Votre question

Je n'arrive pas à me débarrasser d'un Trojan[résolu]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Mai 2009 21:27:04

Bonjour

J'ai un trojan dont je n'arrive pas à me débarrasser (bitdefender, ad aware, a2 free).

Voici mon log hijackthis

Merci par avance pour votre aide

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:09, on 16/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

Autres pages sur : arrive debarrasser trojan resolu

a c 327 8 Sécurité
1 Mai 2009 21:45:13

Bonjour,

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    2 Mai 2009 20:06:02

    Bonjour ,

    tout d'abord merci bcp pour ton aide

    voici le resultat du scan mbam:

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2067
    Windows 6.0.6001 Service Pack 1

    02/05/2009 19:51:04
    mbam-log-2009-05-02 (19-51-04).txt

    Type de recherche: Examen complet (C:\|E:\|F:\|I:\|)
    Eléments examinés: 209420
    Temps écoulé: 1 hour(s), 15 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickyPlaeyr (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickyPlaeyr\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-2-4-99-100005688-100012633-100024577-5235.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.


    en // j'avais trouvé "trojan remover", qui a trouvé d'autres trojans:


    ***** THE SYSTEM HAS BEEN RESTARTED *****
    02/05/2009 10:42:05: Trojan Remover has been restarted
    ----------
    Cleaning up TDSS keys/files:
    C:\Windows\system32\gxvxcbpipqodvwvrhpfoqnabagemndumrxjei.dll - deleted
    ----------
    =======================================================
    Removing the following registry keys:
    HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys - removed
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys - already removed (or did not exist)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys - already removed (or did not exist)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed (or did not exist)
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed (or did not exist)
    =======================================================
    02/05/2009 10:42:05: Trojan Remover closed

    et ceci:

    10:37:17: ----- SCANNING FOR ROOTKIT SERVICES -----
    Hidden Service Keyname: gxvxcserv.sys
    Hidden Service: \systemroot\system32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys
    C:\Windows\system32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys
    32256 bytes
    Modified: 16/04/2009 00:35
    Company: Microsoft Corporation
    File appears to be hidden using rootkit techniques
    Entry has been scheduled for deletion when the PC is restarted
    C:\Windows\system32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys - file backed up to C:\Windows\system32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys.vir
    C:\Windows\system32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys - file has been erased using RAW erasure

    penses-tu que c'est nettoyé ?
    Contenus similaires
    a c 327 8 Sécurité
    2 Mai 2009 22:43:48

  • Désactive l'UAC le temps de la désinfection.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    3 Mai 2009 15:31:08

    j'ai eu un pb: il y a eu manifestement un conflit avec bitdefender, alors que je l'avais désactivé.
    Combofix a viré un fichier de bitdefender
    A la fin combofix est resté bloqué à cet étape: "compte rendu en préparation"

    je l'ai relancé plusieurs fois, il n'a pas voulu générer le rapport => est ce un pb ?


    a c 327 8 Sécurité
    3 Mai 2009 15:37:08

    Je vais vérifier autrement.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Catchme (Przemyslaw Gmerek) sur ton Bureau.
  • Clique droit sur catchme.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton Bureau.)
    3 Mai 2009 17:24:26

    ya pas grand chose

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    ? [6112]

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 1
    hidden services: 0
    hidden files: 0
    a c 327 8 Sécurité
    3 Mai 2009 17:30:44

    Tu peux supprimer Catchme.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    3 Mai 2009 17:59:22

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by laurent at 2009-05-03 17:34:28
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 42 GB (32%) free of 131 GB
    Total RAM: 2047 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:34:51, on 03/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Users\laurent\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\laurent.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7688 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-15 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-15 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-15 144792]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
    "SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
    "Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}]
    shell\AutoRun\command - D:\autorun.exe


    ======List of files/folders created in the last 1 months======

    2009-05-03 17:34:28 ----D---- C:\rsit
    2009-05-03 14:27:26 ----D---- C:\Windows\temp
    2009-05-03 14:19:09 ----D---- C:\ComboFix
    2009-05-03 14:19:08 ----A---- C:\Windows\system32\CF7448.exe
    2009-05-03 12:07:00 ----A---- C:\Windows\PSEXESVC.EXE
    2009-05-03 12:05:24 ----A---- C:\Windows\zip.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\vFind.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\SWREG.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\NIRCMD.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWXCACLS.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWSC.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\sed.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\grep.exe
    2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
    2009-05-03 12:04:38 ----A---- C:\Windows\system32\swsc.exe
    2009-05-03 12:04:28 ----D---- C:\Qoobox
    2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
    2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
    2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
    2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
    2009-05-01 00:40:11 ----A---- C:\Windows\ntbtlog.txt
    2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
    2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
    2009-04-16 10:45:35 ----D---- C:\ProgramData\is-3CCN3
    2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
    2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
    2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
    2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-03 17:17:42 ----D---- C:\Windows\System32
    2009-05-03 15:18:25 ----D---- C:\Windows\inf
    2009-05-03 15:18:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-03 15:12:15 ----D---- C:\Windows\system32\drivers
    2009-05-03 15:08:08 ----A---- C:\Windows\system32\xcomm.dll
    2009-05-03 15:06:16 ----D---- C:\Windows
    2009-05-03 15:05:16 ----SHD---- C:\Config.Msi
    2009-05-03 15:03:18 ----SHD---- C:\Windows\Installer
    2009-05-03 15:01:59 ----SHD---- C:\System Volume Information
    2009-05-03 15:00:08 ----D---- C:\ProgramData\BitDefender
    2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-03 14:54:19 ----HD---- C:\ProgramData
    2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
    2009-05-03 14:27:36 ----A---- C:\Windows\system.ini
    2009-05-03 14:23:57 ----D---- C:\Windows\AppPatch
    2009-05-03 14:23:55 ----D---- C:\Program Files\Common Files
    2009-05-03 14:19:08 ----D---- C:\Windows\system32\fr-FR
    2009-05-03 14:16:52 ----AD---- C:\ProgramData\TEMP
    2009-05-03 12:08:09 ----D---- C:\Windows\Prefetch
    2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-05-02 20:43:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-05-02 20:29:38 ----RD---- C:\Program Files
    2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
    2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
    2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
    2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
    2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
    2009-05-01 22:48:49 ----D---- C:\Windows\Minidump
    2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
    2009-05-01 12:31:15 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-01 09:55:26 ----D---- C:\Windows\system32\catroot2
    2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
    2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
    2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
    2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
    2009-04-16 17:43:21 ----D---- C:\Windows\Debug
    2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
    2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
    2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
    2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
    2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus
    2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
    R1 is-3CCN3drv;is-3CCN3drv; C:\Windows\system32\DRIVERS\90033959.sys [2008-07-08 148496]
    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
    R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-03 86792]
    R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
    R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
    R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
    R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
    R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    S3 catchme;catchme; \??\C:\Users\laurent\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
    S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
    S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
    S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
    R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
    R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
    R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
    S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 651720]
    S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
    S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]
    S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe []

    -----------------EOF-----------------

    et info:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by laurent at 2009-05-03 17:34:28
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 42 GB (32%) free of 131 GB
    Total RAM: 2047 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:34:51, on 03/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Users\laurent\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\laurent.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7688 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-15 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-15 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-15 144792]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
    "SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
    "Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}]
    shell\AutoRun\command - D:\autorun.exe


    ======List of files/folders created in the last 1 months======

    2009-05-03 17:34:28 ----D---- C:\rsit
    2009-05-03 14:27:26 ----D---- C:\Windows\temp
    2009-05-03 14:19:09 ----D---- C:\ComboFix
    2009-05-03 14:19:08 ----A---- C:\Windows\system32\CF7448.exe
    2009-05-03 12:07:00 ----A---- C:\Windows\PSEXESVC.EXE
    2009-05-03 12:05:24 ----A---- C:\Windows\zip.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\vFind.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\SWREG.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\NIRCMD.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWXCACLS.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWSC.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\sed.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\grep.exe
    2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
    2009-05-03 12:04:38 ----A---- C:\Windows\system32\swsc.exe
    2009-05-03 12:04:28 ----D---- C:\Qoobox
    2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
    2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
    2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
    2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
    2009-05-01 00:40:11 ----A---- C:\Windows\ntbtlog.txt
    2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
    2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
    2009-04-16 10:45:35 ----D---- C:\ProgramData\is-3CCN3
    2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
    2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
    2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
    2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-03 17:17:42 ----D---- C:\Windows\System32
    2009-05-03 15:18:25 ----D---- C:\Windows\inf
    2009-05-03 15:18:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-03 15:12:15 ----D---- C:\Windows\system32\drivers
    2009-05-03 15:08:08 ----A---- C:\Windows\system32\xcomm.dll
    2009-05-03 15:06:16 ----D---- C:\Windows
    2009-05-03 15:05:16 ----SHD---- C:\Config.Msi
    2009-05-03 15:03:18 ----SHD---- C:\Windows\Installer
    2009-05-03 15:01:59 ----SHD---- C:\System Volume Information
    2009-05-03 15:00:08 ----D---- C:\ProgramData\BitDefender
    2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-03 14:54:19 ----HD---- C:\ProgramData
    2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
    2009-05-03 14:27:36 ----A---- C:\Windows\system.ini
    2009-05-03 14:23:57 ----D---- C:\Windows\AppPatch
    2009-05-03 14:23:55 ----D---- C:\Program Files\Common Files
    2009-05-03 14:19:08 ----D---- C:\Windows\system32\fr-FR
    2009-05-03 14:16:52 ----AD---- C:\ProgramData\TEMP
    2009-05-03 12:08:09 ----D---- C:\Windows\Prefetch
    2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-05-02 20:43:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-05-02 20:29:38 ----RD---- C:\Program Files
    2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
    2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
    2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
    2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
    2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
    2009-05-01 22:48:49 ----D---- C:\Windows\Minidump
    2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
    2009-05-01 12:31:15 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-01 09:55:26 ----D---- C:\Windows\system32\catroot2
    2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
    2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
    2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
    2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
    2009-04-16 17:43:21 ----D---- C:\Windows\Debug
    2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
    2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
    2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
    2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
    2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus
    2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
    R1 is-3CCN3drv;is-3CCN3drv; C:\Windows\system32\DRIVERS\90033959.sys [2008-07-08 148496]
    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
    R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-03 86792]
    R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
    R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
    R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
    R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
    R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    S3 catchme;catchme; \??\C:\Users\laurent\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
    S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
    S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
    S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
    R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
    R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
    R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
    S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 651720]
    S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
    S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]
    S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe []

    -----------------EOF-----------------

    a c 327 8 Sécurité
    3 Mai 2009 18:06:28

  • Désinstalle les programmes suivants :
    - Java 6 Update 10
    - Java 6 Update 2
    - Java 6 Update 3
    - Java 6 Update 5

  • Supprime les traces d'AVG avec ceci.

  • Refais un scan RSIT et poste le rapport log.
    3 Mai 2009 18:16:53

    que je supprime java ? ca n'aura pas des csquences sur le fonctionnement de l'os ?
    3 Mai 2009 18:31:29

    ca été bcp plus vite, tout ca à cause de java et de avg ???

    voici le log

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by laurent at 2009-05-03 18:29:08
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 41 GB (31%) free of 131 GB
    Total RAM: 2047 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:29:34, on 03/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\laurent\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\laurent.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7475 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
    "SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
    "Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}]
    shell\AutoRun\command - D:\autorun.exe


    ======List of files/folders created in the last 1 months======

    2009-05-03 17:34:28 ----D---- C:\rsit
    2009-05-03 14:27:26 ----D---- C:\Windows\temp
    2009-05-03 14:19:09 ----D---- C:\ComboFix
    2009-05-03 14:19:08 ----A---- C:\Windows\system32\CF7448.exe
    2009-05-03 12:07:00 ----A---- C:\Windows\PSEXESVC.EXE
    2009-05-03 12:05:24 ----A---- C:\Windows\zip.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\vFind.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\SWREG.exe
    2009-05-03 12:05:24 ----A---- C:\Windows\NIRCMD.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWXCACLS.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\SWSC.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\sed.exe
    2009-05-03 12:05:23 ----A---- C:\Windows\grep.exe
    2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
    2009-05-03 12:04:38 ----A---- C:\Windows\system32\swsc.exe
    2009-05-03 12:04:28 ----D---- C:\Qoobox
    2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
    2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
    2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
    2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
    2009-05-01 00:40:11 ----A---- C:\Windows\ntbtlog.txt
    2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
    2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
    2009-04-16 10:45:35 ----D---- C:\ProgramData\is-3CCN3
    2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
    2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
    2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
    2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-03 18:27:09 ----SHD---- C:\Windows\Installer
    2009-05-03 18:27:09 ----SHD---- C:\Config.Msi
    2009-05-03 18:26:48 ----D---- C:\Windows\System32
    2009-05-03 18:26:17 ----SHD---- C:\System Volume Information
    2009-05-03 18:24:45 ----D---- C:\Program Files\Java
    2009-05-03 18:24:44 ----D---- C:\Program Files\Common Files
    2009-05-03 15:18:25 ----D---- C:\Windows\inf
    2009-05-03 15:18:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-03 15:12:15 ----D---- C:\Windows\system32\drivers
    2009-05-03 15:08:08 ----A---- C:\Windows\system32\xcomm.dll
    2009-05-03 15:06:16 ----D---- C:\Windows
    2009-05-03 15:00:08 ----D---- C:\ProgramData\BitDefender
    2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-03 14:54:19 ----HD---- C:\ProgramData
    2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
    2009-05-03 14:27:36 ----A---- C:\Windows\system.ini
    2009-05-03 14:23:57 ----D---- C:\Windows\AppPatch
    2009-05-03 14:19:08 ----D---- C:\Windows\system32\fr-FR
    2009-05-03 14:16:52 ----AD---- C:\ProgramData\TEMP
    2009-05-03 12:08:09 ----D---- C:\Windows\Prefetch
    2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-05-02 20:43:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-05-02 20:29:38 ----RD---- C:\Program Files
    2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
    2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
    2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
    2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
    2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
    2009-05-01 22:48:49 ----D---- C:\Windows\Minidump
    2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
    2009-05-01 12:31:15 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-01 09:55:26 ----D---- C:\Windows\system32\catroot2
    2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
    2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
    2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
    2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
    2009-04-16 17:43:21 ----D---- C:\Windows\Debug
    2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
    2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
    2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
    2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
    2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus
    2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
    R1 is-3CCN3drv;is-3CCN3drv; C:\Windows\system32\DRIVERS\90033959.sys [2008-07-08 148496]
    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
    R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-03 86792]
    R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
    R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
    R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
    R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
    R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    S3 catchme;catchme; \??\C:\Users\laurent\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
    S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
    S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
    S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
    R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
    R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
    R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
    S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-06 651720]
    S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
    S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
    S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]
    S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe []

    -----------------EOF-----------------
    a c 327 8 Sécurité
    3 Mai 2009 18:39:34

    Citation :
    que je supprime java ? ca n'aura pas des csquences sur le fonctionnement de l'os ?

    ---> J'ai oublié de te donner le lien pour télécharger la nouvelle version.

  • Mets à jour Java.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    AVG Anti-Spyware Guard

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    3 Mai 2009 18:46:17

    Si explorer.exe est supprimé, mon micro ne fonctionnera plus...
    a c 327 8 Sécurité
    3 Mai 2009 18:56:54

    Je ne supprime pas l'explorer, je l'éteins momentanément.
    3 Mai 2009 19:10:38

    ok je comprends

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========

    Service\Driver AVG Anti-Spyware Guard deleted successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\Users\laurent\AppData\Local\Temp\etilqs_LJtzmZzGyY4XyocF1P6b scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    Windows Temp folder emptied.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05032009_185905

    Files moved on Reboot...
    File C:\Users\laurent\AppData\Local\Temp\etilqs_LJtzmZzGyY4XyocF1P6b not found!
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\urlclassifier3.sqlite moved successfully.
    C:\Users\laurent\AppData\Local\Mozilla\Firefox\Profiles\0arp8l29.default\XUL.mfl moved successfully.
    a c 327 8 Sécurité
    3 Mai 2009 19:19:46

    Ton PC va bien ?
    3 Mai 2009 19:27:22

    il semble fonctionner normalement, firefox ne me fait plus de trucs bizarre, genre ouvrir une page de pub

    tu penses que le nettoyage est complet ?

    les types de trojans qui m'ont infectés ("generic", "autorun", "DNSChanger") sont dangereux jusqu'à quel point ? je ne trouve pas bcp d'infos sur le net

    l'autorun a à un moment touché mon disque dur externe. Je l'ai scanné, a priori il est ok. Penses-tu que c ok ?

    Merci
    a c 327 8 Sécurité
    3 Mai 2009 19:44:55

    Citation :
    DNSChanger

    ---> Cette infection détourne tes recherches sur Internet.

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    3 Mai 2009 20:28:34

    voici

    j'ai l'impression qu'il a trouvé qq chose


    ############################## [ UsbFix V3.016 # Scan ]

    # User : laurent (Administrateurs) # PC-DE-LAURENT
    # Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 20:25:46 | 03/05/2009

    # Intel(R) Pentium(R) 4 CPU 2.60GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
    # FW : Bitdefender Firewall[ Enabled ]8.0

    # C:\ # Disque fixe local # 127,99 Go (35,85 Go free) # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible # 7,5 Go (3,51 Go free) # FAT32
    # I:\ # Disque fixe local # 298,02 Go (213,86 Go free) [My Book] # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\NMSAccessU.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    HKCU_Main: "Start Page"="http://www.msn.com/"
    HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: BDAgent="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    HKLM_Run: SoundMan=SOUNDMAN.EXE
    HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
    HKCU_Run: Eraser=C:\Program Files\Eraser\Eraser.exe -hide
    HKCU_Run: Google Update="C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    HKCU_Run: Messenger (Yahoo!)="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]

    Found ! I:\Setup.exe

    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\I\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # UsbFix V3.016 ! ]
    a c 327 8 Sécurité
    3 Mai 2009 20:35:47

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau .

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    3 Mai 2009 20:46:41

    voici

    ############################## [ UsbFix V3.016 # Cleaning ]

    # User : laurent (Administrateurs) # PC-DE-LAURENT
    # Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 20:41:27 | 03/05/2009

    # Intel(R) Pentium(R) 4 CPU 2.60GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 7.0.6001.18000
    # Windows Firewall Status : Disabled
    # AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
    # FW : Bitdefender Firewall[ Enabled ]8.0

    # C:\ # Disque fixe local # 127,99 Go (35,77 Go free) # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible # 7,5 Go (3,51 Go free) # FAT32
    # I:\ # Disque fixe local # 298,02 Go (213,86 Go free) [My Book] # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\NMSAccessU.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Windows Calendar\wincal.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! I:\Setup.exe

    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\I\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f00a35d0-6d35-11dc-9690-806e6f6e6963}\Shell\AutoRun\command

    ################## [ Listing des fichiers présent ]

    [18/09/2006 23:43|--a------|24] - C:\autoexec.bat
    [27/09/2007 21:55|---hs----|356] - C:\Boot.BAK
    [27/09/2007 23:11|-rahs----|356] - C:\Boot.ini.saved
    [28/08/2001 14:00|-rahs----|4952] - C:\Bootfont.bin
    [19/01/2008 09:45|-rahs----|333203] - C:\bootmgr
    [27/09/2007 23:11|-ra-s----|8192] - C:\BOOTSECT.BAK
    [18/09/2006 23:43|--a------|10] - C:\config.sys
    [10/09/2007 00:17|--a------|1634] - C:\DVD2Mp4_Log.txt
    [02/07/2007 20:18|-rahs----|0] - C:\IO.SYS
    [02/07/2007 20:18|-rahs----|0] - C:\MSDOS.SYS
    [02/07/2007 22:12|-rahs----|47564] - C:\NTDETECT.COM
    [02/07/2007 22:12|-rahs----|251712] - C:\ntldr
    [18/09/2007 20:52|--a------|9323] - C:\OldSDB_log.txt
    [?|?|?] - C:\pagefile.sys
    [25/08/2007 00:48|--ah-----|268] - C:\sqmdata00.sqm
    [26/08/2007 00:31|--ah-----|268] - C:\sqmdata01.sqm
    [26/08/2007 23:56|--ah-----|268] - C:\sqmdata02.sqm
    [28/08/2007 00:11|--ah-----|268] - C:\sqmdata03.sqm
    [28/08/2007 21:36|--ah-----|268] - C:\sqmdata04.sqm
    [30/08/2007 00:30|--ah-----|268] - C:\sqmdata05.sqm
    [02/09/2007 00:14|--ah-----|268] - C:\sqmdata06.sqm
    [05/09/2007 00:14|--ah-----|268] - C:\sqmdata07.sqm
    [06/09/2007 00:31|--ah-----|268] - C:\sqmdata08.sqm
    [07/09/2007 00:12|--ah-----|268] - C:\sqmdata09.sqm
    [10/09/2007 01:09|--ah-----|268] - C:\sqmdata10.sqm
    [25/08/2007 00:48|--ah-----|244] - C:\sqmnoopt00.sqm
    [26/08/2007 00:31|--ah-----|244] - C:\sqmnoopt01.sqm
    [26/08/2007 23:56|--ah-----|244] - C:\sqmnoopt02.sqm
    [28/08/2007 00:11|--ah-----|244] - C:\sqmnoopt03.sqm
    [28/08/2007 21:36|--ah-----|244] - C:\sqmnoopt04.sqm
    [30/08/2007 00:30|--ah-----|244] - C:\sqmnoopt05.sqm
    [02/09/2007 00:14|--ah-----|244] - C:\sqmnoopt06.sqm
    [05/09/2007 00:14|--ah-----|244] - C:\sqmnoopt07.sqm
    [06/09/2007 00:31|--ah-----|244] - C:\sqmnoopt08.sqm
    [07/09/2007 00:12|--ah-----|244] - C:\sqmnoopt09.sqm
    [10/09/2007 01:09|--ah-----|244] - C:\sqmnoopt10.sqm
    [03/05/2009 20:44|--a------|5036] - C:\UsbFix.txt
    [15/07/2007 13:06|--a------|186] - C:\VundoFix.txt
    [27/09/2007 23:56|--a------|158] - C:\YServer.txt
    [19/12/2008 09:18|--a------|511254] - I:\resistancecgtDPR.bmp
    [10/05/2005 14:54|--a------|231936] - I:\ChefAmediter.doc
    [30/06/2005 08:27|--a------|41472] - I:\ArtDuMgtResumes.doc
    [30/06/2005 08:49|--a------|301056] - I:\ArtDuMgt2.doc
    [29/04/2005 10:37|--a------|111616] - I:\ABC CGoshn.doc
    [25/04/2005 12:26|--a------|885760] - I:\QE.doc
    [08/07/2004 08:08|--a------|1009432] - I:\Xcanadair.exe
    [06/08/2008 08:41|--a------|101888] - I:\Helic_ptero.pps
    [14/12/2007 08:39|--a------|4840000] - I:\debit051207.rtf
    [14/12/2007 08:41|--a------|75776] - I:\debit051207.doc
    [14/12/2007 13:45|--a------|33792] - I:\LettreoppositionHSBC France.doc
    [24/07/2007 10:07|--a------|29184] - I:\Lettre Police Levallois.doc
    [14/04/2006 16:12|--a------|288319] - I:\MgtAvecChinois20060414_6.pdf
    [22/11/2006 16:17|--a------|1088512] - I:\VTT.doc
    [25/10/2006 13:40|--a------|84355] - I:\FormulesExcel.zip
    [21/11/2008 13:14|--a------|35532] - I:\bordeaux-carte.gif

    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # E:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    # -> Nothing found !

    ################## [ ! Fin du rapport # UsbFix V3.016 ! ]

    a c 327 8 Sécurité
    3 Mai 2009 20:48:46

    1/

  • Désinstalle HijackThis et UsbFix.

  • Télécharge OTCleanIt sur ton Bureau :
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Réactive l'UAC si ce n'est pas déjà fait.

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer.

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    3 Mai 2009 21:24:18

    ok, j'ai tout purgé. J'avais deja remis l'uac
    je ne connaissais pas mbam, je le garde effectivement, meme si j'ai l'impression que à partir du moment ou un malware est passé, il faut chercher les fix et savoir analyser les logs pour s'en sortir. les logiciels" cles en main" ne sont pas assez puissants.
    les articles sont intéressants, je suis dans le cas du telechargement de video (erreur num 1). Windows media n'avait pas le codec appropriés, qu'il m'a proposé de telechargé, je me suis dit c'est sans danger car windows media (seconde erreur). Et la j'étais mort quand j'ai vu mon antivirus tout de suite m'alerter qu'un trojan voulait s'executer.

    En tout cas je te remercie bcp. J'ai été très impressionné par ta vitesse d'analyse et par ta disponibilité en ce dimanche !

    Merci encore
    salut ;-)



    a c 327 8 Sécurité
    3 Mai 2009 21:32:45

    Les virus sont de plus en plus difficiles à retirer.

    Bonne soirée ;) 
    4 Mai 2009 23:41:09

    Bonsoir

    Malheureusement il y a encore des trucs qui trainent. Et pourtant je n'ai rien téléchargé.

    Voici ce qu'à trouvé mbam hier

    04/05/2009 00:30:16
    mbam-log-2009-05-04 (00-30-16).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 175241
    Temps écoulé: 49 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmsaccessu (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Common Files\NMSAccessU.exe (Trojan.Agent) -> Delete on reboot.

    EN ce moment j'ai A2 squared qui scan, et a déjà trouvé un trojan dans un fichier

    C:\Windows\System32\drivers\gxvxcirvxbqwqtcrbdwcykiuxebqivivnwmkr.sys.vir Objets détectés : Trojan.Win32.Agent2.iml!A2

    galère...

    Une idée pour arriver à tout nettoyer ?

    merci par avance

    a c 327 8 Sécurité
    5 Mai 2009 00:05:13

    Refais la manip' avec ComboFix.
    8 Mai 2009 13:27:04

    bonjour Destrio

    voici le log de Combofix

    ComboFix 09-05-07.06 - laurent 08/05/2009 1:10.5 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.1434 [GMT 2:00]
    Lancé depuis: c:\users\laurent\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
    FW: Bitdefender Firewall *enabled*
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\windows\system32\xcomm.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-07 au 2009-05-07 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-03 18:24 . 2009-05-03 18:54 -------- d-----w C:\UsbFix
    2009-05-02 08:52 . 2009-05-02 08:52 -------- d-----w c:\users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 08:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-02 08:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\programdata\Malwarebytes
    2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\users\All Users\Malwarebytes
    2009-05-02 08:51 . 2009-05-02 08:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-02 08:32 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
    2009-05-02 08:32 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
    2009-05-02 08:32 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
    2009-05-02 08:32 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
    2009-05-02 08:32 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\programdata\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\All Users\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\program files\Trojan Remover
    2009-05-01 09:25 . 2009-05-04 21:39 -------- d-----w c:\program files\a-squared Free
    2009-04-30 21:10 . 2009-04-30 21:10 -------- d-----w c:\users\laurent\AppData\Local\Yahoo
    2009-04-17 18:27 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
    2009-04-17 18:27 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-04-17 18:26 . 2009-04-17 18:26 -------- d-----w c:\program files\iPod
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\program files\iTunes
    2009-04-16 08:46 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-16 08:45 . 2009-04-16 08:45 -------- d-----w c:\programdata\is-3CCN3
    2009-04-16 08:45 . 2009-04-16 08:45 -------- d-----w c:\users\All Users\is-3CCN3
    2009-04-16 08:44 . 2009-05-07 23:17 234969120 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-04-16 08:44 . 2008-07-08 12:54 148496 ----a-w c:\windows\system32\drivers\90033959.sys
    2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 08:31 . 2009-04-16 08:31 -------- d-----w c:\program files\Lavasoft
    2009-04-15 21:44 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 21:44 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 21:44 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-07 23:05 . 2006-11-02 15:48 668580 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-07 23:05 . 2006-11-02 15:48 122972 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-07 23:01 . 2007-09-27 20:28 8620 ----a-w c:\users\laurent\AppData\Local\d3d9caps.dat
    2009-05-07 22:59 . 2009-04-16 08:44 2744492 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-05-07 22:40 . 2007-10-28 23:02 81984 ----a-w c:\windows\system32\bdod.bin
    2009-05-03 21:30 . 2008-09-15 21:50 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-05-03 17:07 . 2007-09-27 20:30 56712 ----a-w c:\users\laurent\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-03 16:24 . 2007-09-27 21:05 -------- d-----w c:\program files\Java
    2009-05-03 13:08 . 2007-07-30 16:47 86792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2009-05-03 13:02 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-05-03 13:02 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-05-03 13:02 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-05-02 18:43 . 2007-09-27 20:45 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-05-01 10:45 . 2009-03-22 18:41 -------- d-----w c:\program files\Free Hide Folder
    2009-04-17 18:26 . 2007-09-27 23:08 -------- d-----w c:\program files\Common Files\Apple
    2009-04-16 13:55 . 2008-03-07 20:46 -------- d-----w c:\program files\Common Files\BitDefender
    2009-03-28 19:46 . 2009-03-28 19:46 -------- d-----w c:\program files\WinHTTrack
    2009-03-28 18:49 . 2009-03-28 18:49 -------- d-----w c:\program files\FastStone Image Viewer
    2009-03-28 17:46 . 2008-03-01 23:51 -------- d-----w c:\program files\Windows Live
    2009-03-28 17:46 . 2009-03-28 17:46 -------- d-----w c:\program files\Microsoft Sync Framework
    2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Microsoft
    2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-28 17:18 . 2009-03-28 17:18 -------- d-----w c:\program files\Common Files\Windows Live
    2009-03-26 21:43 . 2008-11-21 22:52 -------- d-----w c:\program files\Common Files\Adobe
    2009-03-22 21:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-03-22 19:17 . 2007-09-29 11:47 1801 ----a-w c:\users\All Users\xmlDC30.tmp
    2009-03-22 19:17 . 2007-09-29 11:47 1801 ----a-w c:\programdata\xmlDC30.tmp
    2009-03-22 19:17 . 2008-07-15 18:26 13283 ----a-w c:\users\All Users\xml3647.tmp
    2009-03-22 19:17 . 2008-07-15 18:26 13283 ----a-w c:\programdata\xml3647.tmp
    2009-03-22 19:17 . 2007-09-29 11:46 9017 ----a-w c:\users\All Users\xmlC8E4.tmp
    2009-03-22 19:17 . 2007-09-29 11:46 9017 ----a-w c:\programdata\xmlC8E4.tmp
    2009-03-22 19:00 . 2007-09-29 19:27 -------- d-----w c:\program files\Common Files\InstallShield
    2009-03-22 19:00 . 2007-09-30 11:17 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-22 18:30 . 2009-03-22 18:30 -------- d-----w c:\program files\CCleaner
    2009-03-17 03:38 . 2009-04-15 21:43 13824 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 21:43 24064 ----a-w c:\windows\system32\amxread.dll
    2009-03-13 19:11 . 2009-03-13 19:10 -------- d-----w c:\program files\QuickTime
    2009-03-03 04:46 . 2009-04-15 21:43 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:46 . 2009-04-15 21:43 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:40 . 2009-04-15 21:43 827392 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:39 . 2009-04-15 21:43 183296 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:39 . 2009-04-15 21:43 551424 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:39 . 2009-04-15 21:43 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:37 . 2009-04-15 21:43 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:37 . 2009-04-15 21:43 98304 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:37 . 2009-04-15 21:43 54784 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:37 . 2009-04-15 21:43 44032 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 03:04 . 2009-04-15 21:43 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:38 . 2009-04-15 21:43 17408 ----a-w c:\windows\system32\iashost.exe
    2009-03-03 02:28 . 2009-04-15 21:43 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-02-13 08:49 . 2009-04-15 21:43 72704 ----a-w c:\windows\system32\secur32.dll
    2009-02-13 08:49 . 2009-04-15 21:43 1255936 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 03:10 . 2009-03-11 17:08 2033152 ----a-w c:\windows\system32\win32k.sys
    2008-06-15 20:57 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    2007-11-06 23:41 . 2007-11-06 23:41 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_22.43.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-09-27 21:20 . 2009-05-07 23:02 64064 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-05-07 23:02 64234 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-09-27 20:30 . 2009-05-07 23:02 18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2619479018-2474381927-3083531991-1000_UserData.bin
    - 2009-05-07 22:41 . 2009-05-07 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-05-07 23:00 . 2009-05-07 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-05-07 22:41 . 2009-05-07 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-05-07 23:00 . 2009-05-07 23:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-05-07 23:05 586568 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 16:57 586568 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-07 23:05 100640 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-05-07 16:57 100640 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
    "Google Update"="c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-04-16 368640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe"
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" /reg

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{CC4B21C0-FE86-4E39-8C1F-8BC87A2B8421}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{3F76248B-A444-4625-96AD-A7D10E26F888}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{85C997BA-912A-43BA-B3BB-274A12C2F54B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{AC717F5B-391F-4D8B-81AE-91DE3336E012}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{B3A77AE9-3890-4AAC-A302-AD4E9C2D89A2}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{78F81B8B-67F3-4EE0-BCEF-0D5F3E41C2FA}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{C0EB25DA-F2CF-4923-B43F-22961196180C}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{7B2B3E1F-43EE-4613-842E-9AAEDAB68BE2}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{A3264C63-F061-4221-8DF9-FEA74E51890A}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{DFC88F7E-E252-463A-B23B-B30CEFCE4904}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "TCP Query User{16D8786F-AB7C-4178-87EC-CF12CEE7D3E4}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{7BA2704D-85C8-41FD-8263-F5D6E87D7906}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{249EC9AC-1C0A-48F6-B58B-7CF3E8F64D2E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{45FEBFD6-E7BF-4B5E-91CE-A105831F69C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "{EC568267-D96C-4700-B020-8F0E68A2E93F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{15D61B21-B028-4AD8-B315-1B1766136084}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{FF365487-B197-4D61-BC7A-1219A78A497B}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{E9F16C3F-0FB1-4480-87B7-82F4526B5945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{92456BAA-0402-41FD-8540-EE7C2EA1D985}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [16/04/2009 10:46 64160]
    R1 is-3CCN3drv;is-3CCN3drv;c:\windows\System32\drivers\90033959.sys [16/04/2009 10:44 148496]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 15:02 163840]
    R2 dvdmmg;dvdmmg;c:\windows\System32\drivers\dvdmmg.sys [06/09/2007 12:15 5504]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [30/07/2007 18:47 86792]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [28/03/2009 19:46 55280]
    S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/11/2007 01:40 1840128]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 21:06 951632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

    2009-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    - c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 19:54]

    2009-05-07 c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-15 07:33]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    FF - ProfilePath - c:\users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\0arp8l29.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?client=firefox-a&rls=org.mozilla:fr:o fficial&oe=UTF-8&hl=fr&channel=s&tab=wn&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\laurent\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 01:17
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\users\laurent\AppData\Local\Temp\catchme.dll 53248 bytes executable

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000
    .
    Heure de fin: 2009-05-07 2:14
    ComboFix-quarantined-files.txt 2009-05-08 00:14

    Avant-CF: 44 974 252 032 octets libres
    Après-CF: 44 942 753 792 octets libres

    235 --- E O F --- 2009-05-07 16:55
    a c 327 8 Sécurité
    8 Mai 2009 14:58:45

    /!\ Seul lolo_18 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    is-3CCN3drv

    File::
    c:\windows\system32\drivers\90033959.sys
    c:\users\All Users\xmlDC30.tmp
    c:\programdata\xmlDC30.tmp
    c:\users\All Users\xml3647.tmp
    c:\programdata\xml3647.tmp
    c:\users\All Users\xmlC8E4.tmp
    c:\programdata\xmlC8E4.tmp

    Folder::
    c:\programdata\is-3CCN3
    c:\users\All Users\is-3CCN3


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    9 Mai 2009 00:04:27

    c'est dait, voici le rapport:

    ComboFix 09-05-02.4 - laurent 08/05/2009 22:38.6 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.1174 [GMT 2:00]
    Lancé depuis: c:\users\laurent\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\laurent\Desktop\CFScript.txt
    AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
    FW: Bitdefender Firewall *disabled*

    FILE ::
    c:\programdata\xml3647.tmp
    c:\programdata\xmlC8E4.tmp
    c:\programdata\xmlDC30.tmp
    c:\users\All Users\xml3647.tmp
    c:\users\All Users\xmlC8E4.tmp
    c:\users\All Users\xmlDC30.tmp
    c:\windows\system32\drivers\90033959.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\is-3CCN3
    c:\programdata\is-3CCN3\~PRCustomProps#122.dat
    c:\programdata\is-3CCN3\~PRObjects#122.dat
    c:\programdata\xml3647.tmp
    c:\programdata\xmlC8E4.tmp
    c:\programdata\xmlDC30.tmp
    c:\users\All Users\is-3CCN3\~PRCustomProps#122.dat
    c:\users\All Users\is-3CCN3\~PRObjects#122.dat
    c:\windows\system32\drivers\90033959.sys
    c:\windows\system32\xcomm.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IS-3CCN3DRV
    -------\Service_is-3CCN3drv


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-03 18:24 . 2009-05-03 18:54 -------- d-----w C:\UsbFix
    2009-05-02 08:52 . 2009-05-02 08:52 -------- d-----w c:\users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 08:52 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-02 08:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\programdata\Malwarebytes
    2009-05-02 08:51 . 2009-05-02 08:51 -------- d-----w c:\users\All Users\Malwarebytes
    2009-05-02 08:51 . 2009-05-02 08:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-02 08:32 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
    2009-05-02 08:32 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
    2009-05-02 08:32 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
    2009-05-02 08:32 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
    2009-05-02 08:32 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\programdata\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\All Users\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 08:32 . 2009-05-02 08:32 -------- d-----w c:\program files\Trojan Remover
    2009-05-01 09:25 . 2009-05-08 15:40 -------- d-----w c:\program files\a-squared Free
    2009-04-30 21:10 . 2009-04-30 21:10 -------- d-----w c:\users\laurent\AppData\Local\Yahoo
    2009-04-17 18:27 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
    2009-04-17 18:27 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-04-17 18:26 . 2009-04-17 18:26 -------- d-----w c:\program files\iPod
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 18:26 . 2009-04-17 18:27 -------- d-----w c:\program files\iTunes
    2009-04-16 08:46 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
    2009-04-16 08:44 . 2009-05-08 20:45 248352800 --sha-w c:\windows\system32\drivers\fidbox.dat
    2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 08:31 . 2009-04-16 08:31 -------- dc-h--w c:\users\All Users\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 08:31 . 2009-04-16 08:31 -------- d-----w c:\program files\Lavasoft
    2009-04-15 21:44 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
    2009-04-15 21:44 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
    2009-04-15 21:44 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 20:49 . 2007-09-27 20:28 8620 ----a-w c:\users\laurent\AppData\Local\d3d9caps.dat
    2009-05-08 20:46 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
    2009-05-08 20:45 . 2009-04-16 08:44 2911460 --sha-w c:\windows\system32\drivers\fidbox.idx
    2009-05-08 20:45 . 2007-10-28 23:02 81984 ----a-w c:\windows\system32\bdod.bin
    2009-05-08 18:36 . 2007-09-27 21:08 422 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
    2009-05-08 16:07 . 2008-12-30 12:25 864 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    2009-05-08 11:45 . 2007-09-29 09:42 -------- d-----w c:\program files\SpywareBlaster
    2009-05-08 10:12 . 2006-11-02 15:48 668580 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-08 10:12 . 2006-11-02 15:48 122972 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-08 09:56 . 2007-07-30 16:47 86792 ----a-w c:\windows\system32\drivers\bdfndisf.sys
    2009-05-08 09:24 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-05-08 09:24 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-05-08 09:24 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-05-03 21:30 . 2008-09-15 21:50 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-05-03 17:07 . 2007-09-27 20:30 56712 ----a-w c:\users\laurent\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-03 16:24 . 2007-09-27 21:05 -------- d-----w c:\program files\Java
    2009-05-02 18:43 . 2007-09-27 20:45 -------- d-----w c:\program files\Spybot - Search & Destroy
    2009-05-01 10:45 . 2009-03-22 18:41 -------- d-----w c:\program files\Free Hide Folder
    2009-04-17 18:26 . 2007-09-27 23:08 -------- d-----w c:\program files\Common Files\Apple
    2009-04-16 13:55 . 2008-03-07 20:46 -------- d-----w c:\program files\Common Files\BitDefender
    2009-04-16 11:56 . 2009-04-16 08:46 512 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
    2009-03-28 19:46 . 2009-03-28 19:46 -------- d-----w c:\program files\WinHTTrack
    2009-03-28 18:49 . 2009-03-28 18:49 -------- d-----w c:\program files\FastStone Image Viewer
    2009-03-28 17:46 . 2008-03-01 23:51 -------- d-----w c:\program files\Windows Live
    2009-03-28 17:46 . 2009-03-28 17:46 -------- d-----w c:\program files\Microsoft Sync Framework
    2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Microsoft
    2009-03-28 17:39 . 2009-03-28 17:39 -------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-28 17:18 . 2009-03-28 17:18 -------- d-----w c:\program files\Common Files\Windows Live
    2009-03-26 21:43 . 2008-11-21 22:52 -------- d-----w c:\program files\Common Files\Adobe
    2009-03-22 21:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-03-22 19:00 . 2007-09-29 19:27 -------- d-----w c:\program files\Common Files\InstallShield
    2009-03-22 19:00 . 2007-09-30 11:17 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-22 18:30 . 2009-03-22 18:30 -------- d-----w c:\program files\CCleaner
    2009-03-17 03:38 . 2009-04-15 21:43 40960 ----a-w c:\windows\AppPatch\apihex86.dll
    2009-03-17 03:38 . 2009-04-15 21:43 13824 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 21:43 24064 ----a-w c:\windows\system32\amxread.dll
    2009-03-13 19:11 . 2009-03-13 19:10 -------- d-----w c:\program files\QuickTime
    2009-03-03 04:46 . 2009-04-15 21:43 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:46 . 2009-04-15 21:43 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:40 . 2009-04-15 21:43 827392 ----a-w c:\windows\system32\wininet.dll
    2009-03-03 04:39 . 2009-04-15 21:43 183296 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:39 . 2009-04-15 21:43 551424 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:39 . 2009-04-15 21:43 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:37 . 2009-04-15 21:43 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-03-03 04:37 . 2009-04-15 21:43 98304 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:37 . 2009-04-15 21:43 54784 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:37 . 2009-04-15 21:43 44032 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 03:04 . 2009-04-15 21:43 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:38 . 2009-04-15 21:43 17408 ----a-w c:\windows\system32\iashost.exe
    2009-03-03 02:28 . 2009-04-15 21:43 26624 ----a-w c:\windows\system32\ieUnatt.exe
    2009-02-13 08:49 . 2009-04-15 21:43 72704 ----a-w c:\windows\system32\secur32.dll
    2009-02-13 08:49 . 2009-04-15 21:43 1255936 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 03:10 . 2009-03-11 17:08 2033152 ----a-w c:\windows\system32\win32k.sys
    2008-06-15 20:57 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    2007-11-06 23:41 . 2007-11-06 23:41 135680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-07_22.43.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-09-27 21:20 . 2009-05-08 10:08 64460 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-05-08 10:08 64242 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2007-09-27 20:30 . 2009-05-08 10:08 18106 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2619479018-2474381927-3083531991-1000_UserData.bin
    - 2006-11-02 13:02 . 2009-05-07 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2006-11-02 13:02 . 2009-05-08 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2006-11-02 13:02 . 2009-05-07 16:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2006-11-02 13:02 . 2009-05-08 10:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2006-11-02 13:02 . 2009-05-07 16:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 13:02 . 2009-05-08 10:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-03-07 20:49 . 2009-05-08 09:24 57344 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\texticon.exe
    - 2008-03-07 20:49 . 2009-05-03 13:02 57344 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\texticon.exe
    - 2008-03-07 20:49 . 2009-05-03 13:02 22486 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\register_icon.exe
    + 2008-03-07 20:49 . 2009-05-08 09:25 22486 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\register_icon.exe
    - 2008-03-07 20:49 . 2009-05-03 13:02 32768 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\maintenance_icon.exe
    + 2008-03-07 20:49 . 2009-05-08 09:25 32768 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\maintenance_icon.exe
    - 2008-03-07 20:49 . 2009-05-03 13:02 61440 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\helpicon.exe
    + 2008-03-07 20:49 . 2009-05-08 09:25 61440 c:\windows\Installer\{2E105DF6-3210-4B9A-B584-B94645D7C0A8}\helpicon.exe
    + 2006-11-02 10:33 . 2009-05-08 10:12 586568 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-05-07 16:57 586568 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-05-08 10:12 100640 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-05-07 16:57 100640 c:\windows\System32\perfc009.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Eraser"="c:\program files\Eraser\Eraser.exe" [2007-07-28 277328]
    "Google Update"="c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2009-04-16 368640]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-08 516440]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-03 148888]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-09-10 604704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe"
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" /reg

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{CC4B21C0-FE86-4E39-8C1F-8BC87A2B8421}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{3F76248B-A444-4625-96AD-A7D10E26F888}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{85C997BA-912A-43BA-B3BB-274A12C2F54B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{AC717F5B-391F-4D8B-81AE-91DE3336E012}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{B3A77AE9-3890-4AAC-A302-AD4E9C2D89A2}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{78F81B8B-67F3-4EE0-BCEF-0D5F3E41C2FA}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service
    "{C0EB25DA-F2CF-4923-B43F-22961196180C}"= UDP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{7B2B3E1F-43EE-4613-842E-9AAEDAB68BE2}"= TCP:c:\program files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
    "{A3264C63-F061-4221-8DF9-FEA74E51890A}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "{DFC88F7E-E252-463A-B23B-B30CEFCE4904}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
    "TCP Query User{16D8786F-AB7C-4178-87EC-CF12CEE7D3E4}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{7BA2704D-85C8-41FD-8263-F5D6E87D7906}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "TCP Query User{249EC9AC-1C0A-48F6-B58B-7CF3E8F64D2E}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{45FEBFD6-E7BF-4B5E-91CE-A105831F69C2}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "{EC568267-D96C-4700-B020-8F0E68A2E93F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{15D61B21-B028-4AD8-B315-1B1766136084}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{FF365487-B197-4D61-BC7A-1219A78A497B}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{E9F16C3F-0FB1-4480-87B7-82F4526B5945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{92456BAA-0402-41FD-8540-EE7C2EA1D985}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    R3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    R3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-06 1840128]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-08 953168]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
    S2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
    S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-05-08 86792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contenu du dossier 'Tâches planifiées'

    2009-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:11]

    2009-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    - c:\users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 19:54]

    2009-05-08 c:\windows\Tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-15 07:33]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    FF - ProfilePath - c:\users\laurent\AppData\Roaming\Mozilla\Firefox\Profiles\0arp8l29.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?client=firefox-a&rls=org.mozilla:fr:o fficial&oe=UTF-8&hl=fr&channel=s&tab=wn&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\laurent\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 22:47
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\users\laurent\AppData\Local\Temp\BIT7039.tmp

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000

    [HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(9240)
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    c:\windows\System32\audiodg.exe
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\System32\conime.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Live\Contacts\wlcomm.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-08 23:38 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-08 21:38
    ComboFix2.txt 2009-05-08 00:14

    Avant-CF: 42 410 430 464 octets libres
    Après-CF: 42 241 388 544 octets libres

    291 --- E O F --- 2009-05-07 16:55
    a c 327 8 Sécurité
    9 Mai 2009 00:13:53

    C'est mieux ?
    11 Mai 2009 22:55:03

    Et bien ca allait mieux ce we - à part qques alertes "weborama"' éliminés par a2free. Et puis en allumant mon ordi tout à l'heure, une fenetre (ms dos je pense) s'est rapidement ouverte puis fermée (genre un prog qui se lance) juste au moment ou mon bureau apparaissait.
    Qques secondes après j'avais des messages parasite dans MSN venant de l'adresse d'un pote... J'ai lancé un scan MBAM qui n'a rien trouvé. En ce moment A2free tourne.
    a c 327 8 Sécurité
    12 Mai 2009 00:07:55

  • Refais un scan RSIT et poste le rapport log.
    12 Mai 2009 21:27:45

    salut
    voici:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by laurent at 2009-05-12 21:04:56
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 32 GB (25%) free of 131 GB
    Total RAM: 2047 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:05:43, on 12/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\laurent\Documents\Securite\Scanneurs\RSIT.exe
    C:\Program Files\trend micro\laurent.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [Google Update] "C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6910 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2619479018-2474381927-3083531991-1000.job
    C:\Windows\tasks\User_Feed_Synchronization-{31CC240F-9C30-43F7-8796-4DA3EDEF098D}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-03 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-04-16 86016]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2009-04-16 368640]
    "SoundMan"=C:\Windows\SOUNDMAN.EXE [2008-09-10 604704]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-08 516440]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-03 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Eraser"=C:\Program Files\Eraser\Eraser.exe [2007-07-28 277328]
    "Google Update"=C:\Users\laurent\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0
    "NoWinKeys"=0
    "NoDriveAutoRun"=FFFFFFFF
    "NoDriveTypeAutoRun"=36

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=
    "NoLogOff"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2009-05-12 21:04:56 ----D---- C:\rsit
    2009-05-10 14:55:05 ----D---- C:\Users\laurent\AppData\Roaming\Flickr
    2009-05-10 14:54:25 ----D---- C:\Program Files\Flickr Uploadr
    2009-05-09 14:10:04 ----D---- C:\Program Files\CCleaner
    2009-05-09 13:55:53 ----D---- C:\Windows\system32\syncdb
    2009-05-09 13:47:42 ----A---- C:\Windows\system32\lsdelete.exe
    2009-05-08 23:38:16 ----D---- C:\Windows\temp
    2009-05-08 23:38:15 ----A---- C:\ComboFix.txt
    2009-05-08 00:31:41 ----A---- C:\Windows\zip.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\vFind.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\SWSC.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\SWREG.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\sed.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\NIRCMD.exe
    2009-05-08 00:31:41 ----A---- C:\Windows\grep.exe
    2009-05-08 00:31:40 ----A---- C:\Windows\SWXCACLS.exe
    2009-05-08 00:25:29 ----D---- C:\Qoobox
    2009-05-03 23:31:03 ----A---- C:\Windows\system32\javaws.exe
    2009-05-03 23:30:48 ----A---- C:\Windows\system32\javaw.exe
    2009-05-03 23:30:48 ----A---- C:\Windows\system32\java.exe
    2009-05-03 20:44:59 ----RASHD---- C:\autorun.inf
    2009-05-03 20:41:23 ----A---- C:\UsbFix.txt
    2009-05-03 20:24:06 ----D---- C:\UsbFix
    2009-05-03 12:04:54 ----D---- C:\Windows\ERDNT
    2009-05-02 10:52:06 ----D---- C:\Users\laurent\AppData\Roaming\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\ProgramData\Malwarebytes
    2009-05-02 10:51:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunrar36.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvunace26.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\ztvcabinet.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\UNRAR3.dll
    2009-05-02 10:32:48 ----A---- C:\Windows\system32\unacev2.dll
    2009-05-02 10:32:43 ----D---- C:\Users\laurent\AppData\Roaming\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\ProgramData\Simply Super Software
    2009-05-02 10:32:43 ----D---- C:\Program Files\Trojan Remover
    2009-05-01 11:25:42 ----D---- C:\Program Files\a-squared Free
    2009-05-01 01:15:10 ----A---- C:\Windows\bdagent.INI
    2009-04-17 20:27:12 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-04-17 20:26:49 ----D---- C:\Program Files\iPod
    2009-04-17 20:26:45 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-17 20:26:44 ----D---- C:\Program Files\iTunes
    2009-04-16 10:31:53 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-04-16 10:31:47 ----D---- C:\Program Files\Lavasoft
    2009-04-15 23:44:09 ----A---- C:\Windows\system32\winhttp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\xolehlp.dll
    2009-04-15 23:44:06 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\rpcss.dll
    2009-04-15 23:43:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-04-15 23:43:57 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-04-15 23:43:56 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\sdohlp.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasrecst.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iashost.exe
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-04-15 23:43:55 ----A---- C:\Windows\system32\iasads.dll
    2009-04-15 23:43:46 ----A---- C:\Windows\system32\lsasrv.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\secur32.dll
    2009-04-15 23:43:45 ----A---- C:\Windows\system32\kernel32.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\apilogen.dll
    2009-04-15 23:43:44 ----A---- C:\Windows\system32\amxread.dll
    2009-04-15 23:43:37 ----A---- C:\Windows\system32\mshtml.dll
    2009-04-15 23:43:35 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-15 23:43:34 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\wininet.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-15 23:43:33 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\occache.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieencode.dll
    2009-04-15 23:43:32 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-15 23:43:31 ----A---- C:\Windows\system32\mstime.dll
    2009-04-15 23:43:30 ----A---- C:\Windows\system32\jsproxy.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-12 21:05:43 ----D---- C:\Program Files\Trend Micro
    2009-05-12 21:05:20 ----D---- C:\Windows\Prefetch
    2009-05-12 20:56:19 ----D---- C:\Windows\System32
    2009-05-12 19:31:02 ----D---- C:\Windows\inf
    2009-05-12 19:31:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-11 19:49:13 ----AD---- C:\ProgramData\TEMP
    2009-05-11 19:24:44 ----D---- C:\Windows\system32\catroot2
    2009-05-11 19:24:39 ----SHD---- C:\System Volume Information
    2009-05-11 19:18:45 ----SHD---- C:\Config.Msi
    2009-05-11 19:18:45 ----D---- C:\Windows
    2009-05-10 23:51:29 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-05-10 23:51:26 ----D---- C:\Windows\Debug
    2009-05-10 14:54:43 ----SHD---- C:\Windows\Installer
    2009-05-10 14:54:25 ----RD---- C:\Program Files
    2009-05-09 14:05:37 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-09 14:01:27 ----D---- C:\Users\laurent\AppData\Roaming\Adobe
    2009-05-09 14:01:26 ----D---- C:\Program Files\Adobe
    2009-05-09 13:59:40 ----D---- C:\Program Files\Common Files\Adobe
    2009-05-09 13:58:05 ----D---- C:\Program Files\Common Files
    2009-05-09 00:40:53 ----D---- C:\Windows\system32\drivers
    2009-05-09 00:20:01 ----D---- C:\ProgramData\BitDefender
    2009-05-08 23:49:36 ----A---- C:\Windows\system32\xcomm.dll
    2009-05-08 23:38:18 ----D---- C:\Windows\system32\fr-FR
    2009-05-08 22:47:55 ----A---- C:\Windows\system.ini
    2009-05-08 22:45:20 ----SHD---- C:\Boot
    2009-05-08 22:45:20 ----D---- C:\Windows\system32\config
    2009-05-08 22:42:23 ----D---- C:\Windows\AppPatch
    2009-05-08 22:39:12 ----HD---- C:\ProgramData
    2009-05-08 13:45:07 ----D---- C:\Program Files\SpywareBlaster
    2009-05-03 23:30:17 ----A---- C:\Windows\system32\deploytk.dll
    2009-05-03 21:06:04 ----D---- C:\Windows\Minidump
    2009-05-03 18:24:45 ----D---- C:\Program Files\Java
    2009-05-03 14:54:19 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-03 14:46:39 ----D---- C:\Windows\winsxs
    2009-05-02 20:43:25 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-05-02 19:51:04 ----SHD---- C:\RECYCLER
    2009-05-02 09:14:44 ----D---- C:\Windows\system32\ZoneLabs
    2009-05-02 09:14:44 ----D---- C:\Windows\Internet Logs
    2009-05-02 09:09:57 ----D---- C:\Users\laurent\AppData\Roaming\CheckPoint
    2009-05-02 09:09:37 ----D---- C:\Windows\system32\catroot
    2009-05-01 12:45:17 ----D---- C:\Program Files\Free Hide Folder
    2009-05-01 00:32:04 ----D---- C:\ProgramData\avg8
    2009-05-01 00:30:32 ----SD---- C:\Users\laurent\AppData\Roaming\Microsoft
    2009-04-30 23:08:17 ----D---- C:\ProgramData\Yahoo!
    2009-04-30 23:07:54 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-04-17 20:27:12 ----DC---- C:\Windows\system32\DRVSTORE
    2009-04-17 20:26:47 ----D---- C:\Program Files\Common Files\Apple
    2009-04-16 17:35:17 ----D---- C:\Users\laurent\AppData\Roaming\OpenOffice.org2
    2009-04-16 15:55:36 ----D---- C:\Program Files\Common Files\BitDefender
    2009-04-16 10:46:32 ----D---- C:\Windows\system32\Tasks
    2009-04-16 10:46:31 ----D---- C:\Windows\Tasks
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\wbem
    2009-04-16 00:48:36 ----D---- C:\Windows\system32\manifeststore
    2009-04-16 00:48:34 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 23:38:14 ----D---- C:\Users\laurent\AppData\Roaming\Azureus

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-04-16 156688]
    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-07 56108]
    R2 dvdmmg;dvdmmg; \??\C:\Windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-09-16 4127648]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-05-09 86792]
    R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2009-04-16 8320]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
    R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
    R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
    R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
    R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
    S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
    S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
    S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2006-11-02 1897664]
    S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
    S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
    S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
    S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-10-19 23600]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R01000000 papycpu2;papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
    R01000000 papyjoy;papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
    R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-25 425080]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-16 1179648]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
    R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2009-04-16 1261568]
    R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2009-04-16 86016]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-08 953168]
    R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
    S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
    S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-07 1840128]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe [2007-09-11 184504]
    S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe [2007-09-11 1265856]

    -----------------EOF-----------------



    ------------------------------
    info.txt logfile of random's system information tool 1.06 2009-05-12 21:05:47

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    AV Video Morpher-->C:\Program Files\AV Video Morpher\uninstall.exe
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    BitDefender Internet Security 2008-->MsiExec.exe /I{2E105DF6-3210-4B9A-B584-B94645D7C0A8}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Eraser-->"C:\ProgramData\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
    Eraser-->C:\ProgramData\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
    FastStone Image Viewer 3.7-->C:\Program Files\FastStone Image Viewer\uninst.exe
    FileZilla Client 3.2.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Flickr Uploadr 3.1.4-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
    Free Hide Folder-->C:\PROGRA~1\FREEHI~1\UNWISE.EXE C:\PROGRA~1\FREEHI~1\INSTALL.LOG
    Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
    Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    K-Lite Codec Pack 3.4.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}
    NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
    OpenOffice.org 2.4-->MsiExec.exe /I{2A1AA9CF-2E7D-4235-BDAB-8FA4291DD5D8}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PENTAX Digital Camera Utility-->C:\PROGRA~1\PENTAX\DIGITA~1\UNINST.EXE C:\PROGRA~1\PENTAX\DIGITA~1\INSTALL.LOG
    PENTAX Raw Codec-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{E52226B3-808E-403C-A9C0-6904BFC80ED8} /l1033 UNINSTALL
    PENTAX REMOTE Assistant version 3.50-->C:\PROGRA~1\PENTAX\DIGITA~1\RAUNIN~1.EXE C:\PROGRA~1\PENTAX\DIGITA~1\RAINSTALL03.LOG
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
    Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RarZilla Free Unrar 2.12-->C:\Program Files\RarZilla Free Unrar\uninstall.exe
    Realtek AC'97 Audio-->Alcrmv.exe -r -m
    Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
    SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SiSoftware Sandra Lite XIIc-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\unins000.exe"
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
    StudioLine Photo Basic-->C:\Program Files\StudioLine Photo Basic\SLUninst.exe
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Tor 0.1.2.17-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
    Trojan Remover 6.7.8-->"C:\Program Files\Trojan Remover\unins000.exe"
    TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    Vidalia 0.0.14-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
    VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
    Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
    WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"
    XPC Tools-->C:\Windows\IsUninst.exe -f"C:\Program Files\Shuttle\XPC Tools\Uninst.isu"
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

    ======Security center information======

    AV: Bitdefender Antivirus
    FW: Bitdefender Firewall
    AS: BitDefender AntiSpam
    AS: Lavasoft Ad-Watch Live! (disabled)

    ======System event log======

    Computer Name: PC-de-laurent
    Event Code: 4001
    Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

    Record Number: 160099
    Source Name: Microsoft-Windows-WLAN-AutoConfig
    Time Written: 20090511213550.278625-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-laurent
    Event Code: 49
    Message: Échec de la configuration du fichier d'échange pour le vidage sur incident. Vérifiez qu'un fichier d'échange est présent sur la partition de démarrage et qu'il est assez grand pour contenir toute la mémoire physique.
    Record Number: 160106
    Source Name: volmgr
    Time Written: 20090512172515.703125-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-laurent
    Event Code: 49
    Message: Échec de la configuration du fichier d'échange pour le vidage sur incident. Vérifiez qu'un fichier d'échange est présent sur la partition de démarrage et qu'il est assez grand pour contenir toute la mémoire physique.
    Record Number: 160110
    Source Name: volmgr
    Time Written: 20090512172535.703125-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-laurent
    Event Code: 15016
    Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
    Record Number: 160113
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20090512172545.610290-000
    Event Type: Erreur
    User:

    Computer Name: PC-de-laurent
    Event Code: 7001
    Message: Le service NVIDIA Display Driver Service dépend du service nvlddmkm qui n'a pas pu démarrer en raison de l'erreur :
    Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
    Record Number: 160121
    Source Name: Service Control Manager
    Time Written: 20090512172710.000000-000
    Event Type: Erreur
    User:

    =====Application event log=====

    Computer Name: PC-de-laurent
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2619479018-2474381927-3083531991-1000:
    Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2619479018-2474381927-3083531991-1000

    Record Number: 194181
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090511213540.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-laurent
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2619479018-2474381927-3083531991-1000_Classes:
    Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2619479018-2474381927-3083531991-1000_CLASSES

    Record Number: 194182
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090511213542.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: PC-de-laurent
    Event Code: 20
    Message:
    Record Number: 194207
    Source Name: Google Update
    Time Written: 20090512174959.000000-000
    Event Type: Erreur
    User: PC-de-laurent\laurent

    Computer Name: PC-de-laurent
    Event Code: 20
    Message:
    Record Number: 194209
    Source Name: Google Update
    Time Written: 20090512185000.000000-000
    Event Type: Erreur
    User: PC-de-laurent\laurent

    Computer Name: PC-de-laurent
    Event Code: 1000
    Message: Application défaillante prevhost.exe, version 6.0.6001.18000, horodatage 0x47918e68, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0x80000003, décalage d’erreur 0x03a96d41, ID du processus 0x1420, heure de début de l’application 0x01c9d3341f5c319d.
    Record Number: 194210
    Source Name: Application Error
    Time Written: 20090512190408.000000-000
    Event Type: Erreur
    User:

    =====Security event log=====

    Computer Name: PC-de-laurent
    Event Code: 4648
    Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-LAURENT$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Compte dont les informations d’identification ont été utilisées :
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Serveur cible :
    Nom du serveur cible : localhost
    Informations supplémentaires : localhost

    Informations sur le processus :
    ID du processus : 0x258
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Adresse du réseau : -
    Port : -

    Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
    Record Number: 43750
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081221141528.986951-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-laurent
    Event Code: 4624
    Message: L’ouverture de session d’un compte s’est correctement déroulée.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : PC-DE-LAURENT$
    Domaine du compte : WORKGROUP
    ID d’ouverture de session : 0x3e7

    Type d’ouverture de session : 5

    Nouvelle ouverture de session :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7
    GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

    Informations sur le processus :
    ID du processus : 0x258
    Nom du processus : C:\Windows\System32\services.exe

    Informations sur le réseau :
    Nom de la station de travail :
    Adresse du réseau source : -
    Port source : -

    Informations détaillées sur l’authentification :
    Processus d’ouverture de session : Advapi
    Package d’authentification : Negotiate
    Services en transit : -
    Nom du package (NTLM uniquement) : -
    Longueur de la clé : 0

    Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

    Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

    Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

    Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

    Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

    Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
    - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
    - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
    - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
    - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
    Record Number: 43751
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081221141528.986951-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-laurent
    Event Code: 4672
    Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

    Sujet :
    ID de sécurité : S-1-5-18
    Nom du compte : SYSTEM
    Domaine du compte : AUTORITE NT
    ID d’ouverture de session : 0x3e7

    Privilèges : SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 43752
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081221141528.986951-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-laurent
    Event Code: 4647
    Message: Fermeture de session initiée par l’utilisateur :

    Sujet :
    ID de sécurité : S-1-5-21-2619479018-2474381927-3083531991-1000
    Nom du compte : laurent
    Domaine du compte : PC-de-laurent
    ID d’ouverture de session : 0x6dd2c

    Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
    Record Number: 43753
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081221232325.137791-000
    Event Type: Succès de l'audit
    User:

    Computer Name: PC-de-laurent
    Event Code: 1100
    Message: Le service d’enregistrement des événements a été arrêté.
    Record Number: 43754
    Source Name: Microsoft-Windows-Eventlog
    Time Written: 20081221232330.340125-000
    Event Type: Succès de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0209
    "NUMBER_OF_PROCESSORS"=2
    "SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    a c 327 8 Sécurité
    12 Mai 2009 22:18:49

    Je ne vois pas d'infection.
    12 Mai 2009 22:55:39

    Dans le document que tu m'as envoyé sur les risques, il y avait un lien sur les "indices" d'infections, et notamment les messages parasites via MSN.

    Mais si tu estimes que c ok, je te fais conficance. Je te remercie pour tout , en particulier ta disponibilité !

    ciao
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS