Se connecter / S'enregistrer
Votre question

(Résolu) Trojan qui affecte internet

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Août 2010 15:44:58

Bonjour,

En naviguant sur un site, j'ai attrapé des malwares dont "antimalware doctor". J'ai fait une restauration du système et ces malwares ont disparu.
Le problème est qu'après j'ai eu par la suite plusieurs attaques de trojan que AVG m'a détecté. Malgré cela, ils ont réussi à affecter mon pc car en naviguant j'ai des onglets sous firefox qui s'ouvrent tout seul m'envoyant vers des sites suspects (blueseek.com, etc...) et parfois je perd internet après une erreur "generic host process" (mon theme windows passe en mode windows 95/98 puis revient à son thème d'origine).

Voici le rapport avec hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:44:14, on 07/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\FRANCOISE\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D96546A7-F891-441E-9195-C5067F0D10EF}: NameServer = 81.253.149.9 80.10.246.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8140 bytes

Merci si vous pouvez m'apporter une aide :) 

Autres pages sur : resolu trojan affecte internet

7 Août 2010 15:58:02

ah oui, et j'ai plus du tout accès au site windows update...
8 Août 2010 00:37:55

Bonsoir,

*Télécharge RSIT (merci random/random) sur le Bureau : Ici
Double-clique sur RSIT.exe, il ne nécessite pas d' installation.
Clique Continue à l' écran Disclaimer si tu acceptes les conditions.
-Si HijackThis est non détecté sur ton Pc, il le téléchargera (autorise l' accès dans ton pare-feu si demandé et accepte la licence).
Lorsque l' analyse sera terminée, deux fichiers texte s' ouvriront.
Poste le contenu de log.txt (celui qui s' ouvre) ainsi que info.txt qui est dans la Barre des Tâches

NB : Ces rapports sont enregistrés dans le dossier C:\rsit

A+
Contenus similaires
8 Août 2010 01:59:42

Bonsoir et merci de ta réponse, voici le contenu des 2 fichiers textes demandés :

log.txt :

Logfile of random's system information tool 1.08 (written by random/random)
Run by FRANCOISE at 2010-08-08 01:48:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (60%) free of 83 GB
Total RAM: 959 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:48:54, on 08/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\FRANCOISE\Bureau\RSIT.exe
C:\Program Files\trend micro\FRANCOISE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D96546A7-F891-441E-9195-C5067F0D10EF}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 9777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\expressburnSevenDaysInit.job
C:\WINDOWS\tasks\expressburnShakeIcon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1708537768-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1708537768-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-21 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-08-01 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2005-09-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-06 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-21 202256]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-22 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [2010-07-26 3634568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2
"a2free"=2
"ose"=3

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x95000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-08-08 01:48:29 ----D---- C:\Program Files\trend micro
2010-08-08 01:48:28 ----D---- C:\rsit
2010-08-07 13:49:12 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\QuickScan
2010-08-06 15:43:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 00:30:29 ----D---- C:\Program Files\Emsisoft Anti-Malware
2010-08-04 23:13:43 ----D---- C:\WINDOWS\$NtUninstallMTF1011$
2010-08-04 23:12:43 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\B973DFB3E9DF478708A9917550BD44F6
2010-08-03 13:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-08-02 18:31:28 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-02 18:16:41 ----D---- C:\Program Files\NOS
2010-08-02 18:16:41 ----D---- C:\Config.Msi
2010-08-02 17:33:07 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2010-08-02 17:05:45 ----D---- C:\Program Files\GGPO
2010-08-02 17:04:23 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-08-01 22:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-01 22:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-01 22:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-01 22:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-08-01 22:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-08-01 22:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-08-01 22:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-08-01 22:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-08-01 22:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-01 22:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-01 22:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-01 20:30:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-01 18:21:08 ----D---- C:\Program Files\Mp3 My Mp3 2.0
2010-08-01 18:20:39 ----A---- C:\WINDOWS\15859578.exe
2010-08-01 13:48:12 ----D---- C:\Program Files\iPod
2010-08-01 10:47:55 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Uniblue
2010-08-01 10:46:29 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\OpenCandy
2010-08-01 10:45:34 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-12 00:27:59 ----A---- C:\WINDOWS\50118812.exe
2010-07-12 00:19:22 ----A---- C:\WINDOWS\49602437.exe
2010-07-11 19:20:25 ----A---- C:\WINDOWS\31664703.exe
2010-07-11 18:48:39 ----A---- C:\WINDOWS\Radio_Fr.ini
2010-07-11 18:47:48 ----D---- C:\Program Files\Radio Fr Solo
2010-07-11 18:46:59 ----A---- C:\WINDOWS\29658859.exe
2010-07-11 18:12:25 ----A---- C:\WINDOWS\27585062.exe
2010-07-11 17:32:31 ----D---- C:\Program Files\Xi
2010-07-10 12:44:24 ----A---- C:\WINDOWS\10366875.exe
2010-07-10 12:43:30 ----A---- C:\WINDOWS\10313109.exe
2010-07-10 12:42:06 ----A---- C:\WINDOWS\10229281.exe
2010-07-09 12:50:59 ----D---- C:\Program Files\iTunes
2010-07-09 12:48:10 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 months======

2010-08-08 01:48:41 ----D---- C:\WINDOWS\Temp
2010-08-08 01:48:29 ----RD---- C:\Program Files
2010-08-08 01:48:28 ----D---- C:\WINDOWS\Prefetch
2010-08-08 00:47:06 ----SD---- C:\WINDOWS\Tasks
2010-08-08 00:31:28 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-08 00:15:03 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-07 18:59:25 ----D---- C:\WINDOWS
2010-08-07 18:57:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-07 16:05:08 ----D---- C:\Program Files\Wanadoo
2010-08-06 02:03:52 ----RASH---- C:\boot.ini
2010-08-06 02:03:52 ----A---- C:\WINDOWS\win.ini
2010-08-06 02:03:52 ----A---- C:\WINDOWS\system.ini
2010-08-05 20:16:04 ----D---- C:\WINDOWS\system32
2010-08-04 23:36:52 ----D---- C:\WINDOWS\system32\config
2010-08-04 23:36:36 ----D---- C:\WINDOWS\system32\wbem
2010-08-04 23:36:35 ----D---- C:\WINDOWS\Registration
2010-08-04 23:25:38 ----SHD---- C:\WINDOWS\CSC
2010-08-04 23:24:01 ----SHD---- C:\RECYCLER
2010-08-03 13:14:06 ----HD---- C:\WINDOWS\inf
2010-08-03 13:13:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-02 19:04:22 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-02 19:04:19 ----RSD---- C:\WINDOWS\assembly
2010-08-02 18:48:32 ----SHD---- C:\WINDOWS\Installer
2010-08-02 18:47:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-02 18:46:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-08-02 18:43:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-02 18:42:41 ----D---- C:\WINDOWS\WinSxS
2010-08-02 18:39:55 ----D---- C:\Program Files\Internet Explorer
2010-08-02 18:37:43 ----D---- C:\Program Files\Outlook Express
2010-08-02 18:31:35 ----D---- C:\WINDOWS\system32\drivers
2010-08-02 17:08:10 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Adobe
2010-08-02 17:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-02 17:04:25 ----D---- C:\Program Files\Adobe
2010-08-02 17:04:23 ----D---- C:\Program Files\Fichiers communs
2010-08-02 13:17:13 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Apple Computer
2010-08-01 22:20:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-01 22:11:38 ----D---- C:\WINDOWS\ie8updates
2010-08-01 20:29:08 ----D---- C:\Program Files\Mozilla Firefox
2010-08-01 18:35:44 ----D---- C:\Program Files\CCleaner
2010-08-01 13:56:41 ----D---- C:\Program Files\Winamp
2010-08-01 13:55:49 ----D---- C:\WINDOWS\security
2010-08-01 13:54:20 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Winamp
2010-08-01 13:48:05 ----D---- C:\Program Files\Fichiers communs\Apple
2010-08-01 12:32:52 ----SD---- C:\Documents and Settings\FRANCOISE\Application Data\Microsoft
2010-08-01 10:55:19 ----D---- C:\Program Files\ma-config.com
2010-08-01 10:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2010-08-01 10:46:26 ----D---- C:\Program Files\Windows Media Player
2010-08-01 10:46:26 ----D---- C:\Program Files\Winamp Detect
2010-07-12 00:30:44 ----D---- C:\WINDOWS\Logs
2010-07-11 19:20:58 ----D---- C:\Program Files\Audacity
2010-07-09 12:48:40 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-04-10 52872]
R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys []
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2002-09-06 122073]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-03-05 491648]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 WFsys;WinFox Control I/O Driver; C:\WINDOWS\system32\DRIVERS\wfsys.sys [2002-01-24 13532]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2002-07-23 32535]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
R2 ADSLAutoconnect;ADSLAutoconnect; C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2010-04-10 446464]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-08-01 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-06 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-16 155715]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe []
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

______________________________________________________________
info.txt :


info.txt logfile of random's system information tool 1.08 2010-08-08 01:49:06

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
ADSL Autoconnect-->C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe -u
AFPL Ghostscript 8.53-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
Dictionnaire Freelang 3.74 beta-->"C:\Documents and Settings\FRANCOISE\Local Settings\Application Data\Dictionnaire Freelang\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Emsisoft Anti-Malware 5.0-->"C:\Program Files\Emsisoft Anti-Malware\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.125\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\FRANCOISE\Mes documents\Téléchargements\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java 2 Runtime Environment Standard Edition v1.3.1_03-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_03\Uninst.isu"
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JPEG Lossless Rotator 6.6-->"C:\Program Files\JPEG Lossless Rotator\unins000.exe"
Labtec Keyboard-Desktop Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{511808B1-7114-43C7-8D6F-44FEBD7AC7B2}\Setup.exe" -l0x40c
Messager Wanadoo-->C:\PROGRA~1\MESSAG~1\UNWISE.EXE C:\PROGRA~1\MESSAG~1\INSTALL.LOG
Microsoft .NET Framework 2.0 Client Service Pack 2 - Language Pack (FRA)-->MsiExec.exe /I{30F71986-F2F2-33C8-89AA-99E566B04FD2}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Client Profile - Language Pack (FRA)-->MsiExec.exe /I{0089CA27-3E85-3E64-9814-A7B1A1756CE3}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Client Profile - Language Pack (FRA)-->MsiExec.exe /I{25EDB0C9-A32C-35AB-9AA3-6D74BBE16813}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework Client Profile-->C:\AHCache\All Users\Microsoft.Net.Client.3.5\setup.exe /remove "Microsoft.Net.Client.3.5"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework Client Profile - FRA-->C:\AHCache\All Users\Microsoft.Net.Client.3.5.LangPack.fra\setup.exe /remove "Microsoft.Net.Client.3.5.LangPack.fra"
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Net Transport 1.94.282-->"C:\Program Files\Xi\NetTransport 2\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OpenOffice.org 3.2-->MsiExec.exe /I{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
PDFill PDF Tools (FREE)-->MsiExec.exe /I{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
SAGEM F@st800-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wanadoo-->C:\PROGRA~1\Wanadoo\Uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe

======Security center information======

AV: AVG Anti-Virus

======System event log======

Computer Name: xxxxx
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 10184
Source Name: Service Control Manager
Time Written: 20100712120558.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 10183
Source Name: Service Control Manager
Time Written: 20100712120558.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 10182
Source Name: Service Control Manager
Time Written: 20100712120558.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: xxxxx
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 10181
Source Name: Service Control Manager
Time Written: 20100712120558.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: xxxxx
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de transfert intelligent en arrière-plan.

Record Number: 10180
Source Name: Service Control Manager
Time Written: 20100712120557.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: xxxxx
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1827
Source Name: SecurityCenter
Time Written: 20100528185930.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 1004
Message:
Record Number: 1826
Source Name: WgaSetup
Time Written: 20100528185912.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 1002
Message:
Record Number: 1825
Source Name: WgaSetup
Time Written: 20100528185912.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 1006
Message:
Record Number: 1824
Source Name: WgaSetup
Time Written: 20100528185911.000000+120
Event Type: Informations
User:

Computer Name: xxxxx
Event Code: 0
Message:
Record Number: 1823
Source Name: gupdate
Time Written: 20100528185911.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

cordialement,
8 Août 2010 02:36:12

Re,

fais la manip' d' Ad-Remover (merci C_XX) et poste le rapport : Ici
8 Août 2010 12:39:09

bien le bonjour,

voici le rapport d'ad-remover :

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:33:31 le 08/08/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
FRANCOISE@xxxxxx ( )

============== RECHERCHE ==============

Service: "Application Updater" Présent

0,Dossier trouvé: C:\Program Files\Application Updater
0,Dossier trouvé: C:\Documents and Settings\FRANCOISE\Application Data\pdfforge
0,Dossier trouvé: C:\Documents and Settings\FRANCOISE\Application Data\Search Settings
0,Dossier trouvé: C:\WINDOWS\$NtUninstallMTF1011$
3,Fichier trouvé: C:\WINDOWS\Installer\c47523.msi

1,Clé trouvée: HKLM\Software\Classes\CLSID\{29F08A22-C8C1-4971-808F-21D9C825B187}
3,Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JPEG Lossless Rotator_is1
0,Clé trouvée: HKLM\Software\Application Updater
0,Clé trouvée: HKLM\Software\pdfforge
0,Clé trouvée: HKLM\Software\Search Settings
0,Clé trouvée: HKCU\Software\pdfforge
0,Clé trouvée: HKCU\Software\Search Settings
0,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

0,Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
0,Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.8 (fr)] **

-- C:\Documents and Settings\FRANCOISE\Application Data\Mozilla\FireFox\Profiles\gkqsd8lp.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\FRANCOISE\\Bureau
browser.search.defaultenginename, Bing
browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.8
keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\9hohkle8.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.3

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://www.google.com/ie
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://search.live.com
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 08/08/2010 (820 Octet(s))

Fin à: 12:35:09, 08/08/2010

============== E.O.F ==============
8 Août 2010 12:40:25

par contre la c'est juste un scan, je fais un nettoyage aussi ?
8 Août 2010 12:59:11

voici le rapport une fois le nettoyage effectué :) 

====== RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:41:56 le 08/08/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
FRANCOISE@xxxxxx ( )

============== ACTION(S) ==============

Service: "Application Updater" Stoppé et supprimé

0,Dossier supprimé: C:\Program Files\Application Updater
0,Dossier supprimé: C:\Documents and Settings\FRANCOISE\Application Data\pdfforge
0,Dossier supprimé: C:\Documents and Settings\FRANCOISE\Application Data\Search Settings
0,Dossier supprimé: C:\WINDOWS\$NtUninstallMTF1011$
3,Fichier supprimé: C:\WINDOWS\Installer\c47523.msi

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{29F08A22-C8C1-4971-808F-21D9C825B187}
3,Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JPEG Lossless Rotator_is1
0,Clé supprimée: HKLM\Software\Application Updater
0,Clé supprimée: HKLM\Software\pdfforge
0,Clé supprimée: HKLM\Software\Search Settings
0,Clé supprimée: HKCU\Software\pdfforge
0,Clé supprimée: HKCU\Software\Search Settings
0,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings

0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
0,Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.8 (fr)] **

-- C:\Documents and Settings\FRANCOISE\Application Data\Mozilla\FireFox\Profiles\gkqsd8lp.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\FRANCOISE\\Bureau
browser.search.defaultenginename, Bing
browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.google.fr/
browser.startup.homepage_override.mstone, rv:1.9.2.8
keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=

-- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\9hohkle8.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.2.3

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 8 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 08/08/2010 (1621 Octet(s))
C:\Ad-Report-SCAN[1].txt - 08/08/2010 (3559 Octet(s))

Fin à: 12:54:24, 08/08/2010

============== E.O.F ==============
8 Août 2010 13:26:50

arf j'ai toujours ses onglets qui s'ouvrent tout seul, uniquement sur firefox. Et toujours pas acces au site de microsoft pour les updates.
8 Août 2010 20:10:42

bonsoir, voici le rapport de mbam :


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/08/2010 19:01:38
mbam-log-2010-08-08 (19-01-38).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 219766
Temps écoulé: 1 heure(s), 55 minute(s), 39 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP147\A0029166.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP147\A0029170.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP155\A0029937.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP204\A0040367.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP204\A0040368.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP204\A0040369.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP204\A0040507.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FA89440-A506-409E-8820-178BB5F82DB6}\RP204\A0040508.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Documents and Settings\FRANCOISE\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\FRANCOISE\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\7284234.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\8239828.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\1652156.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\4279437.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\4449515.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\4568593.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\5656687.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\5723859.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
8 Août 2010 20:18:35

je ne sais pas encore pour les pop up, mais je viens d'avoir l'erreur "generic host process" qui me coupe la navigation. Apres reboot cela revient.
8 Août 2010 21:26:51

Fais la manip' de ComboFix (merci sUBs) et poste le rapport : Ici

:) 
9 Août 2010 12:56:47

bonjour, j'ai effectué l'analyse comboFix (non sans difficulté, la premiere analyse ne s'est jamais lancé j'ai attendu des heures avec une fenetre Msdos bleu)

analyse faite donc en mode sans echec :


ComboFix 10-08-08.01 - Administrateur 09/08/2010 12:42:05.1.2 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.959.699 [GMT 2:00]
Lancé depuis: c:\documents and settings\FRANCOISE\Mes documents\Téléchargements\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\FRANCOISE\Application Data\B973DFB3E9DF478708A9917550BD44F6
c:\documents and settings\FRANCOISE\Application Data\B973DFB3E9DF478708A9917550BD44F6\enemies-names.txt
c:\documents and settings\FRANCOISE\Application Data\Microsoft\~DFK1d2a2f.tmp
c:\documents and settings\FRANCOISE\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\bass.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\peaadje.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\FRANCOISE\Application Data\Microsoft\rsaadjd.dll
c:\windows\10137500.exe
c:\windows\10229281.exe
c:\windows\10313109.exe
c:\windows\10355203.exe
c:\windows\10366875.exe
c:\windows\103944812.exe
c:\windows\10846718.exe
c:\windows\10919625.exe
c:\windows\11548187.exe
c:\windows\11586671.exe
c:\windows\12592656.exe
c:\windows\14133296.exe
c:\windows\14160015.exe
c:\windows\14267359.exe
c:\windows\14284468.exe
c:\windows\14308671.exe
c:\windows\14336343.exe
c:\windows\14359671.exe
c:\windows\14790812.exe
c:\windows\14832343.exe
c:\windows\15859578.exe
c:\windows\16165562.exe
c:\windows\16364843.exe
c:\windows\16382046.exe
c:\windows\16894046.exe
c:\windows\17354703.exe
c:\windows\18656687.exe
c:\windows\22179531.exe
c:\windows\22700187.exe
c:\windows\23451156.exe
c:\windows\24320296.exe
c:\windows\25711390.exe
c:\windows\25741515.exe
c:\windows\27585062.exe
c:\windows\27609218.exe
c:\windows\27637234.exe
c:\windows\27864453.exe
c:\windows\28565531.exe
c:\windows\28833546.exe
c:\windows\28846656.exe
c:\windows\28933625.exe
c:\windows\29406343.exe
c:\windows\29423765.exe
c:\windows\29457031.exe
c:\windows\29658859.exe
c:\windows\30487906.exe
c:\windows\31664703.exe
c:\windows\317312.exe
c:\windows\330890.exe
c:\windows\33461953.exe
c:\windows\36267656.exe
c:\windows\3684031.exe
c:\windows\36960859.exe
c:\windows\37344609.exe
c:\windows\37365515.exe
c:\windows\37734421.exe
c:\windows\37814687.exe
c:\windows\39040640.exe
c:\windows\40929015.exe
c:\windows\4490375.exe
c:\windows\4506781.exe
c:\windows\45927078.exe
c:\windows\49602437.exe
c:\windows\50118812.exe
c:\windows\5075828.exe
c:\windows\50885015.exe
c:\windows\51062203.exe
c:\windows\51366812.exe
c:\windows\5700328.exe
c:\windows\6850531.exe
c:\windows\7244015.exe
c:\windows\76484687.exe
c:\windows\8014046.exe
c:\windows\87152828.exe
c:\windows\87166328.exe
c:\windows\87490343.exe

----- Cloneurs de fichier -----

c:\windows\10137500.exe
c:\windows\10229281.exe
c:\windows\10313109.exe
c:\windows\10355203.exe
c:\windows\10366875.exe
c:\windows\103944812.exe
c:\windows\10846718.exe
c:\windows\10919625.exe
c:\windows\11548187.exe
c:\windows\11586671.exe
c:\windows\12592656.exe
c:\windows\14133296.exe
c:\windows\14160015.exe
c:\windows\14267359.exe
c:\windows\14284468.exe
c:\windows\14308671.exe
c:\windows\14336343.exe
c:\windows\14359671.exe
c:\windows\14790812.exe
c:\windows\14832343.exe
c:\windows\15859578.exe
c:\windows\16165562.exe
c:\windows\16364843.exe
c:\windows\16382046.exe
c:\windows\16894046.exe
c:\windows\17354703.exe
c:\windows\18656687.exe
c:\windows\22179531.exe
c:\windows\22700187.exe
c:\windows\23451156.exe
c:\windows\24320296.exe
c:\windows\25711390.exe
c:\windows\25741515.exe
c:\windows\27585062.exe
c:\windows\27609218.exe
c:\windows\27637234.exe
c:\windows\27864453.exe
c:\windows\28565531.exe
c:\windows\28833546.exe
c:\windows\28846656.exe
c:\windows\28933625.exe
c:\windows\29406343.exe
c:\windows\29423765.exe
c:\windows\29457031.exe
c:\windows\29658859.exe
c:\windows\30487906.exe
c:\windows\31664703.exe
c:\windows\317312.exe
c:\windows\330890.exe
c:\windows\33461953.exe
c:\windows\36267656.exe
c:\windows\3684031.exe
c:\windows\36960859.exe
c:\windows\37344609.exe
c:\windows\37365515.exe
c:\windows\37734421.exe
c:\windows\37814687.exe
c:\windows\39040640.exe
c:\windows\40929015.exe
c:\windows\4490375.exe
c:\windows\4506781.exe
c:\windows\45927078.exe
c:\windows\49602437.exe
c:\windows\50118812.exe
c:\windows\5075828.exe
c:\windows\50885015.exe
c:\windows\51062203.exe
c:\windows\51366812.exe
c:\windows\5700328.exe
c:\windows\6850531.exe
c:\windows\7244015.exe
c:\windows\76484687.exe
c:\windows\8014046.exe
c:\windows\87152828.exe
c:\windows\87166328.exe
c:\windows\87490343.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-09 au 2010-08-09 ))))))))))))))))))))))))))))))))))))
.

2010-08-08 13:49 . 2010-08-08 13:49 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\Malwarebytes
2010-08-08 13:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 13:49 . 2010-08-08 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 13:49 . 2010-08-08 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 13:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 10:33 . 2010-08-08 10:52 -------- d-----w- c:\program files\Ad-Remover
2010-08-07 23:48 . 2010-08-07 23:48 -------- d-----w- c:\program files\trend micro
2010-08-07 23:48 . 2010-08-07 23:49 -------- d-----w- C:\rsit
2010-08-07 11:49 . 2010-08-07 11:52 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\QuickScan
2010-08-05 22:30 . 2010-08-08 17:33 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:07 . 2010-08-05 20:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-04 21:36 . 2010-08-04 21:36 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-02 16:31 . 2008-04-13 09:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-02 16:31 . 2008-04-13 09:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-02 16:16 . 2010-08-02 16:16 -------- d-----w- c:\program files\NOS
2010-08-02 15:33 . 2010-08-02 15:33 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2010-08-02 15:05 . 2010-08-02 16:16 -------- d-----w- c:\program files\GGPO
2010-08-02 15:04 . 2010-08-02 15:04 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-08-01 19:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-01 19:43 . 2010-05-06 10:33 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-01 18:30 . 2010-08-01 18:30 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-08-01 18:30 . 2010-08-02 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-01 18:30 . 2010-07-26 14:01 37184 ----a-w- c:\documents and settings\FRANCOISE\Application Data\Mozilla\Firefox\Profiles\gkqsd8lp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-08-01 18:30 . 2010-07-26 14:01 32032 ----a-w- c:\documents and settings\FRANCOISE\Application Data\Mozilla\Firefox\Profiles\gkqsd8lp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-01 16:21 . 2010-08-01 18:28 -------- d-----w- c:\program files\Mp3 My Mp3 2.0
2010-08-01 16:20 . 2010-08-01 16:20 4 ----a-w- c:\windows\15859578.dat
2010-08-01 11:48 . 2010-08-01 11:48 -------- d-----w- c:\program files\iPod
2010-08-01 11:22 . 2010-08-01 11:22 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-01 08:47 . 2010-08-01 08:47 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\Uniblue
2010-08-01 08:46 . 2010-08-01 08:47 -------- d-----w- c:\documents and settings\FRANCOISE\Local Settings\Application Data\OpenCandy
2010-08-01 08:46 . 2010-08-01 08:46 331304 ----a-w- c:\documents and settings\FRANCOISE\Application Data\OpenCandy\OpenCandy_B60FC990644B425C826103FF3376E6C1\DLMgr_3_1.6.44.exe
2010-08-01 08:46 . 2010-08-01 08:46 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\OpenCandy
2010-07-11 22:27 . 2010-07-11 22:27 4 ----a-w- c:\windows\50118812.dat
2010-07-11 22:19 . 2010-07-11 22:19 4 ----a-w- c:\windows\49602437.dat
2010-07-11 17:20 . 2010-07-11 17:20 4 ----a-w- c:\windows\31664703.dat
2010-07-11 16:47 . 2010-08-01 08:54 -------- d-----w- c:\program files\Radio Fr Solo
2010-07-11 16:46 . 2010-07-11 16:46 4 ----a-w- c:\windows\29658859.dat
2010-07-11 16:12 . 2010-07-11 16:12 4 ----a-w- c:\windows\27585062.dat
2010-07-11 15:32 . 2010-07-11 15:32 -------- d-----w- c:\program files\Xi

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 17:50 . 2010-02-05 20:16 -------- d-----w- c:\program files\Wanadoo
2010-08-02 16:43 . 2001-08-28 12:00 558536 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-02 16:43 . 2001-08-28 12:00 106710 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-02 11:17 . 2010-02-06 00:04 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\Apple Computer
2010-08-01 18:48 . 2010-02-06 13:45 1 ----a-w- c:\documents and settings\FRANCOISE\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-01 16:35 . 2010-02-06 10:55 -------- d-----w- c:\program files\CCleaner
2010-08-01 11:56 . 2010-02-05 21:14 -------- d-----w- c:\program files\Winamp
2010-08-01 11:54 . 2010-02-05 21:14 -------- d-----w- c:\documents and settings\FRANCOISE\Application Data\Winamp
2010-08-01 11:50 . 2010-07-09 10:50 -------- d-----w- c:\program files\iTunes
2010-08-01 11:48 . 2010-02-06 00:02 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-08-01 08:55 . 2010-02-06 11:55 -------- d-----w- c:\program files\ma-config.com
2010-08-01 08:55 . 2010-02-06 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-08-01 08:46 . 2010-02-05 21:15 -------- d-----w- c:\program files\Winamp Detect
2010-07-11 17:20 . 2010-02-05 21:30 -------- d-----w- c:\program files\Audacity
2010-07-10 10:44 . 2010-07-10 10:44 4 ----a-w- c:\windows\10366875.dat
2010-07-10 10:43 . 2010-07-10 10:43 4 ----a-w- c:\windows\10313109.dat
2010-07-10 10:42 . 2010-07-10 10:42 4 ----a-w- c:\windows\10229281.dat
2010-07-09 10:48 . 2010-07-09 10:48 -------- d-----w- c:\program files\Bonjour
2010-07-08 10:51 . 2010-07-08 10:51 4 ----a-w- c:\windows\4279437.dat
2010-07-04 00:26 . 2010-07-04 00:26 4 ----a-w- c:\windows\40929015.dat
2010-07-03 16:17 . 2010-07-03 16:17 4 ----a-w- c:\windows\11586671.dat
2010-07-03 11:54 . 2010-07-03 11:54 4 ----a-w- c:\windows\10137500.dat
2010-06-22 17:16 . 2010-04-10 20:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 17:16 . 2010-06-22 17:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 17:16 . 2010-04-10 20:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-20 13:08 . 2010-06-20 13:08 4 ----a-w- c:\windows\10846718.dat
2010-06-19 23:10 . 2010-06-19 23:10 4 ----a-w- c:\windows\51062203.dat
2010-06-19 23:08 . 2010-06-19 23:08 4 ----a-w- c:\windows\50885015.dat
2010-06-19 13:29 . 2010-06-19 13:29 4 ----a-w- c:\windows\16165562.dat
2010-06-19 10:15 . 2010-06-19 10:15 4 ----a-w- c:\windows\4506781.dat
2010-06-19 10:14 . 2010-06-19 10:14 4 ----a-w- c:\windows\4490375.dat
2010-06-19 10:14 . 2010-06-19 10:14 4 ----a-w- c:\windows\4449515.dat
2010-06-14 14:31 . 2010-02-01 21:44 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-13 16:20 . 2010-06-13 16:20 4 ----a-w- c:\windows\24320296.dat
2010-06-12 21:26 . 2010-06-12 21:26 4 ----a-w- c:\windows\39040640.dat
2010-06-06 22:07 . 2010-06-06 22:07 4 ----a-w- c:\windows\37814687.dat
2010-06-06 21:52 . 2010-06-06 21:52 4 ----a-w- c:\windows\36960859.dat
2010-06-06 20:54 . 2010-06-06 20:54 4 ----a-w- c:\windows\33461953.dat
2010-06-05 21:56 . 2010-06-05 21:56 4 ----a-w- c:\windows\103944812.dat
2010-06-05 00:48 . 2010-06-05 00:48 4 ----a-w- c:\windows\27864453.dat
2010-06-04 23:34 . 2010-06-04 23:34 4 ----a-w- c:\windows\23451156.dat
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 15:54 . 2010-04-10 20:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-29 21:48 . 2010-05-29 21:48 4 ----a-w- c:\windows\37365515.dat
2010-05-29 21:48 . 2010-05-29 21:48 4 ----a-w- c:\windows\37344609.dat
2010-05-29 00:06 . 2010-05-29 00:06 4 ----a-w- c:\windows\25741515.dat
2010-05-29 00:06 . 2010-05-29 00:06 4 ----a-w- c:\windows\25711390.dat
2010-05-24 01:41 . 2010-05-24 01:41 4 ----a-w- c:\windows\37734421.dat
2010-05-23 22:53 . 2010-05-23 22:53 4 ----a-w- c:\windows\27637234.dat
2010-05-23 22:53 . 2010-05-23 22:53 4 ----a-w- c:\windows\27609218.dat
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-15 19:33 . 2010-05-15 19:33 4 ----a-w- c:\windows\36267656.dat
2010-05-15 17:29 . 2010-05-15 17:29 4 ----a-w- c:\windows\28846656.dat
2010-05-15 17:29 . 2010-05-15 17:29 4 ----a-w- c:\windows\28833546.dat
2010-05-14 23:40 . 2010-05-14 23:40 314 ----a-w- c:\windows\51366812.dat
2010-05-14 11:26 . 2010-05-14 11:26 4 ----a-w- c:\windows\7284234.dat
2010-05-14 11:25 . 2010-05-14 11:25 4 ----a-w- c:\windows\7244015.dat
2004-10-01 14:00 . 2010-02-06 11:59 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-21 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st800\dslmon.exe [2010-2-5 938055]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 17:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
2010-07-26 07:39 3634568 ----a-w- c:\program files\Emsisoft Anti-Malware\a2guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-22 17:16 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 18:34 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-12 09:58 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 09:26 86016 ------w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
"a2free"=2 (0x2)
"ose"=3 (0x3)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"a2AntiMalware"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/04/2010 22:55 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/04/2010 22:54 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/04/2010 22:55 243024]
S2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [10/04/2010 16:07 446464]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 22:51 133104]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [06/08/2010 00:30 71008]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [28/08/2001 14:00 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 WFsys;WinFox Control I/O Driver;c:\windows\system32\drivers\wfsys.sys [07/02/2010 15:48 13532]
S4 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [06/08/2010 00:30 1935656]
S4 a2free;a-squared Free Service;"c:\program files\a-squared Free\a2service.exe" --> c:\program files\a-squared Free\a2service.exe [?]
S4 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [22/06/2010 19:16 921952]
S4 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/06/2010 19:16 308136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ADILOADER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-14 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-04-14 09:46]

2010-04-24 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-04-14 09:46]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:51]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:51]

2010-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1708537768-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1708537768-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {D96546A7-F891-441E-9195-C5067F0D10EF} = 81.253.149.1 80.10.246.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9hohkle8.default\
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 12:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2010-08-09 12:49:24
ComboFix-quarantined-files.txt 2010-08-09 10:49

Avant-CF: 52 015 230 976 octets libres
Après-CF: 52 207 239 168 octets libres

- - End Of File - - C5EC577C845CABF987458F532D04F808
9 Août 2010 19:43:13

re bonjour et mille merci pour toute l'aide que tu m'a apporté.

Je pense que mon problème est maintenant résolu, je n'ai plus de pop up, plus d'erreur generic host process et j'ai de nouveau accès au site des updates.

bonne continuation et encore merci

9 Août 2010 21:07:39

kibkib a dit :
> Je pense que mon problème est maintenant résolu,


Bonjour,

> Nous n' avons pas terminé...

Poste un nouveau rapport RSIT.

A+


9 Août 2010 21:49:46

voici :)  :


Logfile of random's system information tool 1.08 (written by random/random)
Run by FRANCOISE at 2010-08-09 21:47:29
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (60%) free of 83 GB
Total RAM: 959 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:37, on 09/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\FRANCOISE\Bureau\RSIT.exe
C:\Program Files\trend micro\FRANCOISE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D96546A7-F891-441E-9195-C5067F0D10EF}: NameServer = 80.10.246.1 81.253.149.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 8810 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\expressburnSevenDaysInit.job
C:\WINDOWS\tasks\expressburnShakeIcon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1708537768-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1708537768-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-21 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-08-01 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2005-09-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-06 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-16 7630848]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-21 202256]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-22 2065760]
"a-squared"=C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [2010-07-26 3634568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [2010-07-26 3634568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2
"a2free"=2
"ose"=3
"a2AntiMalware"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Emsisoft Anti-Malware\a2start.exe"="C:\Program Files\Emsisoft Anti-Malware\a2start.exe:*:Enabled:Emsisoft Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-08-09 18:33:43 ----D---- C:\Program Files\Emsisoft Anti-Malware
2010-08-09 14:27:52 ----SHD---- C:\RECYCLER
2010-08-09 13:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-09 13:02:39 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-08-09 12:49:26 ----D---- C:\WINDOWS\temp
2010-08-09 12:49:24 ----A---- C:\ComboFix.txt
2010-08-09 00:20:43 ----A---- C:\Boot.bak
2010-08-09 00:20:36 ----RASHD---- C:\cmdcons
2010-08-09 00:17:28 ----A---- C:\WINDOWS\zip.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\SWSC.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\SWREG.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\sed.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\PEV.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\MBR.exe
2010-08-09 00:17:28 ----A---- C:\WINDOWS\grep.exe
2010-08-09 00:12:30 ----D---- C:\WINDOWS\ERDNT
2010-08-09 00:01:37 ----D---- C:\Qoobox
2010-08-08 15:49:13 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Malwarebytes
2010-08-08 15:49:03 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-08 15:49:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-08 15:49:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-08 15:49:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-08 12:51:18 ----A---- C:\Ad-Report-CLEAN[1].txt
2010-08-08 12:33:46 ----A---- C:\Ad-Report-SCAN[1].txt
2010-08-08 12:33:27 ----D---- C:\Program Files\Ad-Remover
2010-08-08 01:48:29 ----D---- C:\Program Files\trend micro
2010-08-08 01:48:28 ----D---- C:\rsit
2010-08-07 13:49:12 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\QuickScan
2010-08-06 15:43:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 13:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-08-02 18:31:28 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-02 18:16:41 ----D---- C:\Program Files\NOS
2010-08-02 18:16:41 ----D---- C:\Config.Msi
2010-08-02 17:33:07 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2010-08-02 17:05:45 ----D---- C:\Program Files\GGPO
2010-08-02 17:04:23 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-08-01 22:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-01 22:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-01 22:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-01 22:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-08-01 22:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-08-01 22:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-08-01 22:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-08-01 22:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-08-01 22:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-01 22:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-01 22:09:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-01 20:30:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-08-01 18:21:08 ----D---- C:\Program Files\Mp3 My Mp3 2.0
2010-08-01 13:48:12 ----D---- C:\Program Files\iPod
2010-08-01 10:47:55 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Uniblue
2010-08-01 10:46:29 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\OpenCandy
2010-08-01 10:45:34 ----D---- C:\WINDOWS\RegisteredPackages
2010-07-11 18:48:39 ----A---- C:\WINDOWS\Radio_Fr.ini
2010-07-11 18:47:48 ----D---- C:\Program Files\Radio Fr Solo
2010-07-11 17:32:31 ----D---- C:\Program Files\Xi

======List of files/folders modified in the last 1 months======

2010-08-09 21:47:36 ----D---- C:\WINDOWS\Prefetch
2010-08-09 21:47:20 ----SD---- C:\WINDOWS\Tasks
2010-08-09 18:34:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-09 18:33:43 ----RD---- C:\Program Files
2010-08-09 18:29:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-09 18:26:13 ----D---- C:\WINDOWS
2010-08-09 16:31:34 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-09 14:27:53 ----D---- C:\WINDOWS\Debug
2010-08-09 13:10:01 ----D---- C:\WINDOWS\system32
2010-08-09 13:07:49 ----HD---- C:\WINDOWS\inf
2010-08-09 13:07:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-09 13:07:18 ----SHD---- C:\WINDOWS\Installer
2010-08-09 13:05:20 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-09 12:50:36 ----RASH---- C:\boot.ini
2010-08-09 12:50:36 ----A---- C:\WINDOWS\win.ini
2010-08-09 12:50:36 ----A---- C:\WINDOWS\system.ini
2010-08-09 12:48:12 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-09 12:47:35 ----SD---- C:\Documents and Settings\FRANCOISE\Application Data\Microsoft
2010-08-09 12:46:12 ----D---- C:\WINDOWS\system32\drivers
2010-08-09 12:45:53 ----D---- C:\WINDOWS\AppPatch
2010-08-09 12:45:53 ----D---- C:\Program Files\Fichiers communs
2010-08-08 19:50:24 ----D---- C:\Program Files\Wanadoo
2010-08-08 19:29:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-08-04 23:36:52 ----D---- C:\WINDOWS\system32\config
2010-08-04 23:36:36 ----D---- C:\WINDOWS\system32\wbem
2010-08-04 23:36:35 ----D---- C:\WINDOWS\Registration
2010-08-04 23:25:38 ----SHD---- C:\WINDOWS\CSC
2010-08-02 19:04:22 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-02 19:04:19 ----RSD---- C:\WINDOWS\assembly
2010-08-02 18:47:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-02 18:46:24 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-08-02 18:43:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-02 18:42:41 ----D---- C:\WINDOWS\WinSxS
2010-08-02 18:39:55 ----D---- C:\Program Files\Internet Explorer
2010-08-02 18:37:43 ----D---- C:\Program Files\Outlook Express
2010-08-02 17:08:10 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Adobe
2010-08-02 17:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-02 17:04:25 ----D---- C:\Program Files\Adobe
2010-08-02 13:17:13 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Apple Computer
2010-08-01 22:11:38 ----D---- C:\WINDOWS\ie8updates
2010-08-01 20:29:08 ----D---- C:\Program Files\Mozilla Firefox
2010-08-01 18:35:44 ----D---- C:\Program Files\CCleaner
2010-08-01 13:56:41 ----D---- C:\Program Files\Winamp
2010-08-01 13:55:49 ----D---- C:\WINDOWS\security
2010-08-01 13:54:20 ----D---- C:\Documents and Settings\FRANCOISE\Application Data\Winamp
2010-08-01 13:50:42 ----D---- C:\Program Files\iTunes
2010-08-01 13:48:05 ----D---- C:\Program Files\Fichiers communs\Apple
2010-08-01 10:55:19 ----D---- C:\Program Files\ma-config.com
2010-08-01 10:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2010-08-01 10:46:26 ----D---- C:\Program Files\Windows Media Player
2010-08-01 10:46:26 ----D---- C:\Program Files\Winamp Detect
2010-07-27 08:30:01 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-12 00:30:44 ----D---- C:\WINDOWS\Logs
2010-07-11 19:20:58 ----D---- C:\Program Files\Audacity

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-04-10 52872]
R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-22 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-01 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-22 243024]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2002-09-06 122073]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-16 3959712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-03-05 491648]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 WFsys;WinFox Control I/O Driver; C:\WINDOWS\system32\DRIVERS\wfsys.sys [2002-01-24 13532]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2002-07-23 32535]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
R2 ADSLAutoconnect;ADSLAutoconnect; C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2010-04-10 446464]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-08-01 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-06 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-16 155715]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe []
S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
10 Août 2010 13:01:22

bonjour,

bon impossible de lancer le test bitdefender avec IE, lors de l'acceptation du module complémentaire j'ai drwtsn32.exe qui plante systématiquement

donc voici le rapport avec firefox :

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Date de l'analyse : Tue Aug 10 12:46:53 2010
ID de la machine : 34423D62

C:\Program Files\Mozilla Firefox - accès impossible


Aucune infection détectée.
--------------------------



Processus
---------
<verifié> ADSLAutoconnect 2356 C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
<verifié> Apple Mobile Device Service 324 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
<verifié> AVG Internet Security 4080 C:\Program Files\AVG\AVG9\avgam.exe
<verifié> AVG Internet Security 1556 C:\Program Files\AVG\AVG9\avgchsvx.exe
<verifié> AVG Internet Security 812 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verifié> AVG Internet Security 2868 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verifié> AVG Internet Security 1664 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verifié> AVG Internet Security 4024 C:\Program Files\AVG\AVG9\avgemc.exe
<verifié> AVG Internet Security 536 C:\Program Files\AVG\AVG9\avgnsx.exe
<verifié> AVG Internet Security 1564 C:\Program Files\AVG\AVG9\avgrsx.exe
<verifié> AVG Internet Security 2296 C:\Program Files\AVG\AVG9\avgtray.exe
<verifié> AVG Internet Security 3864 C:\Program Files\AVG\AVG9\avgui.exe
<verifié> AVG Internet Security 336 C:\Program Files\AVG\AVG9\avgwdsvc.exe
<verifié> Bonjour 424 C:\Program Files\Bonjour\mDNSResponder.exe
<verifié> DSLMON Application 556 C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
<verifié> Firefox 2432 C:\Program Files\Mozilla Firefox\firefox.exe
<verifié> Java(TM) Platform SE 6 U18 116 C:\Program Files\Java\jre6\bin\jqs.exe
<verifié> Messenger 2444 C:\Program Files\Messenger\msmsgs.exe
<verifié> Microsoft® Windows® Operating System 2760 C:\WINDOWS\System32\alg.exe
<verifié> Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\csrss.exe
<verifié> Microsoft® Windows® Operating System 2388 C:\WINDOWS\system32\ctfmon.exe
<verifié> Microsoft® Windows® Operating System 888 C:\WINDOWS\system32\lsass.exe
<verifié> Microsoft® Windows® Operating System 1760 C:\WINDOWS\system32\spoolsv.exe
<verifié> Microsoft® Windows® Operating System 276 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1452 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1368 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1364 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1272 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1048 C:\WINDOWS\system32\svchost.exe
<verifié> Microsoft® Windows® Operating System 3000 C:\WINDOWS\System32\svchost.exe
<verifié> Microsoft® Windows® Operating System 1956 C:\WINDOWS\system32\wdfmgr.exe
<verifié> Microsoft® Windows® Operating System 3552 C:\WINDOWS\system32\wscntfy.exe
<verifié> NVIDIA Driver Helper Service, Version 9 1260 C:\WINDOWS\System32\nvsvc32.exe
<verifié> RealPlayer (32-bit) 2288 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verifié> Système d'exploitation Microsoft® Windo 1948 C:\WINDOWS\Explorer.EXE
<verifié> Système d'exploitation Microsoft® Windo 2128 C:\WINDOWS\system32\drwtsn32.exe
<verifié> Système d'exploitation Microsoft® Windo 3124 C:\WINDOWS\system32\drwtsn32.exe
<verifié> Système d'exploitation Microsoft® Windo 876 C:\WINDOWS\system32\services.exe
<verifié> Système d'exploitation Microsoft® Windo 756 C:\WINDOWS\System32\smss.exe
<verifié> Système d'exploitation Microsoft® Windo 832 C:\WINDOWS\system32\winlogon.exe
<verifié> Windows® Internet Explorer 480 C:\Program Files\Internet Explorer\IEXPLORE.EXE


Activité du réseau
------------------
Processus firefox.exe (2432) connecté sur le port 80 (HTTP) --> *.122.2o7.net
Processus firefox.exe (2432) connecté sur le port 80 (HTTP) --> wy-in-f100.1e100.net
Processus firefox.exe (2432) connecté sur le port 80 (HTTP) --> a92-123-5-115.deploy.akamaitechnologies.com

Processus svchost.exe (1104) écoute sur les ports: 135 (RPC)
Processus svchost.exe (1272) écoute sur les ports: 139 (NetBIOS)
Processus svchost.exe (1452) écoute sur les ports: 2869 (SSDP event notification, UPNP)


Fichiers critiques et Autorun
-----------------------------
<non signé> Express Burn C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe

<verifié> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verifié> AVG Internet Security C:\Program Files\AVG\AVG9\avgtray.exe
<verifié> AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
<verifié> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verifié> Messenger C:\Program Files\Messenger\msmsgs.exe
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verifié> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<verifié> RealPlayer (32-bit) C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
<verifié> RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\browseui.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\crypt32.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\cscdll.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\logonui.exe
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\sclgntfy.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shell32.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\stobject.dll
<verifié> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\wlnotify.dll
<verifié> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Plugins du navigateur
---------------------
<non signé> Net Transport IE Helper Module c:\program files\xi\nettransport 2\ntiehelper.dll
<non signé> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<non signé> QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<non signé> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<non signé> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
<non signé> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<non signé> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<non signé> RealPlayer(tm) HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<non signé> VLC Multimedia Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll
<non signé> Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

<verifié> AcroIEHelperShim Library c:\program files\fichiers communs\adobe\acrobat\activex\acroiehelpershim.dll
<verifié> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verifié> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verifié> AVG Internet Security c:\program files\avg\avg9\avgssie.dll
<verifié> BitDefender QuickScan C:\Documents and Settings\FRANCOISE\Application Data\Mozilla\Firefox\Profiles\gkqsd8lp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verifié> BitDefender QuickScan C:\Documents and Settings\FRANCOISE\Application Data\Mozilla\Firefox\Profiles\gkqsd8lp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verifié> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verifié> EPSON Web-To-Page c:\program files\epson\epson web-to-page\epson web-to-page.dll
<verifié> getPlusPlus for Adobe 16287 C:\Documents and Settings\FRANCOISE\Application Data\Mozilla\Firefox\Profiles\gkqsd8lp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
<verifié> getPlusPlus for Adobe 16287 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verifié> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verifié> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<verifié> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<verifié> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<verifié> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verifié> Java(TM) Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verifié> Java(TM) Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verifié> Messenger C:\Program Files\Messenger\msmsgs.exe
<verifié> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verifié> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
<verifié> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verifié> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verifié> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verifié> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verifié> nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
<verifié> nppdf32.FRA C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
<verifié> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verifié> Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
<verifié> RealPlayer Download and Record Plugin c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
<verifié> RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verifié> RealPlayer(tm) G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
<verifié> SYNERTEL/I Win-Minitel Plugin C:\Program Files\Internet Explorer\plugins\NPWMin32.dll
<verifié> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\mswsock.dll
<verifié> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verifié> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Fichiers manquants
------------------
Fichier non trouvé : C:\Program Files\Application Updater\ApplicationUpdater.exe
référencé dans : HKLM\System\ControlSet001\services\Application Updater\"ImagePath"

Fichier non trouvé : C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
référencé dans : HKLM\System\ControlSet001\services\driverhardwarev2\"ImagePath"

Fichier non trouvé : C:\Program Files\ma-config.com\maconfservice.exe
référencé dans : HKLM\System\ControlSet001\services\maconfservice\"ImagePath"

Fichier non trouvé : C:\WINDOWS\System32\hidserv.dll
référencé dans : HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"


Analyse
-------
<non signé> MD5: 2e1404e838bdcd277e83300e783ad404 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
<non signé> MD5: 2447722d85bcbc812b79dfddbda96876 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
<non signé> MD5: e9dd7fd97d1d05dfd9b478ac13e74628 C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<non signé> MD5: 10bed437023f93dd1ad8efa80e71280f C:\Program Files\Mozilla Firefox\freebl3.dll
<non signé> MD5: dce543b6b3ff516bd65c1030e4b933ff C:\Program Files\Mozilla Firefox\nssdbm3.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<non signé> MD5: 2de3979d7b2312a679ff48d215a100f7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<non signé> MD5: edf657cc6d35e4bff1e4f144eb5e027f C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<non signé> MD5: 8908ac33d36f55a60a87a5290360fa27 C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<non signé> MD5: dcc17c274554e0a9263cb92d739927be C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
<non signé> MD5: 222afed911cbf5f9a454adee53d31b30 C:\Program Files\Mozilla Firefox\softokn3.dll
<non signé> MD5: 2afc79f3ca00350ddfaa80cf65aad5e6 C:\Program Files\NCH Swift Sound\ExpressBurn\expressburn.exe
<non signé> MD5: edf657cc6d35e4bff1e4f144eb5e027f c:\program files\real\realplayer\Netscape6\nprjplug.dll
<non signé> MD5: 8908ac33d36f55a60a87a5290360fa27 c:\program files\real\realplayer\Netscape6\nprpjplug.dll
<non signé> MD5: cbb22f6eb8598123675f91811d1d947b C:\Program Files\VideoLAN\VLC\npvlc.dll
<non signé> MD5: 7bf1852adfcbf66062342c87695f3025 c:\program files\xi\nettransport 2\ntiehelper.dll
<non signé> MD5: f78fa9a828d685c3e7e0955fec426970 C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<non signé> MD5: b87fc7c71632240dac8f4d20e9ce8377 C:\WINDOWS\system32\drivers\INCDFS.sys
<non signé> MD5: 2e878405128ec98886eb9c2216ac7bd6 C:\WINDOWS\System32\DRIVERS\InCDPass.sys
<non signé> MD5: ddf078917a42f105385d7eb6debb3433 C:\WINDOWS\system32\drivers\INCDREC.sys
<non signé> MD5: 7f352360e947ad2cd4ba60de27b1a299 C:\WINDOWS\system32\drivers\incdrm.sys
<non signé> MD5: 85701ca0f6ca9de71fbb6e23ebd96121 C:\WINDOWS\system32\DRIVERS\wfsys.sys
<non signé> MD5: f5e5f944e63a9b5f6e76c2ebb2ac462f C:\WINDOWS\system32\DRIVERS\xusb21.sys
<non signé> MD5: ab9114dbe4e5f400aa1257159340e321 C:\WINDOWS\system32\WooDial2000.dll
<non signé> MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
<non signé> MD5: c0e106aab94ccb5feaf441a1bcfba93b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll


Aucun fichier téléchargé vers le serveur.

Analyse terminée - la communication a duré 1 secondes
Trafic total - 0.01 Mo envoyés, 0.54 Ko reçus
657 fichiers et modules analysés - 18 seconds

==============================================================================


10 Août 2010 21:28:06

Bonjour,

il faut mettre à jour Java (faille de sécurité) :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6u21 et dans la page suivante, coche I agree... puis télécharge Multi-language/Windows Offline Installation/jre-6u21-windows-i586.exe

A+
10 Août 2010 22:43:45

bonsoir, j'ai effectué la maj de java.
11 Août 2010 00:53:44

Bonsoir,

comment va ton Pc?

:) 

A+
11 Août 2010 01:22:24

yop

il va tres bien, plus de soucis ^^

je te remercie encore :p 

A+
11 Août 2010 01:37:55

Re,

si tout est ok :

* Je te conseille de défragmenter ton PC : http://www.6ma.fr/tuto/defragmenter+disque+sous+windows...
* Il est fortement recommandé d' avoir tous ses logiciels à jour.
* Tu peux supprimer ceux que nous avons utilisés (fais démarrer>Exécuter puis tape ComboFix /uninstall>Ok, RSIT, Ad-Remover...) traitant d' infections spécifiques.
* Garde Malwarebytes' Anti-Malware.

-----------------------------------------------------------------------------------------------------------------------------------

Maintenant que ta machine n' est plus infectée, désactive la Restauration du système : http://forum.pcastuces.com/desactiver_la_restauration_s...

-----------------------------------------------------------------------------------------------------------------------------------

Pour la sécurité de ton PC, prends quelques minutes pour lire :
http://www.infos-du-net.com/forum/275481-11-dossier-pre...

-----------------------------------------------------------------------------------------------------------------------------------

Dénonce stv ton infection en postant sur Malware-Complaints :

- Règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Enregistre-toi à l' aide du bouton Register
- Choisis I Agree to these terms and am over or exactly 13 years of age

Indique aussi le nom du forum qui t' a aidé, Idn.

-----------------------------------------------------------------------------------------------------------------------------------

Marque ton sujet en (Résolu).

:hello: 

A+
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS