Se connecter / S'enregistrer
Votre question

[RESOLU] Cheval de Troie - win32

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Février 2010 17:52:08

Bonjour, bonsoir.
En cliquant malencontreusement sur une de ces @£$& de fenêtres pop up parasite, je me suis retrouvée avec des virus cheval de Troie et un win32(quelquechose) dont je n'arrive guère à me débarrasser. J'ai donc suivis les conseils vu sur les précédents postes mais n'étant pas une lumière en informatique... je vous demande de l'aide ^^. J'ai essayé avast, antivir, windomws sexurity essentials : ils ont supprimé quelque cheval de troie mais lorsque je redémarre mon système un fenêtre me dit que Win32 a été détecté et là mes antivurus me trouve deux "cheval de troie", toujours les même à chaque fois que je rallume mon pc...

Je suis au bord de la crise de nerfs
:fou: 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:58, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\1\Mes documents\Téléchargements\RSIT(2).exe
C:\Program Files\trend micro\1.exe
C:\WINDOWS\system32\dumprep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: monnid32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8119 bytes





Cordialement :D 

Autres pages sur : resolu cheval troie win32

a c 295 8 Sécurité
18 Février 2010 18:06:17

Bonjour,

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
  • Coche également les cases à côté de LOP Check et Purity Check.
  • Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    Contenus similaires
    a c 295 8 Sécurité
    18 Février 2010 18:14:35

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    18 Février 2010 18:48:42

    Re, alors ça y est je l'ai fais :

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3756
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    18/02/2010 18:47:52
    mbam-log-2010-02-18 (18-47-52).txt

    Type de recherche: Examen rapide
    Eléments examinés: 120796
    Temps écoulé: 18 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 10
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 10

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\security essentials 2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\~TMC4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\1\Local Settings\Temp\~TMBD.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\SY0YUG3N\load[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ES15.exe (Rogue.SecurityEsssentials) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\1\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    18 Février 2010 19:01:39

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan OTL puis poste le rapport OTL.
    18 Février 2010 19:12:04


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\1\Mes documents\Téléchargements\RSIT(2).exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA3.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: monnid32.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.buy-security-essentials.com
    O15 - Trusted Zone: http://*.download-soft-package.com
    O15 - Trusted Zone: http://*.download-software-package.com
    O15 - Trusted Zone: http://*.get-key-se10.com
    O15 - Trusted Zone: http://*.is-software-download.com
    O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
    O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/Gam...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 7587 bytes
    a c 295 8 Sécurité
    18 Février 2010 19:19:09

    Non, ça, c'est un rapport HijackThis.
    18 Février 2010 19:32:48

    Raaah la nulle :s
    Excusez moi....

    OTL logfile created on: 18/02/2010 19:22:27 - Run 2
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\1\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 023,00 Mb Total Physical Memory | 462,00 Mb Available Physical Memory | 45,00% Memory free
    1,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37,25 Gb Total Space | 16,43 Gb Free Space | 44,11% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: RG-8E006ECD82E3
    Current User Name: 1
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
    PRC - C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (ALWIL Software)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
    PRC - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
    PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\PSIService.exe ()
    PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
    MOD - C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1.5_000\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)


    ========== Win32 Services (SafeList) ==========

    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe ()
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (LIVESRV) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
    SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (BitDefender S. R. L.)
    SRV - (scan) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
    SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
    SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
    SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender S.R.L.)
    DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys ()
    DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
    DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
    DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
    DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
    DRV - (EMCR) -- C:\WINDOWS\system32\drivers\EMCR7SK.sys (ENE Technology Inc.)
    DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 17:21:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 19:41:15 | 000,000,000 | ---D | M]

    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions
    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/02/18 11:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions
    [2010/02/15 19:41:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/02/18 11:19:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/16 09:19:14 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/01/16 09:19:14 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/16 09:19:14 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/09/22 15:59:50 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
    [2010/01/16 09:19:14 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2008/12/30 10:01:20 | 000,002,253 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xeoocom.xml
    [2010/01/16 09:19:14 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
    O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Sites de confiance)
    O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Sites de confiance)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Sites de confiance)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/Gam... (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/24 18:15:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/02/18 18:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Malwarebytes
    [2010/02/18 18:19:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/18 18:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/18 18:19:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/18 18:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/18 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
    [2010/02/18 17:05:38 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/02/18 11:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\PCHealth
    [2010/02/18 11:19:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/02/17 21:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2010/02/17 21:37:39 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2010/02/17 21:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/02/17 20:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\BitDefender
    [2010/02/17 20:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
    [2010/02/17 20:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2010/02/17 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
    [2010/02/17 18:57:47 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/17 18:45:36 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/02/17 18:45:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/02/17 18:45:35 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/02/17 18:45:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/02/17 18:45:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/02/17 18:40:07 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/02/15 18:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Hercules webcam
    [2010/02/15 18:57:00 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
    [2010/02/15 18:56:56 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
    [2010/02/15 18:56:54 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
    [2010/02/15 18:56:50 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
    [2010/02/15 18:56:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
    [2010/02/15 18:56:44 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
    [2010/02/15 18:56:41 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
    [2010/02/15 18:27:46 | 000,457,984 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
    [2010/02/15 18:27:46 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
    [2010/02/15 18:27:46 | 000,098,432 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\camfilt2.sys
    [2010/02/15 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
    [2010/02/15 18:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\HWC HD
    [2010/02/13 00:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Téléchargements
    [2010/02/10 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\DivX
    [2010/02/10 17:18:35 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
    [2010/02/10 17:18:35 | 000,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
    [2010/02/10 17:18:35 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
    [2010/02/10 17:18:35 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
    [2010/02/10 17:18:34 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
    [2010/02/10 17:18:34 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
    [2010/02/10 17:18:34 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
    [2010/02/10 17:18:34 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
    [2010/02/10 17:18:34 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
    [2010/02/10 17:18:34 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
    [2010/02/10 17:18:34 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
    [2010/02/10 17:18:34 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
    [2010/02/10 17:18:34 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
    [2010/02/10 17:18:34 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
    [2010/02/10 17:18:34 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
    [2010/02/10 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
    [2010/02/10 17:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/01/23 15:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\FreeAudioPack
    [2009/09/10 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/09/08 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
    [2009/08/24 18:19:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/02/18 19:21:02 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\1\NTUSER.DAT
    [2010/02/18 18:58:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/18 18:53:02 | 000,000,335 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2010/02/18 18:52:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/18 18:51:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/18 18:51:06 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/18 18:50:25 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
    [2010/02/18 11:52:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/17 21:41:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9645.exe
    [2010/02/17 21:29:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/17 21:21:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16232.exe
    [2010/02/17 21:00:22 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2010/02/17 21:00:21 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2010/02/17 20:51:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25141.exe
    [2010/02/17 20:31:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3333.exe
    [2010/02/17 20:11:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24070.exe
    [2010/02/17 19:51:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19155.exe
    [2010/02/17 19:31:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22213.exe
    [2010/02/17 18:57:47 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/17 18:53:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/02/10 17:23:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/02/18 11:11:01 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/17 21:41:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9645.exe
    [2010/02/17 21:37:22 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/17 21:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16232.exe
    [2010/02/17 21:00:22 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2010/02/17 21:00:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2010/02/17 20:51:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25141.exe
    [2010/02/17 20:31:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3333.exe
    [2010/02/17 20:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24070.exe
    [2010/02/17 19:51:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19155.exe
    [2010/02/17 19:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22213.exe
    [2010/02/17 18:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
    [2010/02/17 18:33:02 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cqfyto.dat
    [2010/02/15 18:27:46 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
    [2010/02/15 18:27:21 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
    [2010/01/19 14:21:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/11/24 17:30:15 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/14 11:02:53 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/29 14:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/10/29 14:35:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
    [2009/10/27 18:58:07 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2009/08/24 18:33:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/24 18:33:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/24 18:33:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/24 18:33:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/24 18:25:41 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/03/23 07:14:20 | 000,138,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
    [2009/02/17 15:23:44 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
    [2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll

    ========== LOP Check ==========

    [2010/02/17 20:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\BitDefender
    [2009/10/29 20:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\e frontier
    [2010/01/23 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\FreeAudioPack
    [2010/02/13 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\LimeWire
    [2010/01/07 19:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Usenet.nl
    [2009/09/08 16:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Vodafone
    [2010/02/18 11:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/10/29 14:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2009/10/29 14:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/09/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
    [2010/02/18 18:58:09 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========


    < End of report >
    a c 295 8 Sécurité
    18 Février 2010 21:49:24

    Il faut avoir qu'un seul antivirus.

    Tu as payé BitDefender ?
    18 Février 2010 22:37:05

    Non je ne lai pas payé ^^'
    Je garde lequel ?
    a c 295 8 Sécurité
    18 Février 2010 22:39:47

  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel sur AntiVir.
    18 Février 2010 23:24:21

    Le scan est en cours...
    J'ai trouvé le virus dans le dossier "temp" impossible de le supprimer...
    a c 295 8 Sécurité
    19 Février 2010 00:04:18

    Ok ;) 
    19 Février 2010 00:14:02

    Alors il y a trois "alerte" pour Antivir et durant le scann, avast à détecté le virus dans le fichier "temp" au moins quatre ou cinq fois, à chaque fois j'ai fais "supprimer" ...



    Avira AntiVir Personal
    Date de création du fichier de rapport : jeudi 18 février 2010 23:08

    La recherche porte sur 1265407 souches de virus.

    Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
    Numéro de série : 0000149996-ADJIE-0000001
    Plateforme : Windows XP
    Version de Windows : (Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : 1
    Nom de l'ordinateur : RG-8E006ECD82E3

    Informations de version :
    BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:25:46
    AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
    LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
    VBASE001.VDF : 7.10.0.1 2048 Bytes 06/11/2009 06:35:56
    VBASE002.VDF : 7.10.0.2 2048 Bytes 06/11/2009 06:35:58
    VBASE003.VDF : 7.10.0.3 2048 Bytes 06/11/2009 06:36:02
    VBASE004.VDF : 7.10.0.4 2048 Bytes 06/11/2009 06:36:04
    VBASE005.VDF : 7.10.0.5 2048 Bytes 06/11/2009 06:36:08
    VBASE006.VDF : 7.10.0.6 2048 Bytes 06/11/2009 06:36:12
    VBASE007.VDF : 7.10.0.7 2048 Bytes 06/11/2009 06:36:16
    VBASE008.VDF : 7.10.0.8 2048 Bytes 06/11/2009 06:36:18
    VBASE009.VDF : 7.10.0.9 2048 Bytes 06/11/2009 06:36:22
    VBASE010.VDF : 7.10.0.10 2048 Bytes 06/11/2009 06:36:30
    VBASE011.VDF : 7.10.0.11 2048 Bytes 06/11/2009 06:36:34
    VBASE012.VDF : 7.10.0.12 2048 Bytes 06/11/2009 06:36:38
    VBASE013.VDF : 7.10.0.13 2048 Bytes 06/11/2009 06:36:40
    VBASE014.VDF : 7.10.0.14 2048 Bytes 06/11/2009 06:36:44
    VBASE015.VDF : 7.10.0.15 2048 Bytes 06/11/2009 06:36:46
    VBASE016.VDF : 7.10.0.16 2048 Bytes 06/11/2009 06:36:48
    VBASE017.VDF : 7.10.0.17 2048 Bytes 06/11/2009 06:36:50
    VBASE018.VDF : 7.10.0.18 2048 Bytes 06/11/2009 06:36:54
    VBASE019.VDF : 7.10.0.19 2048 Bytes 06/11/2009 06:36:56
    VBASE020.VDF : 7.10.0.20 2048 Bytes 06/11/2009 06:36:58
    VBASE021.VDF : 7.10.0.21 2048 Bytes 06/11/2009 06:37:00
    VBASE022.VDF : 7.10.0.22 2048 Bytes 06/11/2009 06:37:04
    VBASE023.VDF : 7.10.0.23 2048 Bytes 06/11/2009 06:37:06
    VBASE024.VDF : 7.10.0.24 2048 Bytes 06/11/2009 06:37:10
    VBASE025.VDF : 7.10.0.25 2048 Bytes 06/11/2009 06:37:12
    VBASE026.VDF : 7.10.0.26 2048 Bytes 06/11/2009 06:37:14
    VBASE027.VDF : 7.10.0.27 2048 Bytes 06/11/2009 06:37:16
    VBASE028.VDF : 7.10.0.28 2048 Bytes 06/11/2009 06:37:18
    VBASE029.VDF : 7.10.0.29 2048 Bytes 06/11/2009 06:37:20
    VBASE030.VDF : 7.10.0.30 2048 Bytes 06/11/2009 06:37:22
    VBASE031.VDF : 7.10.0.33 2048 Bytes 06/11/2009 06:37:24
    Version du moteur : 8.2.1.59
    AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52
    AESCRIPT.DLL : 8.1.2.43 528764 Bytes 08/11/2009 06:38:48
    AESCN.DLL : 8.1.2.5 127346 Bytes 08/11/2009 06:38:46
    AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44
    AERDL.DLL : 8.1.3.2 479604 Bytes 08/11/2009 06:38:42
    AEPACK.DLL : 8.2.0.3 422261 Bytes 08/11/2009 06:38:40
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38
    AEHEUR.DLL : 8.1.0.178 2093431 Bytes 08/11/2009 06:38:34
    AEHELP.DLL : 8.1.7.0 237940 Bytes 08/11/2009 06:38:30
    AEGEN.DLL : 8.1.1.71 364916 Bytes 08/11/2009 06:38:28
    AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26
    AECORE.DLL : 8.1.8.2 184694 Bytes 08/11/2009 06:38:24
    AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:13:31
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
    RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 15:58:32

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Lecteurs locaux
    Fichier de configuration......................: c:\program files\avira\antivir desktop\alldrives.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: ignorer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:, D:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: arrêt
    Recherche optimisée...........................: marche
    Fichier mode de recherche.....................: Tous les fichiers
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: élevé
    Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

    Début de la recherche : jeudi 18 février 2010 23:08

    La recherche d'objets cachés commence.
    Impossible d'initialiser le pilote.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avast.setup' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MpCmdRun.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ashWebSv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ashMaiSv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'VMCService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Tablet.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PSIService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'TabUserW.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msseces.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ashDisp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MobileConnect.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hphmon05.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hpwuSchd.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ashServ.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'aswUpdSv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MsMpEng.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '43' processus ont été contrôlés avec '43' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Le registre a été contrôlé ( '58' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\'
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Recherche débutant dans 'D:\'
    Impossible d'ouvrir le chemin à contrôler D:\ !
    Erreur système [21]: Le périphérique n'est pas prêt.


    Fin de la recherche : vendredi 19 février 2010 00:00
    Temps nécessaire: 51:21 Minute(s)

    La recherche a été effectuée intégralement

    4307 Les répertoires ont été contrôlés
    198597 Des fichiers ont été contrôlés
    0 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    0 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    3 Impossible de contrôler des fichiers
    198594 Fichiers non infectés
    1469 Les archives ont été contrôlées
    3 Avertissements
    1 Consignes


    a c 295 8 Sécurité
    19 Février 2010 00:33:01

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    O4 - Startup: C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe ()
    O15 - HKLM\..Trusted Domains: buy-security-essentials.com ([]http in Sites de confiance)
    O15 - HKLM\..Trusted Domains: get-key-se10.com ([]http in Sites de confiance)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: buy-security-essentials.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: download-soft-package.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: download-software-package.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: get-key-se10.com ([]http in Sites de confiance)
    O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Sites de confiance)
    [2010/02/17 21:41:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9645.exe
    [2010/02/17 21:21:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16232.exe
    [2010/02/17 20:51:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25141.exe
    [2010/02/17 20:31:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3333.exe
    [2010/02/17 20:11:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24070.exe
    [2010/02/17 19:51:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19155.exe
    [2010/02/17 19:31:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22213.exe
    [2010/02/17 18:53:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/02/17 18:33:02 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cqfyto.dat

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Run Fix en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    19 Février 2010 00:47:42

    All processes killed
    ========== OTL ==========
    File move failed. C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe scheduled to be moved on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
    C:\WINDOWS\system32\9645.exe moved successfully.
    C:\WINDOWS\system32\16232.exe moved successfully.
    C:\WINDOWS\system32\25141.exe moved successfully.
    C:\WINDOWS\system32\3333.exe moved successfully.
    C:\WINDOWS\system32\24070.exe moved successfully.
    C:\WINDOWS\system32\19155.exe moved successfully.
    C:\WINDOWS\system32\22213.exe moved successfully.
    C:\WINDOWS\system32\18467.exe moved successfully.
    C:\Documents and Settings\LocalService\Application Data\cqfyto.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 1
    ->Temp folder emptied: 286806059 bytes
    ->Temporary Internet Files folder emptied: 34714504 bytes
    ->Java cache emptied: 37870532 bytes
    ->FireFox cache emptied: 84323952 bytes

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 111230 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2134506 bytes
    %systemroot%\System32 .tmp files removed: 4528640 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 300544 bytes
    Windows Temp folder emptied: 24790519 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23464074 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1867100 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 478,00 mb


    OTL by OldTimer - Version 3.1.28.0 log created on 02192010_004111

    Files\Folders moved on Reboot...
    C:\Documents and Settings\1\Menu Démarrer\Programmes\Démarrage\monnid32.exe moved successfully.

    Registry entries deleted on Reboot...
    a c 295 8 Sécurité
    19 Février 2010 00:50:46

  • Refais un scan OTL et poste le rapport OTL.
    19 Février 2010 00:58:44

    OTL logfile created on: 19/02/2010 00:54:07 - Run 4
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\1\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 023,00 Mb Total Physical Memory | 488,00 Mb Available Physical Memory | 48,00% Memory free
    1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37,25 Gb Total Space | 16,78 Gb Free Space | 45,03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: RG-8E006ECD82E3
    Current User Name: 1
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\VideoLAN\VLC\vlc.exe ()
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\PSIService.exe ()
    PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)


    ========== Win32 Services (SafeList) ==========

    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe ()
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
    SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
    SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
    DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
    DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
    DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
    DRV - (EMCR) -- C:\WINDOWS\system32\drivers\EMCR7SK.sys (ENE Technology Inc.)
    DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 17:21:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 19:41:15 | 000,000,000 | ---D | M]

    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions
    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/02/18 20:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions
    [2010/02/15 19:41:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/02/18 20:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/16 09:19:14 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/01/16 09:19:14 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/16 09:19:14 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/09/22 15:59:50 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
    [2010/01/16 09:19:14 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2008/12/30 10:01:20 | 000,002,253 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xeoocom.xml
    [2010/01/16 09:19:14 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
    O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/Gam... (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/24 18:15:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/02/19 00:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/02/18 18:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Malwarebytes
    [2010/02/18 18:19:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/18 18:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/18 18:19:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/18 18:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/18 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
    [2010/02/18 17:05:38 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/02/18 11:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\PCHealth
    [2010/02/18 11:19:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/02/17 21:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2010/02/17 21:37:39 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2010/02/17 21:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/02/17 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
    [2010/02/17 18:57:47 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/17 18:45:36 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/02/17 18:45:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/02/17 18:45:35 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/02/17 18:45:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/02/17 18:45:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/02/17 18:40:07 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/02/15 18:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Hercules webcam
    [2010/02/15 18:57:00 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
    [2010/02/15 18:56:56 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
    [2010/02/15 18:56:54 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
    [2010/02/15 18:56:50 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
    [2010/02/15 18:56:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
    [2010/02/15 18:56:44 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
    [2010/02/15 18:56:41 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
    [2010/02/15 18:27:46 | 000,457,984 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
    [2010/02/15 18:27:46 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
    [2010/02/15 18:27:46 | 000,098,432 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\camfilt2.sys
    [2010/02/15 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
    [2010/02/15 18:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\HWC HD
    [2010/02/13 00:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Téléchargements
    [2010/02/10 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\DivX
    [2010/02/10 17:18:35 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
    [2010/02/10 17:18:35 | 000,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
    [2010/02/10 17:18:35 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
    [2010/02/10 17:18:35 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
    [2010/02/10 17:18:34 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
    [2010/02/10 17:18:34 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
    [2010/02/10 17:18:34 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
    [2010/02/10 17:18:34 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
    [2010/02/10 17:18:34 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
    [2010/02/10 17:18:34 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
    [2010/02/10 17:18:34 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
    [2010/02/10 17:18:34 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
    [2010/02/10 17:18:34 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
    [2010/02/10 17:18:34 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
    [2010/02/10 17:18:34 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
    [2010/02/10 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
    [2010/02/10 17:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/01/23 15:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\FreeAudioPack
    [2009/09/10 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/09/08 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
    [2009/08/24 18:19:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/02/19 00:50:17 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/02/19 00:49:37 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/19 00:44:33 | 000,000,335 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2010/02/19 00:44:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/19 00:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/19 00:43:13 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\1\NTUSER.DAT
    [2010/02/19 00:42:48 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
    [2010/02/18 22:51:46 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/18 11:52:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/17 21:29:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/17 18:57:47 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/10 17:23:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2010/02/18 11:11:01 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/17 21:37:22 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/15 18:27:46 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
    [2010/02/15 18:27:21 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
    [2010/01/19 14:21:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/11/24 17:30:15 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/14 11:02:53 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/29 14:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/10/29 14:35:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
    [2009/10/27 18:58:07 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2009/08/24 18:33:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/24 18:33:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/24 18:33:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/24 18:33:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/24 18:25:41 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/03/23 07:14:20 | 000,138,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
    [2009/02/17 15:23:44 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

    ========== LOP Check ==========

    [2009/10/29 20:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\e frontier
    [2010/01/23 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\FreeAudioPack
    [2010/02/13 17:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\LimeWire
    [2010/01/07 19:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Usenet.nl
    [2009/09/08 16:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Vodafone
    [2009/10/29 14:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2009/10/29 14:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/09/08 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
    [2010/02/19 00:49:37 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========


    < End of report >
    a c 295 8 Sécurité
    19 Février 2010 01:02:30

    Tu as gardé Avast finalement ?

    Tu peux me faire parvenir le rapport Extras ?
    19 Février 2010 01:03:26

    le rapport extra... ?
    a c 295 8 Sécurité
    19 Février 2010 01:13:27

    Il est dans : C:\Documents and Settings\1\Mes documents\Téléchargements ?
    19 Février 2010 01:19:28

    Est ce ça ?

    OTL logfile created on: 19/02/2010 00:58:31 - Run 4
    OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\1\Mes documents\Téléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1 023,00 Mb Total Physical Memory | 454,00 Mb Available Physical Memory | 44,00% Memory free
    1,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37,25 Gb Total Space | 16,78 Gb Free Space | 45,03% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: RG-8E006ECD82E3
    Current User Name: 1
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\VideoLAN\VLC\vlc.exe ()
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\PSIService.exe ()
    PRC - C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
    PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\1\Mes documents\Téléchargements\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe ()
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
    SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
    SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
    SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
    DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
    DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
    DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
    DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
    DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation)
    DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
    DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
    DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
    DRV - (EMCR) -- C:\WINDOWS\system32\drivers\EMCR7SK.sys (ENE Technology Inc.)
    DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.)
    DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (PenClass) -- C:\WINDOWS\system32\Drivers\PenClass.sys (Wacom Technology Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xeoo.com/?p=h&a=f
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 17:21:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/15 19:41:15 | 000,000,000 | ---D | M]

    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions
    [2009/12/06 10:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/02/18 20:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions
    [2010/02/15 19:41:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\g83x2l90.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/02/18 20:53:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/01/16 09:19:14 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/01/16 09:19:14 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/01/16 09:19:14 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
    [2009/09/22 15:59:50 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
    [2010/01/16 09:19:14 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2008/12/30 10:01:20 | 000,002,253 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\xeoocom.xml
    [2010/01/16 09:19:14 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

    O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
    O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/Gam... (UnoCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-wind... (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/24 18:15:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d56-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell - "" = AutoRun
    O33 - MountPoints2\{91393d57-9c89-11de-b4c3-00904b9ff1b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/02/19 00:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/02/18 18:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\Malwarebytes
    [2010/02/18 18:19:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/02/18 18:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/02/18 18:19:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/02/18 18:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/02/18 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
    [2010/02/18 17:05:38 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/02/18 11:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Local Settings\Application Data\PCHealth
    [2010/02/18 11:19:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/02/17 21:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2010/02/17 21:37:39 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2010/02/17 21:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/02/17 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
    [2010/02/17 18:57:47 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/17 18:45:36 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/02/17 18:45:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/02/17 18:45:35 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/02/17 18:45:35 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/02/17 18:45:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/02/17 18:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/02/17 18:40:07 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
    [2010/02/17 18:36:46 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2010/02/15 19:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/02/15 18:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Hercules webcam
    [2010/02/15 18:57:00 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
    [2010/02/15 18:56:56 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
    [2010/02/15 18:56:54 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
    [2010/02/15 18:56:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
    [2010/02/15 18:56:50 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
    [2010/02/15 18:56:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
    [2010/02/15 18:56:44 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
    [2010/02/15 18:56:41 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
    [2010/02/15 18:56:31 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
    [2010/02/15 18:56:25 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
    [2010/02/15 18:56:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
    [2010/02/15 18:27:46 | 000,457,984 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PAC7302.SYS
    [2010/02/15 18:27:46 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP7302.AX
    [2010/02/15 18:27:46 | 000,098,432 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\camfilt2.sys
    [2010/02/15 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
    [2010/02/15 18:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\HWC HD
    [2010/02/13 00:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Mes documents\Téléchargements
    [2010/02/10 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\DivX
    [2010/02/10 17:18:35 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
    [2010/02/10 17:18:35 | 000,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
    [2010/02/10 17:18:35 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
    [2010/02/10 17:18:35 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
    [2010/02/10 17:18:34 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
    [2010/02/10 17:18:34 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
    [2010/02/10 17:18:34 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
    [2010/02/10 17:18:34 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
    [2010/02/10 17:18:34 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
    [2010/02/10 17:18:34 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
    [2010/02/10 17:18:34 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
    [2010/02/10 17:18:34 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
    [2010/02/10 17:18:34 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
    [2010/02/10 17:18:34 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
    [2010/02/10 17:18:34 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
    [2010/02/10 17:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
    [2010/02/10 17:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/01/23 15:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Application Data\FreeAudioPack
    [2009/09/10 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009/09/08 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
    [2009/08/24 18:19:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009/08/24 18:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010/02/19 00:50:17 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/02/19 00:49:37 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/19 00:44:33 | 000,000,335 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
    [2010/02/19 00:44:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/19 00:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/02/19 00:43:13 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\1\NTUSER.DAT
    [2010/02/19 00:42:48 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
    [2010/02/18 22:51:46 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/18 11:52:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/17 21:29:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/02/17 18:57:47 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\zpzut.sys
    [2010/02/10 17:23:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2010/02/18 11:11:01 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2010/02/17 21:37:22 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/02/15 18:27:46 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
    [2010/02/15 18:27:21 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
    [2010/01/19 14:21:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2009/11/24 17:30:15 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/11/14 11:02:53 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/29 14:37:56 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/10/29 14:35:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
    [2009/10/27 18:58:07 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
    [2009/08/24 18:33:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/24 18:33:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/24 18:33:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/24 18:33:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/24 18:33:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/24 18:25:41 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/03/23 07:14:20 | 000,138,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
    [2009/02/17 15:23:44 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
    < End of report >
    a c 295 8 Sécurité
    19 Février 2010 01:21:07

    Non, ça, c'est le rapport OTL.
    19 Février 2010 01:31:25

    Il n'y a pas d'extra :s
    Juste le rapport OTL ...
    a c 295 8 Sécurité
    19 Février 2010 02:06:47

    Bon.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\Rsit.
    19 Février 2010 15:20:23

    Oui !!! Mon pc se porte super bien ^^
    Mon fond d'écran est revenu, plus de message comme quoi certains logiciels sont "contaminée", plus d'internet qui rame.... bref ça va ^^
    Je ferai les mises à jour ^^
    Mon pc est sauvé ou pas encore ?
    a c 295 8 Sécurité
    19 Février 2010 15:34:03

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    19 Février 2010 22:21:10

    Bonsoir ^^


    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Rsit: trouvé !
    C:\Documents and Settings\1\Mes documents\Téléchargements\Rsit.exe: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    a c 295 8 Sécurité
    19 Février 2010 22:42:04

    Tu as cliqué sur Suppression ?
    19 Février 2010 23:21:29

    Oui tout est partit. J'ai gardé malware
    a c 295 8 Sécurité
    19 Février 2010 23:46:33

    Ok ;) 

    Des questions ?
    20 Février 2010 12:31:05

    Beuh... j crois que c'est bon ^^
    Merci beaucoup !
    Je ne sais pas ce que j'aurais fais sans votre aide :D 
    Je marque le sujet resolu.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS