Votre question

[Résolu] Malware Defenseur help!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Janvier 2010 21:28:58

Bonjour à tous !

Comme beaucoup ici, j'ai reussi à faire fi de la grippe A mais c'est malware Defenseur qui a fauché mon ordinateur portable.

Alerté j'ai lancé Avast des que j'ai vu les premiers symptomes, malheureusement il c'est averé être d'un bien pietre secours...

J'ai effectué quelques recherches et je suis arrivé ici ou j'ai vu que de nombreux internautes avaient été sauvés du desastre du formatage.

J'ai entrepris d'installer MBAM et AntiVir mais sans succes, lorsque je clique sur mbam-setup.exe il ne se passe rien ...
antiVir a reussi à s'installer mais c'est l'agent de nettoyage que je n'arrive pas a executer ...

Aidez moi ...

Merci d'avance !

Autres pages sur : resolu malware defenseur help

6 Janvier 2010 21:46:44



Bonjour,

J'ai eu le meme probleme que toi il y a peu de temps. Pour gagner du temps, les Helpers vont te demander de faire le rapport suivant ;)  Bonne chance

* Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
* Double-clique sur RSIT.exe afin de lancer le programme.

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit.
6 Janvier 2010 21:48:57

Merci pour cette reponse rapide :) 

Ci joint le log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by TheScientist at 2010-01-06 21:41:55
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (17%) free of 73 GB
Total RAM: 1918 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:07, on 06/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TheScientist\Bureau\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\trend micro\TheScientist.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?chann...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?chann...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?chann...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\settdebugx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: VPro530.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3210D6A3-3558-4E57-8CB0-4125EC6E3A1C}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12260 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe [2007-01-17 152144]
"dscactivate"=c:\dell\dsca.exe [2007-07-30 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe [2003-05-23 24576]
"MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-04 32768]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2003-05-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe [2003-05-23 53248]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-03 486856]
"Steam"=C:\Program Files\Valve\Steam\Steam.exe [2009-11-14 1217808]
"settdebugx.exe"=C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\settdebugx.exe []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
VPro530.lnk - C:\WINDOWS\VPro530.exe

C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5340e24e-e8fb-11dc-860e-001c23b6ef5a}]
shell\AutoRun\command - nelkvosp.exe
shell\explore\command - nelkvosp.exe
shell\open\command - nelkvosp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f0d0fb-a4a1-11dc-8572-001c23b6ef5a}]
shell\AutoRun\command - nelkvosp.exe
shell\explore\command - nelkvosp.exe
shell\open\command - nelkvosp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd96d074-b093-11dd-86be-001c23b6ef5a}]
shell\AutoRun\command - ovcogoty.exe
shell\explore\command - ovcogoty.exe
shell\open\command - ovcogoty.exe


======List of files/folders created in the last 1 months======

2010-01-06 21:41:56 ----D---- C:\Program Files\trend micro
2010-01-06 21:41:55 ----D---- C:\rsit
2010-01-06 21:04:00 ----D---- C:\Program Files\Avira
2010-01-06 21:04:00 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-01-06 19:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-06 19:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-06 19:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-06 19:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-06 19:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-06 19:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-27 23:06:02 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-27 23:05:59 ----D---- C:\Program Files\Alwil Software
2009-12-27 22:05:47 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-27 22:04:07 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-13 19:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-13 19:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-13 19:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-13 19:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-13 19:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

======List of files/folders modified in the last 1 months======

2010-01-06 21:41:56 ----RD---- C:\Program Files
2010-01-06 21:40:10 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 21:18:53 ----D---- C:\WINDOWS
2010-01-06 21:18:07 ----D---- C:\WINDOWS\system32
2010-01-06 21:18:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-06 21:14:09 ----D---- C:\Documents and Settings\TheScientist\Application Data\OpenOffice.org2
2010-01-06 21:13:27 ----D---- C:\WINDOWS\Temp
2010-01-06 21:13:21 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-01-06 21:12:53 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 21:11:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 21:04:09 ----HD---- C:\WINDOWS\inf
2010-01-06 21:02:58 ----SHD---- C:\WINDOWS\Installer
2010-01-06 21:02:57 ----D---- C:\WINDOWS\WinSxS
2010-01-06 19:55:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-06 19:55:11 ----A---- C:\WINDOWS\imsins.BAK
2010-01-06 19:54:55 ----D---- C:\Program Files\Internet Explorer
2010-01-06 19:54:24 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-06 19:53:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-27 23:11:55 ----D---- C:\WINDOWS\system32\config
2009-12-27 22:41:08 ----D---- C:\WINDOWS\Prefetch
2009-12-27 19:40:42 ----D---- C:\Program Files\Full Tilt Poker
2009-12-13 19:14:23 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-01-09 107608]
R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9432]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-15 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-03-25 46455]
S3 ad3h07z2;ad3h07z2; C:\WINDOWS\system32\drivers\ad3h07z2.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 iatmunin;iatmunin; \??\C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys []
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 phaudlwr;Philips Audio Filter; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPC530;Philips SPC530NC PC Camera; C:\WINDOWS\system32\drivers\SPC530.sys [2008-05-21 486912]
S3 SPC530m;Philips SPC530NC PC Cameram; C:\WINDOWS\system32\drivers\SPC530m.sys [2008-05-21 7680]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe [2007-01-09 540776]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe [2007-01-15 248416]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
S2 McNASvc;McAfee Network Agent; c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
S2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-01-19 352856]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-12-22 144960]
S2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-01-15 839720]
S2 MPS9;McAfee Privacy Service; C:\PROGRA~1\McAfee\MPS\mps.exe [2007-01-23 906792]
S2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-01-17 29264]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe [2007-01-12 341584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 wampapache;wampapache; c:\wamp\apache2\bin\httpd.exe [2007-01-10 20539]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 5730304]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Contenus similaires
6 Janvier 2010 22:12:39

Bon je continue à t'aider puisque apparemment aucun Helper ne t'a encore pris sous son aile ^^

Ok, Alors tu vas couper Avast et Antivir. (En passant, il ne sert a rien d'avoir plusieurs Antivirus) et toutes les autres protections.

* Télécharge ComboFix (sUBs) sur ton Bureau.
* Clique droit sur ComboFix.exe, rennome le en "Town.exe", (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur,
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
6 Janvier 2010 22:23:16

Bonsoir tous les deux :) 

Gabdown, je sais que ça part d'un bon sentiment mais seuls les helpers confirmés sont autorisés à utiliser ComboFix qui est un outil très puissant. Il peut s'avérer dangereux.
De plus, les rapports ne sont pas simples du tout à analyser. C'est pour ç qu'on n'utilise pas ce tools à tous les coups. :) 

Merci de ne pas refaire faire ce genre de choses aux personnes qui viennent se faire désinfecter même si (je me répète) je sais que tu veux rendre service. ;O)

Town34, maintenant que c'est fait, poste ton rapport. :) 
6 Janvier 2010 22:28:57

J'en suis vraiment désolé je pensais bien faire ... ;)  Je vous laisse alors. Simple curiosité, vous auriez utilisé quel tool alors ? :) 

Bonne soirée a vous.
6 Janvier 2010 23:22:22

Merci sincerement pour votre aide à tous :) 

Donc j'ai enfin fini l'execution de ComboFix ( qui a demarré et redemarré plusieurs fois)

Voila le log.txt

ComboFix 10-01-04.01 - TheScientist 06/01/2010 23:03:55.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1918.1412 [GMT 1:00]
Lancé depuis: c:\documents and settings\TheScientist\Bureau\town.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\H8SRTfaoetltnkr.sys
c:\windows\system32\H8SRTgixurqxdqp.dll
c:\windows\system32\H8SRTmrdyhmbbib.dll
c:\windows\system32\H8SRTpultewftow.dll
c:\windows\system32\H8SRTulpjbpjejg.dat
c:\windows\system32\rnaph.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-06 au 2010-01-06 ))))))))))))))))))))))))))))))))))))
.

2010-01-06 20:41 . 2010-01-06 20:42 -------- d-----w- c:\program files\trend micro
2010-01-06 20:41 . 2010-01-06 20:42 -------- d-----w- C:\rsit
2010-01-06 20:04 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-06 20:04 . 2009-03-24 15:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-06 20:04 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-06 20:04 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-06 20:04 . 2010-01-06 20:04 -------- d-----w- c:\program files\Avira
2010-01-06 20:04 . 2010-01-06 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-27 22:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-27 22:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-27 22:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-27 22:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-27 22:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-27 22:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-27 22:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-27 22:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-27 22:06 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-27 22:05 . 2009-12-27 22:05 -------- d-----w- c:\program files\Alwil Software
2009-12-27 21:05 . 2010-01-06 18:52 891 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-13 16:59 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 22:15 . 2007-12-01 10:10 -------- d-----w- c:\documents and settings\TheScientist\Application Data\OpenOffice.org2
2010-01-06 22:08 . 2004-08-19 13:03 86712 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-06 22:08 . 2004-08-19 13:03 515286 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-06 21:39 . 2007-11-17 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-27 18:40 . 2008-10-29 20:52 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-29 05:20 . 2004-08-19 13:03 672768 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:03 . 2004-08-19 13:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-19 13:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-19 13:03 267776 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:52 . 2004-08-19 13:03 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:52 . 2004-08-19 13:03 113152 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2009-11-14 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2003-05-23 24576]
"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2003-05-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\TheScientist\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-17 24576]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-13 954475]
VPro530.lnk - c:\windows\VPro530.exe [2009-2-7 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/12/2009 23:06 114768]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [16/12/2007 18:28 53760]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/01/2010 21:04 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/12/2009 23:06 20560]
S3 iatmunin;iatmunin;\??\c:\docume~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys [?]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [07/02/2009 17:25 88704]
S3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [07/02/2009 17:25 486912]
S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [07/02/2009 17:25 7680]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/01/2008 15:19 715248]
.
Contenu du dossier 'Tâches planifiées'

2010-01-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {3210D6A3-3558-4E57-8CB0-4125EC6E3A1C} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\TheScientist\Application Data\Mozilla\Firefox\Profiles\ysqnar5v.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-ECLiPSe 5.10 - c:\program files\ECLiPSe 5.10\uninst-eclipse.exe
AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 23:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\wdfmgr.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Heure de fin: 2010-01-06 23:20:07 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-06 22:20

Avant-CF: 14 350 409 728 octets libres
Après-CF: 14 804 938 752 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 242E3DCF230B60B9CBF0FF935D621364
7 Janvier 2010 18:59:49

Bonsoir
Relance MBAM, il devrait marcher cette fois ci ;O)

poste le rapport stp

@Gabdown, je sais pas, j'aurai réfléchi avant ;) 
10 Janvier 2010 20:09:52

ReBonjour à tous, et merci encore pour votre aide precieuse.

Je viens de lancer MBAM, voici le log.

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3535
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/01/2010 20:06:52
mbam-log-2010-01-10 (20-06-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 268944
Temps écoulé: 1 hour(s), 10 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTgixurqxdqp.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTmrdyhmbbib.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTpultewftow.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTfaoetltnkr.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0025331.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0025332.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0025333.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0025334.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP104\A0025423.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\malware Defense\Uninstall Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\TheScientist\Bureau\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
10 Janvier 2010 21:22:51

Bonsoir
reposte un rapport RSIT
Comment se comporte ton pc?
10 Janvier 2010 21:35:42

pour l'instant il a l'air de se comporter bien, mais je fais tres peu de choses, je suis psycologiquement en convalescence xD

Je relance donc RSIT et je reviens vers vous.

Merci :) 
10 Janvier 2010 21:53:54

Je viens de ralancer RSIT (c'est bien comboFix c'est ca ? )

Et voici le rapport que j'obtiens :

ComboFix 10-01-04.01 - TheScientist 10/01/2010 21:41:54.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1918.1425 [GMT 1:00]
Lancé depuis: c:\documents and settings\TheScientist\Bureau\town.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-10 au 2010-01-10 ))))))))))))))))))))))))))))))))))))
.

2010-01-10 17:53 . 2010-01-10 17:53 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 17:52 . 2010-01-10 17:52 -------- d-----w- c:\documents and settings\TheScientist\Application Data\Malwarebytes
2010-01-10 17:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 17:51 . 2010-01-10 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 17:51 . 2010-01-10 17:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 17:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 20:41 . 2010-01-06 20:42 -------- d-----w- c:\program files\trend micro
2010-01-06 20:41 . 2010-01-06 20:42 -------- d-----w- C:\rsit
2010-01-06 20:04 . 2010-01-06 22:33 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-06 20:04 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-06 20:04 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-06 20:04 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-06 20:04 . 2010-01-06 20:04 -------- d-----w- c:\program files\Avira
2010-01-06 20:04 . 2010-01-06 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-27 22:05 . 2009-12-27 22:05 -------- d-----w- c:\program files\Alwil Software
2009-12-13 16:59 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 20:42 . 2004-08-19 13:03 515286 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-10 20:42 . 2004-08-19 13:03 86712 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-10 20:39 . 2007-12-01 10:10 -------- d-----w- c:\documents and settings\TheScientist\Application Data\OpenOffice.org2
2010-01-06 21:39 . 2007-11-17 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-27 18:40 . 2008-10-29 20:52 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-29 05:20 . 2004-08-19 13:03 672768 ------w- c:\windows\system32\wininet.dll
2009-10-21 06:03 . 2004-08-19 13:03 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:03 . 2004-08-19 13:03 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:52 . 2004-08-19 13:03 267776 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"Steam"="c:\program files\Valve\Steam\Steam.exe" [2009-11-14 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2003-05-23 24576]
"MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2003-05-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\TheScientist\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-17 24576]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-13 954475]
VPro530.lnk - c:\windows\VPro530.exe [2009-2-7 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [16/12/2007 18:28 53760]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [06/01/2010 21:04 108289]
S3 iatmunin;iatmunin;\??\c:\docume~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys [?]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [07/02/2009 17:25 88704]
S3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [07/02/2009 17:25 486912]
S3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [07/02/2009 17:25 7680]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/01/2008 15:19 715248]
.
Contenu du dossier 'Tâches planifiées'

2010-01-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {3210D6A3-3558-4E57-8CB0-4125EC6E3A1C} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\TheScientist\Application Data\Mozilla\Firefox\Profiles\ysqnar5v.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 21:48
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-01-10 21:49:35
ComboFix-quarantined-files.txt 2010-01-10 20:49
ComboFix2.txt 2010-01-06 22:20

Avant-CF: 15 368 605 696 octets libres
Après-CF: 15 344 754 688 octets libres

- - End Of File - - 32D13D61BC77BEA47657D42EB5CF90F8



Question, lorsque on vous affiche les rapports hijackthis, comboFix ou malware, quels sont les elements que vous recherchez. Tout ca m'interesse assez :) 

Merci pour tout en cas, sans vous je pense que j'aurais formaté et lamentablement perdu toutes mes données.

Je croise les doigts pour que tout soit maintenant reparé :) 
10 Janvier 2010 22:03:11

re
non, RSIT, c'est RSIT, tu l'as fait en début de procédure:
Random's System Information Tool (RSIT) demandé par gabdown

Citation :
Question, lorsque on vous affiche les rapports hijackthis, comboFix ou malware, quels sont les elements que vous recherchez. Tout ca m'interesse assez :) 

tout ce qui peut paraitre curieux dans les rapports, les fichiers qu'on n'a pas en tête, les drivers, les clés de registre, bref, c'est assez indigeste à lire, d'où le fait que je demande à gabdown de ne pas faire utiliser ces outils. ;O)
10 Janvier 2010 22:08:04

Hum je vois, donc cette étude des rapports se basent sur votre oeil d'expert. On peut pas vraiment tiré de grandes regles qu'on pourrait systematique appliqués...
Ok.

En ce qui concerne RSIT voici le log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by TheScientist at 2010-01-10 22:06:35
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 15 GB (20%) free of 73 GB
Total RAM: 1918 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:39, on 10/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TheScientist\Bureau\RSIT.exe
C:\Program Files\trend micro\TheScientist.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=f...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&client=dell-row&chan...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: VPro530.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3210D6A3-3558-4E57-8CB0-4125EC6E3A1C}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10008 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"RoxWatchTray"=C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]
"dscactivate"=c:\dell\dsca.exe [2007-07-30 16384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe [2003-05-23 24576]
"MessagerStarter Wanadoo"=C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-04 32768]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2003-05-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe [2003-05-23 53248]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-03 486856]
"Steam"=C:\Program Files\Valve\Steam\Steam.exe [2009-11-14 1217808]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
VPro530.lnk - C:\WINDOWS\VPro530.exe

C:\Documents and Settings\TheScientist\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-16 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-01-10 21:49:37 ----D---- C:\WINDOWS\temp
2010-01-10 21:49:36 ----A---- C:\ComboFix.txt
2010-01-10 18:52:09 ----D---- C:\Documents and Settings\TheScientist\Application Data\Malwarebytes
2010-01-10 18:51:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-10 18:51:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-06 22:48:31 ----A---- C:\Boot.bak
2010-01-06 22:48:26 ----RASHD---- C:\cmdcons
2010-01-06 22:45:46 ----A---- C:\WINDOWS\zip.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\SWSC.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\SWREG.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\sed.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\PEV.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\MBR.exe
2010-01-06 22:45:46 ----A---- C:\WINDOWS\grep.exe
2010-01-06 22:45:38 ----D---- C:\WINDOWS\ERDNT
2010-01-06 22:18:59 ----D---- C:\Qoobox
2010-01-06 21:41:56 ----D---- C:\Program Files\trend micro
2010-01-06 21:41:55 ----D---- C:\rsit
2010-01-06 21:04:00 ----D---- C:\Program Files\Avira
2010-01-06 21:04:00 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-01-06 19:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-06 19:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-06 19:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-06 19:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-06 19:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-06 19:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-27 23:05:59 ----D---- C:\Program Files\Alwil Software
2009-12-27 22:04:07 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-13 19:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-13 19:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-13 19:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-13 19:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-13 19:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

======List of files/folders modified in the last 1 months======

2010-01-10 22:06:37 ----D---- C:\WINDOWS\Prefetch
2010-01-10 21:51:41 ----D---- C:\Program Files\Mozilla Firefox
2010-01-10 21:49:37 ----D---- C:\WINDOWS
2010-01-10 21:48:04 ----A---- C:\WINDOWS\system.ini
2010-01-10 21:45:46 ----D---- C:\WINDOWS\system32\drivers
2010-01-10 21:45:46 ----D---- C:\WINDOWS\system32
2010-01-10 21:45:46 ----D---- C:\WINDOWS\AppPatch
2010-01-10 21:45:40 ----D---- C:\Program Files\Fichiers communs
2010-01-10 21:42:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-10 21:41:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-10 21:41:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 21:39:26 ----D---- C:\Documents and Settings\TheScientist\Application Data\OpenOffice.org2
2010-01-10 21:37:52 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-01-10 20:06:52 ----RD---- C:\Program Files
2010-01-06 23:04:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-06 22:59:20 ----D---- C:\WINDOWS\system32\config
2010-01-06 22:48:31 ----RASH---- C:\boot.ini
2010-01-06 22:39:39 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-01-06 22:22:05 ----SD---- C:\WINDOWS\Tasks
2010-01-06 21:04:09 ----HD---- C:\WINDOWS\inf
2010-01-06 21:02:58 ----SHD---- C:\WINDOWS\Installer
2010-01-06 21:02:57 ----D---- C:\WINDOWS\WinSxS
2010-01-06 19:55:11 ----A---- C:\WINDOWS\imsins.BAK
2010-01-06 19:54:55 ----D---- C:\Program Files\Internet Explorer
2010-01-06 19:54:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-27 19:40:42 ----D---- C:\Program Files\Full Tilt Poker
2009-12-13 19:14:23 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-06 28520]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-06 56816]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9432]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-16 1777152]
R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 catchme;catchme; \??\C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-15 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-03-25 46455]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2003-03-27 127145]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 iatmunin;iatmunin; \??\C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\iatmunin.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\THESCI~1\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 phaudlwr;Philips Audio Filter; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPC530;Philips SPC530NC PC Camera; C:\WINDOWS\system32\drivers\SPC530.sys [2008-05-21 486912]
S3 SPC530m;Philips SPC530NC PC Cameram; C:\WINDOWS\system32\drivers\SPC530m.sys [2008-05-21 7680]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-01-10 715248]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-06 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-06 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-16 430080]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S2 McNASvc;McAfee Network Agent; c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe []
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe []
S2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe []
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 wampapache;wampapache; c:\wamp\apache2\bin\httpd.exe [2007-01-10 20539]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 5730304]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
10 Janvier 2010 22:18:23

réactive ton antivirus McAfee, je n'ai pas l'impression qu'il tourne...

Supprime tous les programmes installés pour la désinfection.


Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

:hello: 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS