Votre question

[Résolu] Redirections vers des sites publicitaires depuis Google

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Octobre 2009 18:19:20

Bonjour,

Lorsque je clique sur des liens vers des sites web (sous Firefox) dans Google je suis redirigé vers des sites publicitaires. J'ai effectué une analyse antivirus (NOD32) et nettoyé avec Ccleaner et TuneUp, sans succès. Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:48, on 19/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\hp\Bureau\hijackthis-2.0.2.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\hijackthis-2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7770 bytes

Autres pages sur : resolu redirections vers sites publicitaires google

a c 296 8 Sécurité
a b 9 Windows
19 Octobre 2009 18:26:53

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    19 Octobre 2009 18:29:42

    Voici le contenu de log.txt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:13:48, on 19/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Documents and Settings\hp\Bureau\hijackthis-2.0.2.exe
    C:\DOCUME~1\hp\LOCALS~1\Temp\hijackthis-2.0.2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
    O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O11 - Options group: [java_sun] Java (Sun)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
    O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 7770 bytes



    Et voici le contenu de info.txt:

    info.txt logfile of random's system information tool 1.06 2009-10-19 18:28:22

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Reader 8.1.6 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Advanced RAR Repair v1.0-->C:\PROGRA~1\ARAR\UNWISE.EXE C:\PROGRA~1\ARAR\INSTALL.LOG
    Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
    Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x40c -uninst
    ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Audacity 1.3.3 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
    AVI/MPEG/RM/WMV Joiner 4.81-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
    AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
    AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
    Call of Duty - United Offensive-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
    Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
    Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
    Canon MP240 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x000c
    Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
    Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
    Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
    CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x40c
    CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x40c
    Capturino 1.4-->C:\Program Files\Capturino 1.4\Uninstal.exe
    CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
    ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
    CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
    CleanMyPC - Registry Cleaner-->"C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
    CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
    DVDInfoPro-->C:\WINDOWS\unvise32.exe C:\Program Files\DvdinfoPro\uninstal.log
    ESET NOD32 Antivirus-->MsiExec.exe /I{D63BE135-E5A0-41D3-889A-6F28A3C4C531}
    FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    Free MOV 2 AVI -->C:\Program Files\Free MOV 2 AVI\uninst.exe
    Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
    Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
    GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    HijackThis 2.0.2-->"C:\DOCUME~1\hp\LOCALS~1\Temp\HijackThis.exe" /uninstall
    HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
    HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
    HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
    HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP User Guides 0036-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4180B60-0239-48DE-89EF-2CE4C3650A71}\Setup.exe" -l0x40c -removeonly
    HP Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}\setup.exe" -l0x9 -removeonly
    HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
    Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
    Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
    Matroska Playback Pack-->C:\Program Files\Matroska Playback Pack\uninstall.exe
    MDI viewer 0.1-->"C:\Program Files\MDIviewer\unins000.exe"
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    NetMeter 1.1.3-->"C:\Program Files\NetMeter\unins000.exe"
    NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
    Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
    Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
    OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
    Package de pilotes Windows - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\usbvm326_49CA82027FB353A22BAC4204862D30BB8A51CBB7\usbvm326.inf
    Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
    QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
    Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SFV Checker-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}\setup.exe"
    Sina Web TV-->C:\PROGRA~1\sina\SINAWE~1\307~1.1\UNWISE.EXE C:\PROGRA~1\sina\SINAWE~1\307~1.1\Install.LOG
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
    SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
    SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
    SopCast 1.1.1-->C:\Program Files\SopCast\uninst.exe
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Stream Torrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe"
    SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
    TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    TVUPlayer 2.4.8.1-->C:\Program Files\TVUPlayer\uninst.exe
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    UUSee ÍøÂçµçÊÓ [4.4.801.53]-->C:\Program Files\uusee\uninst.exe
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    Veetle TV 0.9.15-->C:\Program Files\Veetle\UninstallVeetleTV.exe
    Video Converter Studio V2.0.2-->"C:\Program Files\Apowersoft\Video Converter Studio\unins000.exe"
    Virtualis Crédit Mutuel-->C:\Program Files\Virtualis\Désinstallation Virtualis Crédit Mutuel
    VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

    ======Hosts File======

    127.0.0.1
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com

    ======Security center information======

    AV: BitDefender Antivirus (disabled)
    AV: Norton Internet Security 2006 (outdated)
    AV: Kaspersky Anti-Virus (disabled) (outdated)
    AV: ESET NOD32 Antivirus 3.0
    FW: BitDefender Firewall (disabled)
    FW: Norton Internet Security 2006

    ======System event log======

    Computer Name: MASHENKA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

    Record Number: 40645
    Source Name: Cdrom
    Time Written: 20090817185145.000000+120
    Event Type: Avertissement
    User:

    Computer Name: MASHENKA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

    Record Number: 40644
    Source Name: Cdrom
    Time Written: 20090817185145.000000+120
    Event Type: Avertissement
    User:

    Computer Name: MASHENKA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

    Record Number: 40643
    Source Name: Cdrom
    Time Written: 20090817185144.000000+120
    Event Type: Avertissement
    User:

    Computer Name: MASHENKA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

    Record Number: 40642
    Source Name: Cdrom
    Time Written: 20090817185144.000000+120
    Event Type: Avertissement
    User:

    Computer Name: MASHENKA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

    Record Number: 40641
    Source Name: Cdrom
    Time Written: 20090817185144.000000+120
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: MASHENKA
    Event Code: 1
    Message:
    Record Number: 15136
    Source Name: nview_info
    Time Written: 20091012180155.000000+120
    Event Type: erreur
    User:

    Computer Name: MASHENKA
    Event Code: 1
    Message:
    Record Number: 15135
    Source Name: nview_info
    Time Written: 20091012180154.000000+120
    Event Type: erreur
    User:

    Computer Name: MASHENKA
    Event Code: 1
    Message:
    Record Number: 15134
    Source Name: nview_info
    Time Written: 20091012180154.000000+120
    Event Type: erreur
    User:

    Computer Name: MASHENKA
    Event Code: 1
    Message:
    Record Number: 15133
    Source Name: nview_info
    Time Written: 20091012180154.000000+120
    Event Type: erreur
    User:

    Computer Name: MASHENKA
    Event Code: 1
    Message:
    Record Number: 15132
    Source Name: nview_info
    Time Written: 20091012180154.000000+120
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Satsuki Decoder Pack\filtres;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PCTYPE"=PAVILION
    "PLATFORM"=MCD
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Contenus similaires
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 18:38:32

    Pour le rapport log, tu m'as juste mis le rapport HijackThis donc il n'est pas complet.
    19 Octobre 2009 18:40:55

    Pardon, voilà tout le contenu du fichier log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by hp at 2009-10-19 18:39:43
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (10%) free of 87 GB
    Total RAM: 2046 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:02, on 19/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\hp\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\hp.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
    O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8708] command.com /c del "C:\WINDOWS\system32\lqqwyxex.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2896] cmd.exe /c del "C:\WINDOWS\system32\lqqwyxex.dll"
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O11 - Options group: [java_sun] Java (Sun)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
    O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Intel\Intel.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 7803 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15f75187-3c68-4a04-9f42-7da15ded5067}]
    c:\windows\system32\yzrcruf.dll [2006-03-25 104448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
    DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
    "RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
    "nwiz"=nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingA8708"=command.com /c del C:\WINDOWS\system32\lqqwyxex.dll []
    "SpybotDeletingC2896"=cmd.exe /c del C:\WINDOWS\system32\lqqwyxex.dll []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
    "NetMeter"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
    C:\Documents and Settings\hp\Application Data\Microsoft\Installer\{EADA929D-7AEA-462C-AB1A-4ADC5962D506}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe --silent []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=2
    "SPBBCSvc"=3
    "SNDSrvc"=3
    "ccSetMgr"=2
    "ccProxy"=2
    "ccISPwdSvc"=3
    "ccEvtMgr"=2
    "aawservice"=2
    "avast! Web Scanner"=3
    "avast! Mail Scanner"=3
    "avast! Antivirus"=2
    "aswUpdSv"=2
    "Apple Mobile Device"=2
    "mnmsrvc"=3
    "TuneUp.Defrag"=3
    "iPod Service"=3
    "btwdins"=2
    "Bonjour Service"=2
    "WZCOOK"=3
    "WLSetupSvc"=3
    "usnjsvc"=3
    "Adobe LM Service"=3
    "NSCService"=2
    "javaquickstarterservice"=2
    "IJPLMSVC"=2
    "hpqwmiex"=2
    "avast!antivirus"=2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ehpimpfj]
    C:\WINDOWS\system32\yzrcruf.dll [2006-03-25 104448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mfnxpha]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=144
    "NoDrives"=00000000
    "NoDriveAutoRun"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63db7e8b-b62f-11dd-838e-001636a381df}]
    shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


    ======List of files/folders created in the last 1 months======

    2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
    2009-10-19 18:27:56 ----D---- C:\rsit
    2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
    2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
    2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
    2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
    2009-10-09 01:29:38 ----D---- C:\Program Files\PowerISO
    2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
    2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
    2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
    2009-09-26 16:55:07 ----D---- C:\Program Files\sina

    ======List of files/folders modified in the last 1 months======

    2009-10-19 18:39:39 ----D---- C:\WINDOWS\Temp
    2009-10-19 18:39:10 ----D---- C:\Program Files\Mozilla Firefox
    2009-10-19 18:27:58 ----D---- C:\Program Files
    2009-10-19 18:12:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
    2009-10-19 16:29:10 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-10-18 21:30:11 ----SHD---- C:\System Volume Information
    2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
    2009-10-18 21:03:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
    2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
    2009-10-18 14:06:10 ----D---- C:\WINDOWS\system32\Restore
    2009-10-17 23:27:02 ----D---- C:\WINDOWS
    2009-10-17 22:30:33 ----D---- C:\WINDOWS\system32
    2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
    2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
    2009-10-17 10:00:07 ----D---- C:\WINDOWS\system32\drivers
    2009-10-16 19:07:26 ----SHD---- C:\WINDOWS\Installer
    2009-10-16 19:07:26 ----SHD---- C:\Config.Msi
    2009-10-16 18:01:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
    2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
    2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
    2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
    2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
    2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
    2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-10-13 11:37:21 ----HD---- C:\WINDOWS\inf
    2009-10-13 11:37:11 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
    2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
    2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
    2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
    2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
    2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
    2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs
    2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
    2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
    2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
    2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
    2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
    2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
    R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
    R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
    S1 cf1821ad;cf1821ad; C:\WINDOWS\System32\drivers\cf1821ad.sys []
    S1 f44240d1;f44240d1; C:\WINDOWS\System32\drivers\f44240d1.sys []
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
    S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
    S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 182656]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
    S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
    S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
    S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
    S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
    S4 mchinjdrv;mchinjdrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 xuejgvsp;Microsoft UAA Function for High Definition Audio ServiceMonitor; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
    S2 RPCHE;Remote Procedure Call (RPCE); C:\Program Files\Intel\Intel.exe []
    S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
    S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
    S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
    S4 avast!antivirus;avast!antivirus; C:\WINDOWS\System32\avast!Antivirus.exe -k netsvcs []
    S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
    S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe []
    S4 ccSetMgr;Symantec Settings Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe []
    S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
    S4 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-16 152984]
    S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
    S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
    S4 NSCService;Service Norton Protection Center; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE []
    S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 WZCOOK;WEP/WPA-PMK key recovery service; C:\Documents and Settings\hp\Bureau\air crack\aircrack-2.41\win32\wzcook.exe []

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 18:47:28

    Tu as plusieurs infections.

  • Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix pour l'exécuter.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    19 Octobre 2009 19:17:59


    ############################## | UsbFix V6.042 |

    User : hp (Administrateurs) # MASHENKA
    Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 19:15:22 | 19/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
    AV : Norton Internet Security 2006 2006 [ Enabled | (!) Outdated ]
    AV : Kaspersky Anti-Virus 8.0.0.506 [ (!) Disabled | (!) Outdated ]
    AV : ESET NOD32 Antivirus 3.0 3.0 [ Enabled | Updated ]
    FW : BitDefender Firewall[ (!) Disabled ]12.0
    FW : Norton Internet Security 2006[ Enabled ]2006

    C:\ -> Disque fixe local # 84.93 Go (8.12 Go free) [OS] # NTFS
    D:\ -> Disque fixe local # 93.16 Go (6.63 Go free) [Data] # NTFS
    E:\ -> Disque fixe local # 8.23 Go (1.37 Go free) [HP_RECOVERY] # NTFS
    F:\ -> Disque CD-ROM
    H:\ -> Disque fixe local # 465.76 Go (1.14 Go free) [My Book] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |

    D:\desktop.ini
    E:\autorun.inf
    E:\desktop.ini

    ################## | Registre # Clés Run infectieuses |

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

    HKCU\..\..\Explorer\MountPoints2\{63db7e8b-b62f-11dd-838e-001636a381df}
    Shell\AutoRun\command =G:\Autorun.exe

    HKCU\..\..\Explorer\MountPoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    ################## | ! Fin du rapport # UsbFix V6.042 ! |

    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 19:40:19

  • Relance UsbFix et choisis l'option 5 pour le désinstaller.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    19 Octobre 2009 19:57:29

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2988
    Windows 5.1.2600 Service Pack 3

    19/10/2009 19:54:53
    mbam-log-2009-10-19 (19-54-53).txt

    Type de recherche: Examen rapide
    Eléments examinés: 113189
    Temps écoulé: 8 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté

    (s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{aff01

    325-0fc2-4749-8914-fbf0565ad9cc}

    (Trojan.Agent) -> Quarantined and deleted

    successfully.
    HKEY_CURRENT_USER\SOFTWARE\

    Microsoft\Windows\CurrentVersion\Ext\St

    ats\{aff01325-0fc2-4749-8914-

    fbf0565ad9cc} (Trojan.Agent) ->

    Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE

    \Microsoft\Windows\CurrentVersion\Explo

    rer\{19127ad2-394b-70f5-c650-

    b97867baa1f7} (Backdoor.Bot) ->

    Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE

    \Microsoft\Windows\CurrentVersion\Explo

    rer\{43bf8cd1-c5d5-2230-7bb2-

    98f22c2b7dc6} (Backdoor.Bot) ->

    Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18

    \SOFTWARE\Microsoft\Windows\Current

    Version\Explorer\{19127ad2-394b-70f5-

    c650-b97867baa1f7} (Backdoor.Bot) ->

    Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18

    \SOFTWARE\Microsoft\Windows\Current

    Version\Explorer\{43bf8cd1-c5d5-2230-

    7bb2-98f22c2b7dc6} (Backdoor.Bot) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWAR

    E\AGprotect (Malware.Trace) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\Curr

    entControlSet\Services\avast!AntiVirus

    (Trojan.Agent) -> Quarantined and deleted

    successfully.
    HKEY_LOCAL_MACHINE\System\Curr

    entControlSet\Services\RPCHE

    (Backdoor.Bot) -> Quarantined and

    deleted successfully.
    HKEY_LOCAL_MACHINE\System\Curr

    entControlSet\Services\UACd.sys

    (Trojan.Agent) -> Quarantined and deleted

    successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\

    Microsoft\Windows\CurrentVersion\Explor

    er\WINID (Malware.Trace) ->

    Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté

    (s):
    HKEY_LOCAL_MACHINE\System\Curr

    entControlSet\Services\BITS\ImagePath

    (Hijack.WindowsUpdates) -> Bad: (%

    fystemRoot%\system32\svchost.exe -k

    netsvcs) Good: (%SystemRoot%

    \System32\svchost.exe -k netsvcs) ->

    Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\Curr

    entControlSet\Services\wuauserv\ImagePat

    h (Hijack.WindowsUpdates) -> Bad: (%

    fystemroot%\system32\svchost.exe -k

    netsvcs) Good: (%SystemRoot%

    \System32\svchost.exe -k netsvcs) ->

    Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32

    \drivers\4c1f3b39.sys (Rootkit.Rustock) ->

    Delete on reboot.
    C:\WINDOWS\system32\sft.res

    (Malware.Trace) -> Quarantined and

    deleted successfully.


    Il y avait bien des malwares. Je suppose qu'il faut redémarrer avant de faire éventuellement une autre manipulation.
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 20:08:03

    Pourquoi le rapport est coupé comme cela ?

    Oui, redémarre ton PC.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan RSIT et poste le rapport log.
    19 Octobre 2009 20:14:16

    Aucune idée en ce qui concerne le rapport, j'en ai copié l'intégralité pourtant.

    Rapport log de RSIT:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by hp at 2009-10-19 20:13:03
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (9%) free of 87 GB
    Total RAM: 2046 MB (74% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:21, on 19/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\hp\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\hp.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe
    O2 - BHO: (no name) - {0f960f18-27f4-4bfc-824a-e49486b59239} - C:\WINDOWS\system32\lqqwyxex.dll
    O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll
    O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O11 - Options group: [java_sun] Java (Sun)
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll
    O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 7691 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f960f18-27f4-4bfc-824a-e49486b59239}]
    C:\WINDOWS\system32\lqqwyxex.dll [2006-03-25 132608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15f75187-3c68-4a04-9f42-7da15ded5067}]
    c:\windows\system32\yzrcruf.dll [2006-03-25 104448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
    DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
    "RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
    "nwiz"=nwiz.exe /install []
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
    "NetMeter"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
    C:\Documents and Settings\hp\Application Data\Microsoft\Installer\{EADA929D-7AEA-462C-AB1A-4ADC5962D506}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe --silent []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=2
    "SPBBCSvc"=3
    "SNDSrvc"=3
    "ccSetMgr"=2
    "ccProxy"=2
    "ccISPwdSvc"=3
    "ccEvtMgr"=2
    "aawservice"=2
    "avast! Web Scanner"=3
    "avast! Mail Scanner"=3
    "avast! Antivirus"=2
    "aswUpdSv"=2
    "Apple Mobile Device"=2
    "mnmsrvc"=3
    "TuneUp.Defrag"=3
    "iPod Service"=3
    "btwdins"=2
    "Bonjour Service"=2
    "WZCOOK"=3
    "WLSetupSvc"=3
    "usnjsvc"=3
    "Adobe LM Service"=3
    "NSCService"=2
    "javaquickstarterservice"=2
    "IJPLMSVC"=2
    "hpqwmiex"=2
    "avast!antivirus"=2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ehpimpfj]
    C:\WINDOWS\system32\yzrcruf.dll [2006-03-25 104448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mfnxpha]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=144
    "NoDrives"=00000000
    "NoDriveAutoRun"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8e94b9-33f8-11de-83f5-001636a381df}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63db7e8b-b62f-11dd-838e-001636a381df}]
    shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


    ======List of files/folders created in the last 1 months======

    2009-10-19 19:43:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-10-19 18:50:09 ----D---- C:\UsbFix
    2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
    2009-10-19 18:27:56 ----D---- C:\rsit
    2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
    2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
    2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
    2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
    2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
    2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
    2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
    2009-09-26 16:55:07 ----D---- C:\Program Files\sina

    ======List of files/folders modified in the last 1 months======

    2009-10-19 20:09:36 ----D---- C:\WINDOWS\Temp
    2009-10-19 20:04:14 ----D---- C:\WINDOWS\system32
    2009-10-19 20:04:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-10-19 20:01:44 ----D---- C:\Program Files\Mozilla Firefox
    2009-10-19 19:59:53 ----SHD---- C:\System Volume Information
    2009-10-19 19:59:14 ----D---- C:\Program Files
    2009-10-19 19:43:51 ----D---- C:\WINDOWS\system32\drivers
    2009-10-19 19:32:58 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-10-19 18:59:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-10-19 18:54:16 ----D---- C:\WINDOWS\system32\Restore
    2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
    2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
    2009-10-18 21:03:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
    2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
    2009-10-17 23:27:02 ----D---- C:\WINDOWS
    2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
    2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
    2009-10-16 19:07:26 ----SHD---- C:\WINDOWS\Installer
    2009-10-16 19:07:26 ----SHD---- C:\Config.Msi
    2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
    2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
    2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
    2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
    2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
    2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
    2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-10-13 11:37:21 ----HD---- C:\WINDOWS\inf
    2009-10-13 11:37:11 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
    2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
    2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
    2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
    2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
    2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
    2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs
    2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
    2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
    2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
    2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
    2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
    2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
    R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
    R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
    S1 cf1821ad;cf1821ad; C:\WINDOWS\System32\drivers\cf1821ad.sys []
    S1 f44240d1;f44240d1; C:\WINDOWS\System32\drivers\f44240d1.sys []
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
    S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
    S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 182656]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
    S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
    S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
    S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
    S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
    S4 mchinjdrv;mchinjdrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
    R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 xuejgvsp;Microsoft UAA Function for High Definition Audio ServiceMonitor; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
    S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
    S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
    S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
    S4 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe []
    S4 ccSetMgr;Symantec Settings Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe []
    S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
    S4 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-16 152984]
    S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
    S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
    S4 NSCService;Service Norton Protection Center; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE []
    S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 WZCOOK;WEP/WPA-PMK key recovery service; C:\Documents and Settings\hp\Bureau\air crack\aircrack-2.41\win32\wzcook.exe []

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 20:25:07

    1/

  • Lance ce fichier : C:\Program Files\trend micro\hp.exe
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

    O2 - BHO: (no name) - {0f960f18-27f4-4bfc-824a-e49486b59239} - C:\WINDOWS\system32\lqqwyxex.dll

    O2 - BHO: (no name) - {15f75187-3c68-4a04-9f42-7da15ded5067} - c:\windows\system32\yzrcruf.dll

    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe

    O20 - Winlogon Notify: ehpimpfj - C:\WINDOWS\SYSTEM32\yzrcruf.dll

    O20 - Winlogon Notify: mfnxpha - C:\WINDOWS\

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    cf1821ad
    f44240d1
    WZCOOK

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^hp^Menu Démarrer^Programmes^Démarrage^Memeo AutoBackup Launcher.lnk]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf7c0c01-e08e-11dc-8294-0018dea2f451}]

    :files
    C:\WINDOWS\system32\lqqwyxex.dll
    c:\windows\system32\yzrcruf.dll

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    19 Octobre 2009 20:33:53

    Rapport OTM:

    Files moved on Reboot...
    C:\WINDOWS\system32\lqqwyxex.dll unregistered successfully.
    File move failed. C:\WINDOWS\system32\lqqwyxex.dll scheduled to be moved on reboot.
    LoadLibrary failed for c:\windows\system32\yzrcruf.dll
    c:\windows\system32\yzrcruf.dll NOT unregistered.
    File move failed. c:\windows\system32\yzrcruf.dll scheduled to be moved on reboot.

    Registry entries deleted on Reboot...

    Il faut redémarrer de nouveau je suppose.


    edit: le redémarrage automatique n'ayant pas fonctionné j'ai relancé la procédure et voici le nouveau fichier log:

    Error: Unable to interpret <Files moved on Reboot...> in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\lqqwyxex.dll unregistered successfully.> in the current context!
    Error: Unable to interpret <File move failed. C:\WINDOWS\system32\lqqwyxex.dll scheduled to be moved on reboot.> in the current context!
    Error: Unable to interpret <LoadLibrary failed for c:\windows\system32\yzrcruf.dll> in the current context!
    Error: Unable to interpret <c:\windows\system32\yzrcruf.dll NOT unregistered.> in the current context!
    Error: Unable to interpret <File move failed. c:\windows\system32\yzrcruf.dll scheduled to be moved on reboot.> in the current context!
    Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!

    OTM by OldTimer - Version 3.0.0.6 log created on 10192009_203421
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 20:36:58

    Moué... Nous allons utiliser un outil plus puissant.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    19 Octobre 2009 21:00:47

    Rapport ComboFix:

    ComboFix 09-10-18.06 - hp 19/10/2009 20:47.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1476 [GMT 2:00]
    Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    * Un antivirus résident est actif

    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll

    ADS - WINDOWS: deleted 48 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\LocalService\Application Data\755020800.exe
    c:\recycler\S-1-5-21-0367936994-8369958338-978018945-7476
    C:\teacd.tmp
    C:\test.txt
    c:\windows\Installer\171070a.msi
    c:\windows\Installer\18d92ab.msi
    c:\windows\Installer\7057aa.msi
    c:\windows\Installer\aeaa905.msi
    c:\windows\kb913800.exe
    c:\windows\system32\auegdfs.dll
    c:\windows\system32\drivers\frfpdcbp.sys
    c:\windows\system32\drivers\nvnwlpra.sys
    c:\windows\system32\Ijl11.dll
    c:\windows\system32\lqqwyxex.dll
    c:\windows\system32\yzrcruf.dll
    E:\Autorun.inf
    c:\windows\system32\drivers\4c1f3b39.sys . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_avast!antivirus
    -------\Legacy_nvnwlpra
    -------\Legacy_NWCWORKSTATION
    -------\Legacy_tcpsr
    -------\Legacy_xuejgvsp
    -------\Service_nvnwlpra
    -------\Service_NWCWorkstation
    -------\Service_xuejgvsp
    -------\Service_4c1f3b39


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-19 18:30 . 2009-10-19 18:30 -------- d-----w- C:\_OTM
    2009-10-19 17:43 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-19 17:43 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-19 17:43 . 2009-10-19 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-19 16:50 . 2009-10-19 17:41 -------- d-----w- C:\UsbFix
    2009-10-19 16:27 . 2009-10-19 18:29 -------- d-----w- c:\program files\trend micro
    2009-10-19 16:27 . 2009-10-19 16:31 -------- d-----w- C:\rsit
    2009-10-16 21:13 . 2009-10-16 21:13 -------- d-----w- c:\program files\Tunatic
    2009-10-16 08:18 . 2009-10-16 08:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-10-13 16:05 . 2009-10-13 16:05 -------- d-----w- c:\program files\Unlocker
    2009-10-13 10:12 . 2009-10-13 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2009-10-09 20:27 . 2009-10-09 20:27 -------- d-----w- c:\program files\Traction Software
    2009-10-09 16:09 . 2009-10-09 16:09 -------- d-----w- c:\program files\JRE
    2009-10-06 15:21 . 2009-10-06 15:21 -------- d-----w- c:\program files\Fichiers communs\Skype
    2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\documents and settings\hp\Application Data\StreamTorrent
    2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\program files\StreamTorrent 1.0
    2009-09-26 14:55 . 2009-09-26 14:55 -------- d-----w- c:\program files\sina

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-19 18:54 . 2009-05-09 20:21 97020 ----a-w- c:\windows\system32\drivers\4c1f3b39.sys
    2009-10-19 18:52 . 2007-04-30 01:19 -------- d-----w- c:\program files\SuperCopier2
    2009-10-19 18:43 . 2006-03-25 11:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
    2009-10-19 18:41 . 2006-06-29 16:24 80948 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-19 18:41 . 2006-06-29 16:24 486692 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-19 18:39 . 2008-03-02 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-10-19 18:38 . 2007-05-08 11:14 -------- d-----w- c:\program files\Mozilla Thunderbird
    2009-10-19 18:27 . 2009-05-04 22:48 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
    2009-10-18 19:05 . 2007-07-20 12:37 -------- d-----w- c:\documents and settings\hp\Application Data\dvdcss
    2009-10-18 12:45 . 2007-04-28 23:52 -------- d-----w- c:\documents and settings\hp\Application Data\utorrent
    2009-10-17 08:00 . 2009-07-05 12:45 -------- d-----w- c:\program files\FreeUndelete
    2009-10-16 08:26 . 2007-07-01 18:21 6832 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-10-16 08:23 . 2007-12-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-13 19:06 . 2009-04-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
    2009-10-13 19:05 . 2009-04-24 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
    2009-10-13 10:36 . 2009-08-17 16:48 -------- d-----w- c:\program files\AVS4YOU
    2009-10-13 09:42 . 2008-03-08 18:13 -------- d-----w- c:\program files\QuickTime
    2009-10-13 09:38 . 2007-09-29 12:44 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-10-09 20:27 . 2007-02-28 17:48 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-09 18:56 . 2007-04-18 15:05 84240 -c--a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-09 17:24 . 2008-08-13 08:07 -------- d-----w- c:\program files\uTorrent
    2009-10-09 16:09 . 2008-11-13 17:57 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-10-06 15:24 . 2007-04-28 23:02 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
    2009-10-06 15:21 . 2007-09-12 16:00 -------- d-----r- c:\program files\Skype
    2009-10-06 15:21 . 2007-04-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-10-06 15:11 . 2009-01-27 18:13 -------- d-----w- c:\documents and settings\hp\Application Data\skypePM
    2009-10-04 19:58 . 2008-11-14 13:53 -------- d-----w- c:\program files\DAP
    2009-09-26 14:53 . 2007-10-24 17:36 -------- d-----w- c:\documents and settings\hp\Application Data\Audacity
    2009-09-15 17:10 . 2009-09-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-09-15 17:10 . 2009-01-11 20:11 -------- d-----w- c:\program files\TVUPlayer
    2007-04-30 19:46 . 2007-04-30 19:46 362 -c--a-w- c:\program files\ffdsvsetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1446 -c--a-w- c:\program files\ffdssetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1172 -c--a-w- c:\program files\ffdsasetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1002 ----a-w- c:\program files\mpc5.reg
    2007-04-30 19:46 . 2007-04-30 19:46 4704 ----a-w- c:\program files\satsukidecodersettings.ini
    2007-04-30 18:03 . 2007-04-30 18:03 251 ----a-w- c:\program files\wt3d.ini
    2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2006-03-25 03:00 . 2008-04-21 23:13 60416 -csha-w- c:\windows\Packs\SysFiles\26_MSIMN.EXE
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccProxy"=2 (0x2)
    "ccISPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "aawservice"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "TuneUp.Defrag"=3 (0x3)
    "iPod Service"=3 (0x3)
    "btwdins"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "WZCOOK"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "Adobe LM Service"=3 (0x3)
    "NSCService"=2 (0x2)
    "javaquickstarterservice"=2 (0x2)
    "IJPLMSVC"=2 (0x2)
    "hpqwmiex"=2 (0x2)
    "avast!antivirus"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /installquiet /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Documents and Settings\\hp\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\uusee\\UUSeePlayer.exe"=
    "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20:53 34824]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20:51 468224]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [07/06/2006 05:39 61952]
    S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [13/06/2006 10:53 33024]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [18/04/2008 18:05 83208]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [18/04/2008 18:05 15112]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [18/04/2008 18:05 108552]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [18/04/2008 18:07 100360]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [18/04/2008 18:08 23176]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [18/04/2008 18:07 98568]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [18/04/2008 18:07 98952]
    S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [25/06/2007 15:08 129535]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - NVNWLPRA
    *Deregistered* - mchinjdrv
    *Deregistered* - nvnwlpra

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2061F7AD-FF51-FF52-7CDB-9101507869AF}]
    c:\program files\Winhelper\Winhelper.exe s
    .
    Contenu du dossier 'Tâches planifiées'

    2009-10-16 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=localhost:7171
    IE: &clean traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &download with &dap - c:\program files\DAP\dapextie.htm
    IE: download &all with dap - c:\program files\DAP\dapextie2.htm
    IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} - hxxp://dl.uc.sina.com/cab/downloader.cab
    FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.footballfilter.com/
    FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - plugin: c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: browser.urlbar.autoFill - false
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: network.http.max-connections-per-server - 8
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0f960f18-27f4-4bfc-824a-e49486b59239} - c:\windows\system32\lqqwyxex.dll
    Notify-mfnxpha - (no file)
    Notify-WB - (no file)
    AddRemove-hijackthis - c:\docume~1\hp\LOCALS~1\Temp\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-19 20:54
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchinjdrv]
    "ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc22.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\4c1f3b39]
    "ImagePath"="\SystemRoot\System32\drivers\4c1f3b39.sys"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=

    [HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25F5F4DE-111D-EE05-78E7-8CAC396A5403}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abfhjkehidakeaoojbmpelpjbomaeoajbn"=hex:61,61,00,00
    "bbfhjkehidakeaoojbfbljpbehcmcaneaiaf"=hex:61,61,00,00

    [HKEY_USERS\s-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A26FA-CE31-A583-C57E-12685D7D77EA}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iablhjgohnpmggidjo"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
    6f,6a,6d,6e,00,00
    "hahkjpannahcebbi"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
    6f,6a,6d,6e,00,00
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1396)
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSFR.DLL
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\nvwddi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\system32\nvsvc32.exe
    c:\combofix\CF16447.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-10-19 20:59 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-10-19 18:59

    Avant-CF: 8 763 412 480 octets libres
    Après-CF: 8 618 549 248 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 404050B5A285CAC4E579D5DCA5175910
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 21:03:08

    Bien, tu peux recommencer ?
    19 Octobre 2009 21:36:32

    Nouveau rapport ComboFix:

    ComboFix 09-10-18.06 - hp 19/10/2009 21:27.3.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1612 [GMT 2:00]
    Lancé depuis: c:\documents and settings\hp\Bureau\ComboFix.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\windows\system32\drivers\4c1f3b39.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_4c1f3b39


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-19 au 2009-10-19 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-19 18:30 . 2009-10-19 18:30 -------- d-----w- C:\_OTM
    2009-10-19 17:43 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-19 17:43 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-19 17:43 . 2009-10-19 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-19 16:50 . 2009-10-19 17:41 -------- d-----w- C:\UsbFix
    2009-10-19 16:27 . 2009-10-19 18:29 -------- d-----w- c:\program files\trend micro
    2009-10-19 16:27 . 2009-10-19 16:31 -------- d-----w- C:\rsit
    2009-10-16 21:13 . 2009-10-16 21:13 -------- d-----w- c:\program files\Tunatic
    2009-10-16 08:18 . 2009-10-16 08:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-10-13 16:05 . 2009-10-13 16:05 -------- d-----w- c:\program files\Unlocker
    2009-10-13 10:12 . 2009-10-13 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2009-10-09 20:27 . 2009-10-09 20:27 -------- d-----w- c:\program files\Traction Software
    2009-10-09 16:09 . 2009-10-09 16:09 -------- d-----w- c:\program files\JRE
    2009-10-06 15:21 . 2009-10-06 15:21 -------- d-----w- c:\program files\Fichiers communs\Skype
    2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\documents and settings\hp\Application Data\StreamTorrent
    2009-10-04 10:51 . 2009-10-04 10:51 -------- d-----w- c:\program files\StreamTorrent 1.0
    2009-09-26 14:55 . 2009-09-26 14:55 -------- d-----w- c:\program files\sina

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-19 19:27 . 2007-04-30 01:19 -------- d-----w- c:\program files\SuperCopier2
    2009-10-19 19:18 . 2006-06-29 16:24 80948 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-19 19:18 . 2006-06-29 16:24 486692 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-19 18:43 . 2006-03-25 11:00 182656 ------w- c:\windows\system32\drivers\ndis.sys
    2009-10-19 18:39 . 2008-03-02 01:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-10-19 18:38 . 2007-05-08 11:14 -------- d-----w- c:\program files\Mozilla Thunderbird
    2009-10-19 18:27 . 2009-05-04 22:48 -------- d-----w- c:\documents and settings\hp\Application Data\vlc
    2009-10-18 19:05 . 2007-07-20 12:37 -------- d-----w- c:\documents and settings\hp\Application Data\dvdcss
    2009-10-18 12:45 . 2007-04-28 23:52 -------- d-----w- c:\documents and settings\hp\Application Data\utorrent
    2009-10-17 08:00 . 2009-07-05 12:45 -------- d-----w- c:\program files\FreeUndelete
    2009-10-16 08:26 . 2007-07-01 18:21 6832 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-10-16 08:23 . 2007-12-18 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-13 19:06 . 2009-04-24 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
    2009-10-13 19:05 . 2009-04-24 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
    2009-10-13 10:36 . 2009-08-17 16:48 -------- d-----w- c:\program files\AVS4YOU
    2009-10-13 09:42 . 2008-03-08 18:13 -------- d-----w- c:\program files\QuickTime
    2009-10-13 09:38 . 2007-09-29 12:44 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-10-09 20:27 . 2007-02-28 17:48 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-09 18:56 . 2007-04-18 15:05 84240 -c--a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-09 17:24 . 2008-08-13 08:07 -------- d-----w- c:\program files\uTorrent
    2009-10-09 16:09 . 2008-11-13 17:57 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-10-06 15:24 . 2007-04-28 23:02 -------- d-----w- c:\documents and settings\hp\Application Data\Skype
    2009-10-06 15:21 . 2007-09-12 16:00 -------- d-----r- c:\program files\Skype
    2009-10-06 15:21 . 2007-04-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-10-06 15:11 . 2009-01-27 18:13 -------- d-----w- c:\documents and settings\hp\Application Data\skypePM
    2009-10-04 19:58 . 2008-11-14 13:53 -------- d-----w- c:\program files\DAP
    2009-09-26 14:53 . 2007-10-24 17:36 -------- d-----w- c:\documents and settings\hp\Application Data\Audacity
    2009-09-15 17:10 . 2009-09-15 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
    2009-09-15 17:10 . 2009-01-11 20:11 -------- d-----w- c:\program files\TVUPlayer
    2007-04-30 19:46 . 2007-04-30 19:46 362 -c--a-w- c:\program files\ffdsvsetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1446 -c--a-w- c:\program files\ffdssetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1172 -c--a-w- c:\program files\ffdsasetts.reg
    2007-04-30 19:46 . 2007-04-30 19:46 1002 ----a-w- c:\program files\mpc5.reg
    2007-04-30 19:46 . 2007-04-30 19:46 4704 ----a-w- c:\program files\satsukidecodersettings.ini
    2007-04-30 18:03 . 2007-04-30 18:03 251 ----a-w- c:\program files\wt3d.ini
    2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2006-03-25 03:00 . 2008-04-21 23:13 60416 -csha-w- c:\windows\Packs\SysFiles\26_MSIMN.EXE
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-19_18.54.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2006-06-29 16:24 . 2009-10-19 18:41 66820 c:\windows\system32\perfc009.dat
    + 2006-06-29 16:24 . 2009-10-19 19:18 66820 c:\windows\system32\perfc009.dat
    + 2006-06-29 16:24 . 2009-10-19 19:18 417382 c:\windows\system32\perfh009.dat
    - 2006-06-29 16:24 . 2009-10-19 18:41 417382 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "Synaptics TouchPad Enhancements"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "ccSetMgr"=2 (0x2)
    "ccProxy"=2 (0x2)
    "ccISPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "aawservice"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "aswUpdSv"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "TuneUp.Defrag"=3 (0x3)
    "iPod Service"=3 (0x3)
    "btwdins"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "WZCOOK"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "Adobe LM Service"=3 (0x3)
    "NSCService"=2 (0x2)
    "javaquickstarterservice"=2 (0x2)
    "IJPLMSVC"=2 (0x2)
    "hpqwmiex"=2 (0x2)
    "avast!antivirus"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "nwiz"=nwiz.exe /installquiet /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Documents and Settings\\hp\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\uusee\\UUSeePlayer.exe"=
    "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/10/2008 20:53 34824]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 20:51 468224]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [07/06/2006 05:39 61952]
    S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\modbda2.sys [13/06/2006 10:53 33024]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [18/04/2008 18:05 83208]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [18/04/2008 18:05 15112]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [18/04/2008 18:05 108552]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [18/04/2008 18:07 100360]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [18/04/2008 18:08 23176]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [18/04/2008 18:07 98568]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [18/04/2008 18:07 98952]
    S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [25/06/2007 15:08 129535]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2061F7AD-FF51-FF52-7CDB-9101507869AF}]
    c:\program files\Winhelper\Winhelper.exe s
    .
    Contenu du dossier 'Tâches planifiées'

    2009-10-16 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=localhost:7171
    IE: &clean traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &download with &dap - c:\program files\DAP\dapextie.htm
    IE: download &all with dap - c:\program files\DAP\dapextie2.htm
    IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} - hxxp://dl.uc.sina.com/cab/downloader.cab
    FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.footballfilter.com/
    FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
    FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
    FF - plugin: c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\zx3j554g.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Veetle\Player\npvlc.dll
    FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: browser.urlbar.autoFill - false
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: network.http.max-connections-per-server - 8
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-19 21:33
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\hp\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=

    [HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25F5F4DE-111D-EE05-78E7-8CAC396A5403}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "abfhjkehidakeaoojbmpelpjbomaeoajbn"=hex:61,61,00,00
    "bbfhjkehidakeaoojbfbljpbehcmcaneaiaf"=hex:61,61,00,00

    [HKEY_USERS\S-1-5-21-1899180454-2078842870-369064324-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AE2A26FA-CE31-A583-C57E-12685D7D77EA}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iablhjgohnpmggidjo"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
    6f,6a,6d,6e,00,00
    "hahkjpannahcebbi"=hex:6b,61,65,6e,6b,61,6b,63,61,6c,69,62,63,6d,69,61,66,66,
    6f,6a,6d,6e,00,00
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(3296)
    c:\windows\system32\nview.dll
    c:\windows\system32\NVWRSFR.DLL
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\nvwddi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    Heure de fin: 2009-10-19 21:36
    ComboFix-quarantined-files.txt 2009-10-19 19:35
    ComboFix2.txt 2009-10-19 18:59

    Avant-CF: 8 618 123 264 octets libres
    Après-CF: 8 572 805 120 octets libres

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 965061CB6E0478D74F061BFCE363E0D8


    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 22:01:18

  • Menu Démarrer > Exécuter > Tape ComboFix /u et valide.

    Pourquoi as-tu désactivé des services ?
    19 Octobre 2009 22:05:00

    En fait j'ai du relancer de manière forcée ComboFix car tout le PC avait planté. C'est la seule chose de spécial que j'ai fait.
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 22:07:33

    Non mais il y a des services d'Avast et de Norton par exemple qui sont désactivés.
    19 Octobre 2009 22:08:36

    Ce sont des antivirus que je n'utilise plus et que je pensais avoir entièrement désinstallés.
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 22:14:18

    Pour supprimer les traces d'Avast :
    http://www.avast.com/fre/avast-uninstall-utility.html

    Pour supprimer les traces de Norton :
    ftp://ftp.symantec.com/public/english_us_canada/removal...

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 6
    - Java 6 Update 13
    - Java 6 Update 3
    - Java 6 Update 4
    - Java 6 Update 5
    - Java 6 Update 7
    - Java SE Runtime Environment 6 Update 1
    - Java SE Runtime Environment 6

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan RSIT et poste le rapport log.
    19 Octobre 2009 22:30:50

    Rapport log de RSIT:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by hp at 2009-10-19 22:28:57
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 9 GB (10%) free of 87 GB
    Total RAM: 2046 MB (79% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:29:04, on 19/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\hp\Bureau\RSIT.exe
    C:\Program Files\trend micro\hp.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: DAPIELoader Class - {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Synaptics TouchPad Enhancements] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
    O8 - Extra context menu item: &clean traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &download with &dap - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: download &all with dap - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {78abdc59-d8e7-44d3-9a76-9a0918c52b4a} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

    --
    End of file - 6782 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff6c3cf0-4b15-11d1-abed-709549c10000}]
    DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2009-06-24 140880]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-26 61952]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
    "RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
    "nwiz"=nwiz.exe /install []
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "Synaptics TouchPad Enhancements"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=2
    "SPBBCSvc"=3
    "SNDSrvc"=3
    "ccSetMgr"=2
    "ccProxy"=2
    "ccISPwdSvc"=3
    "ccEvtMgr"=2
    "aawservice"=2
    "avast! Web Scanner"=3
    "avast! Mail Scanner"=3
    "avast! Antivirus"=2
    "aswUpdSv"=2
    "Apple Mobile Device"=2
    "mnmsrvc"=3
    "TuneUp.Defrag"=3
    "iPod Service"=3
    "btwdins"=2
    "Bonjour Service"=2
    "WZCOOK"=3
    "WLSetupSvc"=3
    "usnjsvc"=3
    "Adobe LM Service"=3
    "NSCService"=2
    "javaquickstarterservice"=2
    "IJPLMSVC"=2
    "hpqwmiex"=2
    "avast!antivirus"=2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    nwprovau

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\hp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
    "C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:D ownload Accelerator Plus (DAP)"
    "C:\Documents and Settings\hp\Local Settings\Temp\7zS7DB.tmp\SymNRT.exe"="C:\Documents and Settings\hp\Local Settings\Temp\7zS7DB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-10-19 22:05:05 ----SD---- C:\ComboFix
    2009-10-19 21:36:09 ----D---- C:\WINDOWS\temp
    2009-10-19 21:36:07 ----A---- C:\ComboFix.txt
    2009-10-19 20:44:33 ----A---- C:\Boot.bak
    2009-10-19 20:44:11 ----RASHD---- C:\cmdcons
    2009-10-19 20:41:54 ----D---- C:\WINDOWS\ERDNT
    2009-10-19 20:30:18 ----D---- C:\_OTM
    2009-10-19 19:43:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-10-19 18:50:09 ----D---- C:\UsbFix
    2009-10-19 18:27:58 ----D---- C:\Program Files\trend micro
    2009-10-19 18:27:56 ----D---- C:\rsit
    2009-10-16 23:13:44 ----D---- C:\Program Files\Tunatic
    2009-10-16 11:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-10-16 10:18:02 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-10-16 10:01:04 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-10-13 18:05:07 ----D---- C:\Program Files\Unlocker
    2009-10-13 12:12:03 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    2009-10-09 22:27:36 ----D---- C:\Program Files\Traction Software
    2009-10-09 18:09:33 ----D---- C:\Program Files\JRE
    2009-10-06 17:21:58 ----D---- C:\Program Files\Fichiers communs\Skype
    2009-10-04 12:51:23 ----D---- C:\Documents and Settings\hp\Application Data\StreamTorrent
    2009-10-04 12:51:22 ----D---- C:\Program Files\StreamTorrent 1.0
    2009-09-26 16:55:07 ----D---- C:\Program Files\sina

    ======List of files/folders modified in the last 1 months======

    2009-10-19 22:27:46 ----AD---- C:\WINDOWS
    2009-10-19 22:27:33 ----SHD---- C:\System Volume Information
    2009-10-19 22:27:26 ----D---- C:\Program Files
    2009-10-19 22:26:51 ----D---- C:\Program Files\SuperCopier2
    2009-10-19 22:26:01 ----HD---- C:\WINDOWS\inf
    2009-10-19 22:26:01 ----HD---- C:\WINDOWS\$hf_mig$
    2009-10-19 22:24:17 ----D---- C:\Program Files\Mozilla Firefox
    2009-10-19 22:23:52 ----D---- C:\Config.Msi
    2009-10-19 22:23:36 ----D---- C:\WINDOWS\system32
    2009-10-19 22:23:29 ----SHD---- C:\WINDOWS\Installer
    2009-10-19 22:23:13 ----D---- C:\Program Files\Java
    2009-10-19 22:20:53 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-10-19 22:18:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-10-19 22:17:33 ----D---- C:\WINDOWS\system32\drivers
    2009-10-19 22:05:17 ----D---- C:\WINDOWS\system32\Restore
    2009-10-19 21:56:34 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-10-19 21:33:29 ----N---- C:\WINDOWS\system.ini
    2009-10-19 21:31:32 ----D---- C:\WINDOWS\AppPatch
    2009-10-19 21:31:26 ----D---- C:\Program Files\Fichiers communs
    2009-10-19 21:18:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-10-19 21:12:06 ----D---- C:\WINDOWS\system32\config
    2009-10-19 20:44:34 ----RASH---- C:\boot.ini
    2009-10-19 20:27:13 ----D---- C:\Documents and Settings\hp\Application Data\vlc
    2009-10-19 17:50:59 ----D---- C:\WINDOWS\Prefetch
    2009-10-18 21:05:07 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
    2009-10-18 14:45:08 ----D---- C:\Documents and Settings\hp\Application Data\utorrent
    2009-10-17 17:54:28 ----AC---- C:\WINDOWS\WININIT.INI
    2009-10-17 10:00:44 ----D---- C:\Program Files\FreeUndelete
    2009-10-16 10:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-16 10:10:49 ----D---- C:\WINDOWS\Tasks
    2009-10-16 10:07:08 ----D---- C:\WINDOWS\system32\LogFiles
    2009-10-13 21:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ
    2009-10-13 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    2009-10-13 12:36:06 ----D---- C:\Program Files\AVS4YOU
    2009-10-13 11:42:01 ----D---- C:\Program Files\QuickTime
    2009-10-13 11:38:52 ----D---- C:\Program Files\Fichiers communs\Apple
    2009-10-13 11:37:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-10-09 22:27:35 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-10-09 19:24:59 ----D---- C:\Program Files\uTorrent
    2009-10-09 18:16:18 ----RSD---- C:\WINDOWS\assembly
    2009-10-09 18:10:41 ----RSD---- C:\WINDOWS\Fonts
    2009-10-09 18:09:19 ----D---- C:\Program Files\OpenOffice.org 3
    2009-10-06 17:24:06 ----D---- C:\Documents and Settings\hp\Application Data\Skype
    2009-10-06 17:21:58 ----RD---- C:\Program Files\Skype
    2009-10-06 17:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
    2009-10-06 17:11:45 ----D---- C:\Documents and Settings\hp\Application Data\skypePM
    2009-10-05 20:40:44 ----N---- C:\WINDOWS\win.ini
    2009-10-04 21:58:03 ----D---- C:\Program Files\DAP
    2009-09-28 17:53:34 ----D---- C:\Documents and Settings\hp\Application Data\Microsoft
    2009-09-26 16:54:14 ----D---- C:\WINDOWS\Downloaded Program Files
    2009-09-26 16:53:07 ----D---- C:\Documents and Settings\hp\Application Data\Audacity
    2009-09-26 16:29:21 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-25 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-03-25 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-03-25 55936]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-11 179200]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-26 581632]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-21 995712]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-21 208000]
    R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-26 9856]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-23 51840]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-02 308992]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
    R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-21 727296]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-07 61952]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
    S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
    S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
    S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
    S3 catchme;catchme; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
    S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MODBDA2;DiBcom MOD3000 TV receiver; C:\WINDOWS\System32\Drivers\modbda2.sys [2006-06-13 33024]
    S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
    S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
    S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
    S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
    S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
    S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
    S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
    S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
    S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
    S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
    S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 Slnt7554;USB Soft Modem Driver; C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 129535]
    S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
    S3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\hp\LOCALS~1\Temp\mc21.tmp []
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
    R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-05-09 14336]
    S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
    S2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe []
    S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 ehttpsrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2009-05-09 14336]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-24 72704]
    S4 bonjour service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2006-05-12 258103]
    S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    S4 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
    S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-05-18 49152]
    S4 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
    S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 23:22:39

    C'est beaucoup mieux.

    Le PC va comment ?
    19 Octobre 2009 23:26:44

    Beaucoup mieux lui aussi, j'ai l'impression que tout tourne plus vite, l'affichage des pages web est plus rapide je trouve, c'est plus confortable pour surfer.

    Merci beaucoup, tout est plus agréable, merci encore de m'avoir consacré autant de temps et d'efforts! Bonne nuit, Kenavo.
    a c 296 8 Sécurité
    a b 9 Windows
    19 Octobre 2009 23:28:08

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    19 Octobre 2009 23:36:19

    Merci; c'est vrai que j'ai été laxiste ces derniers temps en ce qui concerne la santé de la bécane.

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\Combofix: trouvé !
    C:\_OTM: trouvé !
    C:\UsbFix: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\hp\Bureau\OTM.exe: trouvé !
    C:\Documents and Settings\hp\Bureau\Rsit.exe: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\hp\Bureau\OTM.exe: supprimé !
    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Documents and Settings\hp\Bureau\Rsit.exe: supprimé !
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Combofix: supprimé !
    C:\_OTM: supprimé !
    C:\UsbFix: supprimé !
    C:\Rsit: supprimé !
    a c 296 8 Sécurité
    a b 9 Windows
    20 Octobre 2009 00:08:21

    Tu peux supprimer ToolsCleaner.

    Des questions ?
    20 Octobre 2009 08:32:17

    Je rencontre le même type de problème : moi aussi suis redirigée sur des sites publicitaires depuis Google sous Firefox... :-(
    20 Octobre 2009 10:51:27

    Pas de questions particulières, merci encore :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS