Ntsb investigators flight recorder

voici le rapport:

C:\Windows\System32\mrt.exe

bonjour plopus et merci de m'aider
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:58, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\drivers\Tray900.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGGJI0VN\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

salut
voici le rapport malwarebyte

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1623
Windows 6.0.6001 Service Pack 1

06/01/2009 11:03:57
mbam-log-2009-01-06 (11-03-57).txt

Type de recherche: Examen rapide
Eléments examinés: 48575
Temps écoulé: 3 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Files: 3041 -> Quarantined and deleted successfully.
C:\Users\alain\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Windows\System32\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

re
voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:39, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\drivers\Tray900.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\telechargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\winfilse.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\alain\AppData\Roaming\m\flec006.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

salut
voici le rapport findykill


----------------- FindyKill V4.711 ------------------

* User : alain - BUREAU
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 12:02:31 le 06/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\drivers\Tray900.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [05/01/2009 19:04] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch


»»»» Presence des fichiers dans C:\Windows\system32


»»»» Presence des fichiers dans C:\Windows\system32\drivers

Found ! [27/02/2005 03:05] - C:\Windows\system32\drivers\winfilse.exe

»»»» Presence des fichiers dans C:\Users\alain\AppData\Roaming

Found ! [06/01/2009 11:46] - "C:\Users\alain\AppData\Roaming\m\shared"
Found ! [06/01/2009 11:03] - "C:\Users\alain\AppData\Roaming\m"
Found ! [06/01/2009 11:45] - "C:\Users\alain\AppData\Roaming\hidires"

»»»» Presence des fichiers dans C:\Users\alain\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
drvsyskit=C:\Windows\system32\drivers\winfilse.exe
mule_st_key=C:\Users\alain\AppData\Roaming\m\flec006.exe
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
PhiBtn=C:\Windows\System32\Drivers\PhiBtn.exe
TrayMin900=C:\Windows\System32\Drivers\Tray900.exe
SetPoint=C:\Program Files\Logitech\SetPoint\KEM.EXE
Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\ezUDVRClient 1.0]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\ezUDVRSearch 1.0]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\ezUDVRServer 1.0]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\flec006]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key
Found ! - [HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

WinDefend - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

re
voici le rapport findykill:


----------------- FindyKill V4.711 ------------------

* User : alain - BUREAU
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:36:44 the 06/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\alain\AppData\Roaming

Deleted ! - C:\Users\alain\AppData\Roaming\m\shared\A.M.L. - Lite Edition
Deleted ! - "C:\Users\alain\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\alain\AppData\Roaming\m"
Deleted ! - "C:\Users\alain\AppData\Roaming\hidires"

»»»» Supression files in C:\Users\alain\AppData\Local\Temp


»»»» Supression files in C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\flec006
Deleted ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-170296875-4142918982-3711043102-1000\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

-> UAC is Enable

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur amovible
G: - Lecteur fixe
H: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :



--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\589QGVA8\crack[1].htm
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6F8Z0JTW\cracks_am[1].htm
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6F8Z0JTW\keygen[1].gif
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H9HUMHKD\billpro_v6_46_rev_03_346407_crack-locator_net[1].htm
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\AXIS_Camera_Station_v2.10.018_Multilingual_Cracked_by_ARN[1].zip
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\crack-locator_net[1].htm
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\keygen[1].css
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZFC0G2JW\anycracks[1].js
C:\Users\alain\Documents\LimeWire\Incomplete\T-104325727-Pack Ciel - Compta Devis Facture Gestion Crack.zip
C:\Users\alain\Documents\LimeWire\Incomplete\T-104325823-Pack Ciel - Compta Devis Facture Gestion Crack updated-fixed 06-2006.zip
C:\Users\alain\Favorites\recherche cracks
C:\Users\alain\Favorites\crac jeux\crack-locator.net.url
C:\Users\alain\Favorites\crac jeux\LinkWorld - Crack Links - The Best Links Available!.url
C:\Users\alain\Favorites\Favoris\crack
C:\Users\alain\Favorites\Favoris\sites cracks
C:\Users\alain\Favorites\Favoris\crack\-- bienvenue sur virtuweb --.url
C:\Users\alain\Favorites\Favoris\crack\.AppleSyncInfo
C:\Users\alain\Favorites\Favoris\crack\Pirates Airlines.url
C:\Users\alain\Favorites\Favoris\crack\Web-liens.net.url
C:\Users\alain\Favorites\Favoris\sites cracks\.AppleSyncInfo
C:\Users\alain\Favorites\Favoris\sites cracks\Bienvenue sur svm.vnunet.fr !.url
C:\Users\alain\Favorites\Favoris\sites cracks\CRACK In France par SUPER GEGE.url
C:\Users\alain\Favorites\Favoris\sites cracks\ELRAZER.COM - Hacking Outils.url
C:\Users\alain\Favorites\Favoris\sites cracks\Index of -soft.url
C:\Users\alain\Favorites\Favoris\sites cracks\INDEX.url
C:\Users\alain\Favorites\Favoris\sites cracks\Informatique Les meilleurs utilitaires pour Windows (WinRar.url
C:\Users\alain\Favorites\Favoris\sites cracks\KaZaA Download.url
C:\Users\alain\Favorites\Favoris\sites cracks\La Gratuithèque - logiciels gratuits - Internet.url
C:\Users\alain\Favorites\Favoris\sites cracks\LE BEST OF SHAREWARE.url
C:\Users\alain\Favorites\Favoris\sites cracks\Le Gratuit .com La gratuité n'a pas de prix ! - gratuit, gi.url
C:\Users\alain\Favorites\Favoris\sites cracks\Opti PC optimisation, trucs et astuces, overclocking, bidou.url
C:\Users\alain\Favorites\Favoris\sites cracks\Optimiser son PC et Windows 98, 2000 et XP pour la MAO.url
C:\Users\alain\Favorites\Favoris\sites cracks\Outils.url
C:\Users\alain\Favorites\Favoris\sites cracks\Tout sur Windows et ses astuces... par iptsos.url
C:\Users\alain\Favorites\forum\comment installer un crack.url
C:\Users\alain\Favorites\recherche cracks\.. www.thiweb.com www.thiweb.online.fr © 2005 All Rights Reserved ...url
C:\Users\alain\Favorites\recherche cracks\.AppleSyncInfo
C:\Users\alain\Favorites\recherche cracks\eo.url
C:\Users\alain\Favorites\recherche cracks\http--www.projectnews.fr-forum-3.html&sid=757879c2aff636b53abc72f461dfb313.url
C:\Users\alain\Favorites\serial\AllCracks.net - All Cracks Network The Cracks Hypermarket!.url
C:\Users\alain\Favorites\serial\Crack in France - Site dédié au cracker Super Gégé.url
C:\Users\alain\Favorites\serial\crack-locator.com.url
C:\Users\alain\Favorites\serial\http--pifoman.free.fr-moteurs.phpsearch=602+pcsuite&moteur=crackinfo.net&x=25&y=12.url
C:\Users\alain\Favorites\serial\http--www.ultraseek.net-simple-link=http--www.allcracks.net-.url


---------------- ! End of report ! ------------------

re
rapport combo:

ComboFix 09-01-05.05 - alain 2009-01-06 13:01:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2049 [GMT 1:00]
Lancé depuis: c:\users\alain\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\alain\Documents\My Documents.url
c:\windows\system32\winspool.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-06 au 2009-01-06 ))))))))))))))))))))))))))))))))))))
.

2009-01-06 12:01 . 2009-01-06 12:50 <REP> d-------- c:\program files\FindyKill
2009-01-06 11:20 . 2009-01-06 11:20 <REP> d-------- c:\users\All Users\Avira
2009-01-06 11:20 . 2009-01-06 11:20 <REP> d-------- c:\programdata\Avira
2009-01-06 11:20 . 2009-01-06 11:20 <REP> d-------- c:\program files\Avira
2009-01-06 11:04 . 2009-01-06 11:04 61,440 --a------ c:\windows\System32\drivers\vwoddtk.sys
2009-01-06 10:59 . 2009-01-06 10:59 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-06 10:59 . 2009-01-06 10:59 <REP> d-------- c:\users\alain\AppData\Roaming\Malwarebytes
2009-01-06 10:59 . 2009-01-06 10:59 <REP> d-------- c:\programdata\Malwarebytes
2009-01-06 10:59 . 2009-01-06 10:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 10:59 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-06 10:59 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-06 03:02 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-05 18:13 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-05 18:13 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-01-05 18:13 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-05 18:12 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2009-01-05 18:12 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-01-05 18:12 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-01-05 18:12 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2009-01-05 18:12 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-01-05 18:04 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-01-05 18:04 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-01-05 18:04 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2009-01-05 18:04 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-01-05 18:04 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2009-01-05 18:04 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-01-05 18:04 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2009-01-05 18:04 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2009-01-05 18:04 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2009-01-05 17:37 . 2009-01-05 17:37 <REP> d-------- c:\users\All Users\WindowsSearch
2009-01-05 17:37 . 2009-01-05 17:37 <REP> d-------- c:\programdata\WindowsSearch
2009-01-05 16:42 . 2009-01-05 16:42 <REP> d-------- c:\users\All Users\TuneUp Software
2009-01-05 16:42 . 2009-01-05 16:42 <REP> d-------- c:\programdata\TuneUp Software
2009-01-05 16:42 . 2009-01-05 16:42 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-05 16:42 . 2009-01-05 16:42 306,432 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-05 16:42 . 2007-12-20 10:41 29,440 --a------ c:\windows\System32\uxtuneup.dll
2009-01-05 16:42 . 2007-12-20 10:44 16,640 --a------ c:\windows\System32\authuitu.dll
2009-01-05 16:17 . 2005-09-23 07:29 626,688 --a------ c:\windows\System32\msvcr80.dll
2008-12-26 22:20 . 2008-12-26 22:20 268 --ah----- C:\sqmdata02.sqm
2008-12-26 22:20 . 2008-12-26 22:20 244 --ah----- C:\sqmnoopt02.sqm
2008-12-25 23:00 . 2008-12-25 23:00 <REP> d-------- c:\users\alain\AppData\Roaming\Icone
2008-12-23 11:49 . 2008-12-23 11:49 <REP> d-------- c:\users\alain\AppData\Roaming\Nero
2008-12-23 11:46 . 2008-12-23 11:46 <REP> d-------- c:\users\All Users\Nero
2008-12-23 11:46 . 2008-12-23 11:46 <REP> d-------- c:\programdata\Nero
2008-12-23 11:46 . 2008-12-23 11:46 <REP> d-------- c:\program files\Nero
2008-12-23 11:46 . 2008-12-23 11:48 <REP> d-------- c:\program files\Common Files\Nero
2008-12-18 12:03 . 2009-01-06 10:32 <REP> d-------- c:\program files\Full Tilt Poker
2008-12-18 04:43 . 2008-12-18 04:43 <REP> d-------- C:\Programs
2008-12-18 03:56 . 2009-01-06 12:38 <REP> d-------- c:\windows\System32\FlashAX
2008-12-18 03:56 . 2008-12-18 03:56 <REP> d-------- c:\users\All Users\Microgaming
2008-12-18 03:56 . 2008-12-18 04:02 <REP> d-------- c:\users\All Users\MGS
2008-12-18 03:56 . 2008-12-18 03:56 <REP> d-------- c:\programdata\Microgaming
2008-12-18 03:56 . 2008-12-18 04:02 <REP> d-------- c:\programdata\MGS
2008-12-18 03:56 . 2008-12-18 03:56 <REP> d-------- C:\MicroGaming
2008-12-18 03:47 . 2009-01-05 18:28 <REP> d-------- c:\program files\PokerStars
2008-12-13 21:46 . 2008-12-13 21:46 <REP> d-------- c:\windows\Sun
2008-12-08 16:00 . 2008-12-08 16:00 <REP> d-------- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2008-12-08 12:39 . 2008-12-08 12:39 <REP> d-------- c:\users\alain\AppData\Roaming\ArcSoft
2008-12-08 12:38 . 2008-12-08 12:38 <REP> d-------- c:\program files\Common Files\ArcSoft
2008-12-08 12:38 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-08 12:14 . 2008-12-08 12:14 268 --ah----- C:\sqmdata01.sqm
2008-12-08 12:14 . 2008-12-08 12:14 244 --ah----- C:\sqmnoopt01.sqm
2008-12-08 12:10 . 2008-12-08 12:10 <REP> d-------- c:\users\All Users\LogiShrd
2008-12-08 12:10 . 2008-12-08 12:10 <REP> d-------- c:\programdata\LogiShrd
2008-12-08 12:09 . 2008-11-07 16:37 301,656 --a------ c:\windows\System32\BtCoreIf.dll
2008-12-08 12:09 . 2008-11-07 16:38 170,512 --a------ c:\windows\System32\kemutb.dll
2008-12-08 12:09 . 2008-11-07 16:38 145,936 --a------ c:\windows\System32\KemUtil.dll
2008-12-08 12:09 . 2008-11-07 16:38 117,264 --a------ c:\windows\System32\KemWnd.dll
2008-12-08 12:09 . 2008-11-07 16:38 84,496 --a------ c:\windows\System32\KemXML.dll
2008-12-08 12:08 . 2008-12-08 12:08 <REP> d-------- c:\users\All Users\Logitech
2008-12-08 12:08 . 2008-12-08 12:08 <REP> d-------- c:\programdata\Logitech
2008-12-08 12:08 . 2008-12-08 12:09 <REP> d-------- c:\program files\Common Files\Logishrd
2008-12-08 11:58 . 2008-12-08 11:58 268 --ah----- C:\sqmdata00.sqm
2008-12-08 11:58 . 2008-12-08 11:58 244 --ah----- C:\sqmnoopt00.sqm
2008-12-08 11:52 . 2008-12-08 11:52 <REP> d--hs---- c:\windows\ftpcache
2008-12-08 11:52 . 2008-12-08 11:52 <REP> d-------- c:\users\alain\AppData\Roaming\Logitech
2008-12-08 11:50 . 2008-12-08 11:50 31 --a------ c:\windows\warhead.ini
2008-12-08 11:49 . 2008-12-08 11:50 <REP> d-------- c:\program files\Logitech
2008-12-08 11:49 . 2008-12-08 12:09 <REP> d-------- c:\program files\Common Files\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 02:10 --------- d-----w c:\program files\Windows Mail
2009-01-06 02:04 --------- d-----w c:\programdata\Microsoft Help
2009-01-05 18:17 --------- d-----w c:\program files\Java
2009-01-05 15:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 15:32 --------- d-----w c:\program files\AGEIA Technologies
2008-12-19 09:52 --------- d-----w c:\program files\Navirad_UserTool
2008-12-18 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 20:26 --------- d-----w c:\program files\ez-UDVR
2008-12-08 15:02 --------- d-----w c:\programdata\NVIDIA
2008-12-08 11:38 --------- d-----w c:\program files\Philips
2008-12-05 11:18 --------- d-----w c:\program files\Common Files\Ciel2
2008-12-05 11:18 --------- d-----w c:\program files\Common Files\Ciel
2008-12-04 12:46 --------- d-----w c:\program files\DivX
2008-12-04 12:46 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-03 11:48 --------- d-----w c:\program files\Ant Movie Catalog
2008-12-02 08:45 --------- d-----w c:\users\alain\AppData\Roaming\dvdcss
2008-12-02 08:45 --------- d-----w c:\users\alain\AppData\Roaming\DivX
2008-12-01 11:56 --------- d-----w c:\users\alain\AppData\Roaming\uTorrent
2008-12-01 11:54 --------- d-----w c:\users\alain\AppData\Roaming\LimeWire
2008-12-01 11:50 --------- d-----w c:\program files\uTorrent
2008-11-29 12:24 --------- d-----w c:\program files\VirtualDub
2008-11-29 11:43 --------- d-----w c:\program files\bobyte
2008-11-28 08:49 --------- d-----w c:\program files\Easy Video Joiner
2008-11-27 15:14 --------- d---a-w c:\programdata\TEMP
2008-11-27 09:52 --------- d-----w c:\program files\Ciel
2008-11-27 09:25 410,976 ----a-w c:\windows\System32\deploytk.dll
2008-11-24 11:26 --------- d-----w c:\program files\VirtualDJ
2008-11-23 16:57 --------- d-----w c:\program files\Axis Communications
2008-11-23 02:00 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-22 16:40 --------- d-----w c:\programdata\WLInstaller
2008-11-22 10:02 --------- d-----w c:\program files\LimeWire
2008-11-21 22:57 37,440 ----a-w c:\windows\system32\drivers\pssdklbf.drv
2008-11-21 22:57 30,272 ----a-w c:\windows\system32\drivers\pssdk31.drv
2008-11-16 20:58 --------- d-----w c:\users\alain\AppData\Roaming\vlc
2008-11-16 20:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-16 20:41 --------- d-----w c:\program files\a-squared Anti-Malware
2008-11-15 22:19 --------- d-----w c:\users\alain\AppData\Roaming\vlc(366)
2008-11-12 12:45 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-11-12 10:54 --------- d-----w c:\users\alain\AppData\Roaming\TuneUp Software
2008-11-09 09:39 --------- d-----w c:\program files\Google
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-15 08:04 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe
2008-10-15 08:04 288,024 ----a-w c:\windows\System32\PhysXCompatCplUI.exe
2008-10-10 13:46 69,632 ----a-w c:\windows\KHALMNPR.Exe
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelTraditionalChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelSwedish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelSpanish.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelSimplifiedChinese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelPortugese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelKorean.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelJapanese.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelGerman.dll
2008-10-07 08:13 58,648 ----a-w c:\windows\System32\AgCPanelFrench.dll
2008-10-07 08:13 23,320 ----a-w c:\windows\System32\PhysXDevice.dll
2008-09-18 07:28 174 --sha-w c:\program files\desktop.ini
2006-05-03 09:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"PhiBtn"="c:\windows\System32\Drivers\PhiBtn.exe" [2005-09-12 155648]
"TrayMin900"="c:\windows\System32\Drivers\Tray900.exe" [2005-09-12 266240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-08 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-170296875-4142918982-3711043102-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{32B26F3D-9165-4F08-BE22-942587F63001}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6E64380C-382E-47DD-9646-82436771A2AD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{77BDD302-7B6A-4636-AB27-15D98C3DD713}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3766467A-9892-450A-B6CB-E18725270ABD}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{8E798A69-C0DD-4730-BA23-968F1C762BD5}c:\\program files\\ez-udvr\\ezudvrserver.exe"= UDP:c:\program files\ez-udvr\ezudvrserver.exe:ezUDVRServer 1.0 Application
"UDP Query User{45188CB4-FC78-4618-A121-7C734C435C81}c:\\program files\\ez-udvr\\ezudvrserver.exe"= TCP:c:\program files\ez-udvr\ezudvrserver.exe:ezUDVRServer 1.0 Application
"TCP Query User{37ABA3F7-FC0F-4CD4-894F-6E4E5C00E80F}c:\\ciel\\cielserveur\\modules\\camkernel\\camlauncher.exe"= UDP:c:\ciel\cielserveur\modules\camkernel\camlauncher.exe:CamLauncher
"UDP Query User{59024AFD-DAAD-4B80-B434-CE2EE4B635E6}c:\\ciel\\cielserveur\\modules\\camkernel\\camlauncher.exe"= TCP:c:\ciel\cielserveur\modules\camkernel\camlauncher.exe:CamLauncher
"TCP Query User{A7AE82E5-2339-4082-8C43-2E9B47A5B55A}c:\\program files\\navirad_usertool\\navirad_usertool.exe"= UDP:c:\program files\navirad_usertool\navirad_usertool.exe:Navirad UserTool
"UDP Query User{3A90578A-8905-493D-83A0-8F8E76EAE116}c:\\program files\\navirad_usertool\\navirad_usertool.exe"= TCP:c:\program files\navirad_usertool\navirad_usertool.exe:Navirad UserTool
"{1388B07B-A6B5-43B6-8136-915BF598B667}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B2686C2C-2FFE-4984-B167-EA394C5D3C6A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{91462A57-7016-4CDD-BB4C-A6BE6E95F25C}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{C6C89E07-D5A7-47F2-A95A-CBF5EA558AA3}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{A9151E83-385E-4F97-A1E1-16D73E4884AA}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{F32B3AAD-7E3D-457C-8E98-150FAAD4E05A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{F849CA44-7AB2-4F9A-AEA8-EA9D0335E9AE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C1E5845-B738-4E2D-85AE-0ED232E6A5E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B5627324-4B0C-44D8-A242-AC112FE93281}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{80F441C3-2482-4894-91AF-181D4272A1E7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3CC50AE8-FC5B-4D23-B670-DC8E3F99C0E2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{63239925-6B29-4603-B295-40FA1E404C37}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{45E90C1E-E0F3-4649-9131-D8065E98E6C0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{439B69C9-04C5-495C-BF66-33EA31B562DC}c:\\windows\\system32\\wintems.exe"= UDP:c:\windows\system32\wintems.exe:wintems
"UDP Query User{4FC5EC89-FBFF-4C3B-90B8-10D23CAB47DD}c:\\windows\\system32\\wintems.exe"= TCP:c:\windows\system32\wintems.exe:wintems

R3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\System32\drivers\camdrv41.sys [2008-10-14 1347584]
R4 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 PsSdk31;PsSdk31;c:\windows\System32\drivers\pssdk31.drv [2008-10-11 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\System32\drivers\pssdklbf.drv [2008-10-11 37440]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0e85ab4-87ae-11dd-8c07-0018f34a6a4c}]
\shell\AutoRun\command - e:\wd_windows_tools\Setup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-drvsyskit - c:\windows\system32\drivers\winfilse.exe
HKCU-Run-mule_st_key - c:\users\alain\AppData\Roaming\m\flec006.exe
HKLM-Run-SetPoint - c:\program files\Logitech\SetPoint\KEM.EXE


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://orange.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\users\alain\AppData\Roaming\Mozilla\Firefox\Profiles\czufy3rt.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 13:05:40
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3148)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Logitech\SetPoint\LU\LuLnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
.
**************************************************************************
.
Heure de fin: 2009-01-06 13:09:47 - La machine a redémarré [alain]
ComboFix-quarantined-files.txt 2009-01-06 12:09:33

Avant-CF: 220 251 066 368 octets libres
Après-CF: 220,472,389,632 octets libres

297 --- E O F --- 2009-01-06 02:04:40

re
voici les rapports

info.txt logfile of random's system information tool 1.05 2009-01-06 13:16:29

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
AC-3 ACM Decompressor-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AC3ACM.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Ciel Compta Facile 1.20-->MsiExec.exe /I{A3B81E5D-BA54-49C2-92DC-E6CD80BA561F}
Ciel Compta Libérale pour Windows-->C:\Windows\unin040c.exe -fC:\CIEL\WCLIB\DeIsL1.isu
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Video Joiner 5.21-->"C:\Program Files\Easy Video Joiner\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ez-UDVR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A794C96-2707-4A00-8E61-E99F0CAC8B06}\Setup.exe" -l0x40c
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Google Earth Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x40c UNINSTALL
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly
Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSK Codec Pack v6.0-->"C:\Program Files\MUSK Codec Pack v6\unins000.exe"
Navirad UserTool v3.7-->"C:\Program Files\Navirad_UserTool\unins000.exe"
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
Philips SPC 900NC PC Camera-->C:\Program Files\InstallShield Installation Information\{51E13E14-F72A-4C97-8FD7-04322D995E2F}\setup.exe -runfromtemp -l0x040c -removeonly
Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\Setup.exe" -l0x40c
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SYSTRAN Bibliothèques Anglais - Français-->C:\WINDOWS\SYSTEM\unwise.exe c:\personal\EF\EFinst.log
SYSTRAN Bibliothèques Français - Anglais-->C:\WINDOWS\SYSTEM\unwise.exe c:\personal\FE\FEinst.log
SYSTRAN Personal-->C:\WINDOWS\SYSTEM\unwise.exe c:\personal\installf.log
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VirtualDub 1.8.6 Fr-->"C:\Program Files\VirtualDub\unins000.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Program Files\MUSK Codec Pack v6\XviD\INST\unins000.exe"

======Security center information======

AS: Windows Defender

System event log

Computer Name: bureau
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le ?2009-?01-?07 à 03:00 :
- Outil de suppression de logiciels malveillants Windows - décembre 2008 (KB890830)
Record Number: 36202
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090106120904.577997-000
Event Type: Information
User: AUTORITE NT\SYSTEM

Computer Name: bureau
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
https://www.microsoft.com/en-us/wdsi/threats/threat-search?query=Trojan:Win32/AgentBypass.gen!K&threatid=115621
ID d’analyse : {A3E1C040-91D1-4DBE-A346-32EF1E89CB0C}
Utilisateur : bureau\alain
Nom : Trojan:Win32/AgentBypass.gen!K
ID : 115621
ID de gravité : 5
ID de catégorie : 8
Chemin d’accès trouvé : process:pid:2772;file:C:\ComboFix\catchme.cfexe->(UPX);containerfile:C:\ComboFix\catchme.cfexe
Type d’alerte : Logiciel espion ou autre logiciel non désiré
Type de détection : Générique
Record Number: 36203
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090106120938.000000-000
Event Type: Avertissement
User:

Computer Name: bureau
Event Code: 7036
Message: Le service PsExec est entré dans l'état : en cours d'exécution.
Record Number: 36204
Source Name: Service Control Manager
Time Written: 20090106120949.000000-000
Event Type: Information
User:

Computer Name: bureau
Event Code: 7036
Message: Le service PsExec est entré dans l'état : arrêté.
Record Number: 36205
Source Name: Service Control Manager
Time Written: 20090106120949.000000-000
Event Type: Information
User:

Computer Name: bureau
Event Code: 10001
Message: Le démarrage du serveur DCOM {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} en tant que / n'est pas possible. L'erreur :
"2"
s'est produite lors de l'activation de la commande :
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding
Record Number: 36206
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090106121036.000000-000
Event Type: Erreur
User:

Application event log

Computer Name: bureau
Event Code: 1
Message: Le client des services de certification a démarré correctement.
Record Number: 5913
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090106120542.139197-000
Event Type: Information
User: bureau\alain

Computer Name: bureau
Event Code: 0
Message:
Record Number: 5914
Source Name: NMIndexingService
Time Written: 20090106120548.000000-000
Event Type: Information
User:

Computer Name: bureau
Event Code: 1
Message: Le client des services de certification a démarré correctement.
Record Number: 5915
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090106120551.042997-000
Event Type: Information
User: AUTORITE NT\SYSTEM

Computer Name: bureau
Event Code: 1
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 5916
Source Name: SecurityCenter
Time Written: 20090106120751.000000-000
Event Type: Information
User:

Computer Name: bureau
Event Code: 1002
Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.
Record Number: 5917
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090106120933.000000-000
Event Type: Information
User:

Security event log

Computer Name: bureau
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x5d3cfe

Type d’ouverture de session : 3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 21596
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081208110227.790830-000
Event Type: Succès de l'audit
User:

Computer Name: bureau
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 3

Nouvelle ouverture de session :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x64176b
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x0
Nom du processus : -

Informations sur le réseau :
Nom de la station de travail : SALON
Adresse du réseau source : fe80::d1ca:373d:3805:61
Port source : 56397

Informations détaillées sur l’authentification :
Processus d’ouverture de session : NtLmSsp
Package d’authentification : NTLM
Services en transit : -
Nom du package (NTLM uniquement) : NTLM V1
Longueur de la clé : 128

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 21597
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081208110349.012830-000
Event Type: Succès de l'audit
User:

Computer Name: bureau
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x64176b

Type d’ouverture de session : 3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 21598
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081208110402.295830-000
Event Type: Succès de l'audit
User:

Computer Name: bureau
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : BUREAU$
Domaine du compte : MAISON
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x238
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 21599
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081208110608.300830-000
Event Type: Succès de l'audit
User:

Computer Name: bureau
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : BUREAU$
Domaine du compte : MAISON
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x238
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 21600
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081208110608.300830-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by alain at 2009-01-06 13:16:15
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 210 GB (73%) free of 286 GB
Total RAM: 3070 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:28, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\alain\Desktop\RSIT.exe
C:\Program Files\trend micro\alain.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

re
est ce que je suprime les éléments infectés?
analyse en cours

re
voici le rapport malwarebytes:

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1623
Windows 6.0.6001 Service Pack 1

06/01/2009 14:41:21
mbam-log-2009-01-06 (14-41-21).txt

Type de recherche: Examen complet (C:\|D:\|G:\|H:\|)
Eléments examinés: 160587
Temps écoulé: 1 hour(s), 13 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
H:\jeux\jeux\Battlefield 2 Fr Pc (Dvd + Cle + Crack + Mini-image) By D.G.S\BattleField 2 Cle + Crack + Mini-Image + Demon tool\Cle\Battlefield 2 KeyGen.exe (Trojan.Agent) -> Quarantined and deleted successfully.


le rapport otmoveit:

========== FILES ==========
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\589QGVA8\crack[1].htm moved successfully.
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6F8Z0JTW\cracks_am[1].htm moved successfully.
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6F8Z0JTW\keygen[1].gif moved successfully.
File/Folder C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H9HUMHKD\billpro_v6_46_rev_03_346407_c­rack-locator_net[1].htm not found.
File/Folder C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\AXIS_Camera_Station_v2.10.018­_Multilingual_Cracked_by_ARN[1].zip not found.
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\crack-locator_net[1].htm moved successfully.
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S437Q398\keygen[1].css moved successfully.
C:\Users\alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZFC0G2JW\anycracks[1].js moved successfully.
File/Folder C:\Users\alain\Documents\LimeWire\Incomplete\T-104325727-Pac­k Ciel - Compta Devis Facture Gestion Crack.zip not found.
File/Folder C:\Users\alain\Documents\LimeWire\Incomplete\T-104325823-Pac­k Ciel - Compta Devis Facture Gestion Crack updated-fixed 06-2006.zip not found.
C:\Users\alain\Favorites\recherche cracks moved successfully.
C:\Users\alain\Favorites\crac jeux\crack-locator.net.url moved successfully.
C:\Users\alain\Favorites\crac jeux\LinkWorld - Crack Links - The Best Links Available!.url moved successfully.
C:\Users\alain\Favorites\Favoris\crack moved successfully.
C:\Users\alain\Favorites\Favoris\sites cracks moved successfully.
File/Folder C:\Users\alain\Favorites\Favoris\crack\-- bienvenue sur virtuweb --.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\crack\.AppleSyncInfo not found.
File/Folder C:\Users\alain\Favorites\Favoris\crack\Pirates Airlines.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\crack\Web-liens.net.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\.AppleSyncInfo not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Bienvenue sur svm.vnunet.fr !.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\CRACK In France par SUPER GEGE.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\ELRAZER.COM - Hacking Outils.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Index of -soft.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\INDEX.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Informatique Les meilleurs utilitaires pour Windows (WinRar.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\KaZaA Download.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\La Gratuithèque - logiciels gratuits - Internet.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\LE BEST OF SHAREWARE.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Le Gratuit .com La gratuité n'a pas de prix ! - gratuit, gi.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Opti PC optimisation, trucs et astuces, overclocking, bidou.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Optimiser son PC et Windows 98, 2000 et XP pour la MAO.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Outils.url not found.
File/Folder C:\Users\alain\Favorites\Favoris\sites cracks\Tout sur Windows et ses astuces... par iptsos.url not found.
C:\Users\alain\Favorites\forum\comment installer un crack.url moved successfully.
File/Folder C:\Users\alain\Favorites\recherche cracks\.. www.thiweb.com www.thiweb.online.fr © 2005 All Rights Reserved ...url not found.
File/Folder C:\Users\alain\Favorites\recherche cracks\.AppleSyncInfo not found.
File/Folder C:\Users\alain\Favorites\recherche cracks\eo.url not found.
File/Folder C:\Users\alain\Favorites\recherche cracks\http--www.projectnews.fr-forum-3.html&sid=757879c2aff636b53abc72f461dfb313.url not found.
C:\Users\alain\Favorites\serial\AllCracks.net - All Cracks Network The Cracks Hypermarket!.url moved successfully.
C:\Users\alain\Favorites\serial\Crack in France - Site dédié au cracker Super Gégé.url moved successfully.
C:\Users\alain\Favorites\serial\crack-locator.com.url moved successfully.
C:\Users\alain\Favorites\serial\http--pifoman.free.fr-moteurs.phpsearch=602+pcsuite&moteur=crackinfo.net&x=25&y=12.url moved successfully.
C:\Users\alain\Favorites\serial\http--www.ultraseek.net-simple-link=http--www.allcracks.net-.url moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\alain\AppData\Local\Temp\Low\~DFFCD0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\alain\AppData\Local\Temp\Low\~DFFCDC.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\alain\AppData\Local\Temp\~DF12A6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_143801

Files moved on Reboot...
File C:\Users\alain\AppData\Local\Temp\Low\~DFFCD0.tmp not found!
File C:\Users\alain\AppData\Local\Temp\Low\~DFFCDC.tmp not found!
File C:\Users\alain\AppData\Local\Temp\~DF12A6.tmp not found!

re
lor rsit:

Logfile of random's system information tool 1.05 (written by random/random)
Run by alain at 2009-01-06 14:58:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 210 GB (73%) free of 286 GB
Total RAM: 3070 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:23, on 06/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\drivers\Tray900.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\alain\Desktop\RSIT.exe
C:\Program Files\trend micro\alain.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\winfilse.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\alain\AppData\Roaming\m\flec006.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

re
voici le rapport OTMoveIt3. :

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\drvsyskit not found.
========== FILES ==========
File/Folder c:\windows\system32\drivers\winfilse.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01062009_152009

re c'est pareil