0.6001.18000, horodatage 0x47918e68, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0x80000003, décalage d’erreur 0x03a96d41, ID du processus 0x1420, heure de début de l’application 0x01c9d3341f5c319d.
Record Number: 194210
Source Name: Application Error
Time Written: 20090512190408.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-laurent
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURENT$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x258
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 43750
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221141528.986951-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laurent
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-LAURENT$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x258
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 43751
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221141528.986951-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laurent
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 43752
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221141528.986951-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laurent
Event Code: 4647
Message: Fermeture de session initiée par l’utilisateur :

Sujet :
ID de sécurité : S-1-5-21-2619479018-2474381927-3083531991-1000
Nom du compte : laurent
Domaine du compte : PC-de-laurent
ID d’ouverture de session : 0x6dd2c

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
Record Number: 43753
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221232325.137791-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-laurent
Event Code: 1100
Message: Le service d’enregistrement des événements a été arrêté.
Record Number: 43754
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081221232330.340125-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Dans le document que tu m'as envoyé sur les risques, il y avait un lien sur les "indices" d'infections, et notamment les messages parasites via MSN.

Mais si tu estimes que c ok, je te fais conficance. Je te remercie pour tout , en particulier ta disponibilité !

ciao