Votre question

Espace disque diminuant de plus en plus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Septembre 2009 13:19:04

bonjour
mon disque c: ou jai windows diminue de plus en plus et mème en redémarant il ne récupère pas sont espace disque que faire. jai remarqué quelque chos de bizarre dans

C:\Program Files\Fichiers communs\Microsoft Shared\DAO\S-3UAHKJIVUG6NN
ce dossier fait 6go alors quil ny a que SVCHOST dedans de 160ko.

en analysant se dossier avec avast je vois les fichiers dedans C:\Program Files\Fichiers communs\Microsoft Shared\DAO\S-3UAHKJIVUG6NN\sscdata\scrdata\( et la une suite de chiffre correspondant année/mois/une suite de 6 chiffre peut ètre les heures et sè ensemble de chiffre a lextension suivant .jpg)

(ce que je vous ait mis entre parenthèse sè se que je pense).

voici mon rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:34, on 24/09/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\S-3UAHKJIVUG6NN\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\DuriE\USDownloader135\USDownloader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\DuriE\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7a77c3be-98b4-4574-abcd-40ab9e522deb} - C:\WINDOWS\System32\nupebivi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [User Themes] C:\Program Files\S-3UAHKJIVUG6NN\svchost.exe
O4 - HKLM\..\Run: [CPM8785c8b9] Rundll32.exe "c:\windows\system32\yafukesi.dll",a
O4 - HKLM\..\Run: [holuzipabi] Rundll32.exe "C:\WINDOWS\System32\huboweri.dll",s
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
O17 - HKLM\System\CCS\Services\Tcpip\..\{484E44DF-7673-4AF4-8E84-9DFDC9665097}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{66513F57-CA50-4CB7-8E0C-D219C73199B7}: NameServer = 81.253.149.9 80.10.246.132
O20 - AppInit_DLLs: c:\windows\system32\leyahitu.dll c:\windows\system32\supohere.dll c:\windows\system32\gobazani.dll c:\windows\system32\yafukesi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\supohere.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\supohere.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7276 bytes

je précise que jai déja fait un scan disque avant le démarage de windows sans récupérer aucun espace disque


merci de mapporter votre aide sil vous plait

Autres pages sur : espace disque diminuant

a c 313 8 Sécurité
24 Septembre 2009 15:00:05

Bonjour,

Le PC est infecté.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    24 Septembre 2009 19:54:27

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2855
    Windows 5.1.2600

    24/09/2009 19:54:53
    mbam-log-2009-09-24 (19-54-53).txt

    Type de recherche: Examen complet (C:\|D:\|H:\|)
    Eléments examinés: 300360
    Temps écoulé: 2 hour(s), 16 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 11
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a77c3be-98b4-4574-abcd-40ab9e522deb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7a77c3be-98b4-4574-abcd-40ab9e522deb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Malware Sweeper (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm8785c8b9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\holuzipabi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\user themes (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\BulletProofSoft.com (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\Clip.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\YG VideoGrabber.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Bureau\Go!Zilla Downloads\setup_mtlm.exe (Adware.EShoper) -> Quarantined and deleted successfully.
    D:\DuriE\bpsvg.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\Help.chm (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\Main.swf (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\unins000.dat (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ijl11pro.DLL (Worm.Sohanad) -> Delete on reboot.
    C:\WINDOWS\system32\sasoliha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\S-3UAHKJIVUG6NN\SVCHOST.EXE (Trojan.Agent) -> Delete on reboot.



    et voici le résumé de lanalyse. merci de maider

    Contenus similaires
    a c 313 8 Sécurité
    24 Septembre 2009 20:05:58

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    24 Septembre 2009 22:43:15

    pour le info.txt:


    info.txt logfile of random's system information tool 1.06 2009-09-24 22:42:51

    ======Uninstall list======

    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
    Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Blindwrite suite-->"C:\Program Files\vso\blindwrite\unins000.exe"
    BlueSoleil 3.0 Std Release-->MsiExec.exe /X{B174DCA1-D1AF-45B4-976D-87943E4C5957}
    Browser Mouse-->C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins005.EXE
    BulletProofSoft Youtube Video Grabber 1.0.0.5-->"C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    ESDX6000_CX5900 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESDX6000_CX5900\USE_G\DOCUNINS.EXE
    Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
    HijackThis 2.0.2-->"D:\DuriE\HijackThis.exe" /uninstall
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    MultiMedia Keyboard 1.1-->C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\unins002.EXE
    Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
    PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PSP WIFI Max-->"C:\Program Files\Datel\PSP WIFI Max\unins000.exe"
    QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    ROUTE 66 Safety Camera Update-->C:\Program Files\InstallShield Installation Information\{FB89456A-8EEE-4357-AAE1-1A5A46A974AD}\setup.exe -runfromtemp -l0x040c -removeonly
    SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Windows Installer 3.0 (KB884016)-->C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows XP Hotfix (SP1) [See Q312370 for more information]-->C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.exe
    Xilisoft YouTube Video Converter-->C:\Program Files\Xilisoft\YouTube Video Converter\Uninstall.exe
    ZyDAS IEEE 802.11 b+g Wireless LAN - USB-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9

    ======System event log======

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 4188
    Source Name: Application Popup
    Time Written: 20090727212952.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 4187
    Source Name: Application Popup
    Time Written: 20090727212952.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 4186
    Source Name: Application Popup
    Time Written: 20090727212952.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 4185
    Source Name: Application Popup
    Time Written: 20090727212952.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 4184
    Source Name: Application Popup
    Time Written: 20090727212952.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 683
    Source Name: Userenv
    Time Written: 20090511220750.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 682
    Source Name: Userenv
    Time Written: 20090511220336.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 681
    Source Name: Userenv
    Time Written: 20090511203334.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 680
    Source Name: Userenv
    Time Written: 20090511202050.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 679
    Source Name: Userenv
    Time Written: 20090511185552.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------



    pour le log:


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by slipknot at 2009-09-24 22:42:45
    Microsoft Windows XP Professionnel
    System drive C: has 45 MB (0%) free of 20 GB
    Total RAM: 1791 MB (59% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:42:48, on 24/09/2009
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
    C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\DuriE\RSIT.exe
    D:\DuriE\slipknot.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{484E44DF-7673-4AF4-8E84-9DFDC9665097}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66513F57-CA50-4CB7-8E0C-D219C73199B7}: NameServer = 80.10.246.1 81.253.149.2
    O20 - AppInit_DLLs: c:\windows\system32\leyahitu.dll c:\windows\system32\supohere.dll c:\windows\system32\gobazani.dll c:\windows\system32\yafukesi.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 6667 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-04-25 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-04-25 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-28 847900]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2002-10-25 4239360]
    "nwiz"=nwiz.exe /install []
    "LWBMOUSE"=C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE [2001-11-20 356352]
    "LWBKEYBOARD"=C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe [2002-04-02 371200]
    "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
    "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
    "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-04-25 148888]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-10 180269]
    "EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE [2006-02-13 131072]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
    "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

    C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
    ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="c:\windows\system32\leyahitu.dll c:\windows\system32\supohere.dll c:\windows\system32\gobazani.dll c:\windows\system32\yafukesi.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\WINDOWS\System32\leyahitu.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2009-09-24 22:42:45 ----D---- C:\rsit
    2009-09-24 17:36:31 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Malwarebytes
    2009-09-24 17:36:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-09-24 17:36:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-09-24 01:02:02 ----D---- C:\Program Files\CCleaner
    2009-09-13 19:22:37 ----A---- C:\WINDOWS\System32\aswBoot.exe
    2009-09-13 19:22:34 ----D---- C:\Program Files\Alwil Software
    2009-09-13 19:15:35 ----D---- C:\WINDOWS\LastGood
    2009-09-11 23:56:52 ----A---- C:\WINDOWS\System32\VB6STKIT.DLL
    2009-09-11 23:33:28 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Xilisoft Corporation
    2009-09-08 19:02:54 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\InfraRecorder
    2009-09-08 18:50:08 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Macromedia
    2009-09-08 18:45:52 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Adobe
    2009-09-08 18:45:34 ----SD---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Microsoft
    2009-09-08 18:45:33 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Azureus
    2009-09-08 03:48:18 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\WinRAR

    ======List of files/folders modified in the last 1 months======

    2009-09-24 21:05:57 ----D---- C:\WINDOWS\Temp
    2009-09-24 21:02:55 ----D---- C:\WINDOWS\Prefetch
    2009-09-24 21:02:17 ----D---- C:\Program Files\Wanadoo
    2009-09-24 21:01:49 ----D---- C:\WINDOWS
    2009-09-24 21:01:46 ----D---- C:\WINDOWS\Debug
    2009-09-24 21:01:34 ----D---- C:\WINDOWS\system32
    2009-09-24 21:01:34 ----D---- C:\Program Files\S-3UAHKJIVUG6NN
    2009-09-24 21:00:20 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-09-24 19:54:55 ----A---- C:\WINDOWS\winhelp.ini
    2009-09-24 19:54:53 ----RD---- C:\Program Files
    2009-09-24 17:36:26 ----D---- C:\WINDOWS\System32\drivers
    2009-09-24 17:33:42 ----A---- C:\WINDOWS\winamp.ini
    2009-09-24 01:27:42 ----SHD---- C:\WINDOWS\Installer
    2009-09-24 01:27:42 ----D---- C:\WINDOWS\Help
    2009-09-24 01:02:59 ----D---- C:\WINDOWS\Minidump
    2009-09-23 19:10:13 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-09-22 18:06:40 ----D---- C:\Program Files\FlashFXP
    2009-09-22 01:34:38 ----D---- C:\Nouveau dossier
    2009-09-21 16:52:07 ----D---- C:\My Music
    2009-09-18 18:55:07 ----D---- C:\Program Files\MegaLink
    2009-09-17 22:20:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
    2009-09-17 22:20:50 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
    2009-09-15 17:44:21 ----D---- C:\WINDOWS\System32\config
    2009-09-15 17:37:40 ----D---- C:\Program Files\Vuze
    2009-09-13 21:06:02 ----D---- C:\WINDOWS\System32\CatRoot2
    2009-09-13 19:15:37 ----HD---- C:\WINDOWS\inf
    2009-09-08 21:08:04 ----D---- C:\Program Files\abgx360
    2009-09-08 19:01:20 ----D---- C:\Documents and Settings
    2009-09-08 18:28:58 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\System32\drivers\Aavmker4.sys [2009-08-17 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\System32\drivers\aswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\System32\drivers\aswTdi.sys [2009-08-17 51376]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-16 16512]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\System32\drivers\aswMon2.sys [2009-08-17 94160]
    R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
    R3 aswRdr;aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [2009-08-17 23152]
    R3 axvdkbus;axvdkbus; C:\WINDOWS\System32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
    R3 axvodka;axvodka; C:\WINDOWS\System32\DRIVERS\axvodka.sys [2003-03-10 102400]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2006-11-22 34576]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [2006-11-22 27792]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2006-11-22 18320]
    R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
    R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
    R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-10-25 1177658]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
    R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
    R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2002-04-22 27648]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-04-01 19072]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-04-01 51584]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2001-08-28 15616]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 21760]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2006-11-22 34448]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-11-22 44304]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-04-04 12297]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-04-04 12297]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-11-22 33936]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2001-08-17 16256]
    S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2001-08-17 4992]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752]
    S3 Smport;Smport; \??\C:\WINDOWS\System32\Smport.sys []
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2001-08-17 24960]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 24832]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [2005-08-17 330240]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2006-11-30 117520]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-04-25 152984]
    R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-10-25 65536]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

    -----------------EOF-----------------


    et voila jèspère que sa va taider. ;) 

    a c 313 8 Sécurité
    24 Septembre 2009 22:46:48

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    25 Septembre 2009 12:11:01

    voici le rapport:

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: All Users.WINDOWS

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 537597 bytes

    User: LocalService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 61832 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: SLIPKNOT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 134 bytes
    ->Java cache emptied: 14622566 bytes

    User: slipknot.S-3UAHKJIVUG6NN
    ->Temp folder emptied: 471544 bytes
    ->Temporary Internet Files folder emptied: 2356299 bytes
    ->Java cache emptied: 34694136 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\LastGood.Tmp\System32\DRIVERS folder deleted successfully.
    C:\WINDOWS\LastGood.Tmp\System32 folder deleted successfully.
    C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
    C:\WINDOWS\LastGood.Tmp folder deleted successfully.
    %systemroot% .tmp files removed: 1430101 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_554.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 16384 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 51,78 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 09252009_120419

    Files moved on Reboot...
    File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    C:\WINDOWS\temp\Perflib_Perfdata_554.dat moved successfully.

    Registry entries deleted on Reboot...


    et sè la fin du rapport.....
    a c 313 8 Sécurité
    25 Septembre 2009 13:43:32

    Pourquoi Windows n'est pas à jour ?
    25 Septembre 2009 18:02:46

    pour dire vrai jen sai rien......

    jaurai du ètre en quel version de windows?



    a c 313 8 Sécurité
    25 Septembre 2009 18:09:10

    Tu devrais avoir au moins le SP2 voire le SP3 d'XP.

    C'est dangereux niveau sécurité de surfer avec un XP de ce genre.
    25 Septembre 2009 20:29:42

    mais què se que ce dossier de 6 go avec rien dedans si un fichier de 160ko schost?

    est il important? sinon comment je peux le supprimer?
    a bientot.
    a c 313 8 Sécurité
    25 Septembre 2009 20:40:04

    Tu ne connais pas S-3UAHKJIVUG6NN ?
    26 Septembre 2009 13:03:09

    si sè quand jai installé windows. sè le dossier slipknot lancien.
    car jai installé windows par dessus sans formater....
    a c 313 8 Sécurité
    26 Septembre 2009 17:37:15

    Je ne comprends pas ce que tu as fait.
    26 Septembre 2009 20:18:03

    linstallation de windows date de 4 mois. et se problème de disque dur diminuant date 1 mois.

    comment puis je supprimer se lourd dossier?
    a c 313 8 Sécurité
    26 Septembre 2009 20:38:02

    Je ne sais pas ce que c'est que ce dossier.

    Citation :
    comment puis je supprimer se lourd dossier?

    --> Clic droit > Supprimer.
    27 Septembre 2009 00:58:24

    je lai supprimé. maintenant jai sans cesse se message

    "sorry, jpeg dll not found. you must reinstall this program."

    lintituler de cette fenètre porte le nom de "svchost"
    a c 313 8 Sécurité
    27 Septembre 2009 01:03:36

  • Refais un scan RSIT et poste le rapport log.
    27 Septembre 2009 22:41:26

    pour le log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by slipknot at 2009-09-27 22:48:34
    Microsoft Windows XP Professionnel
    System drive C: has 6 GB (32%) free of 20 GB
    Total RAM: 1791 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:48:43, on 27/09/2009
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
    C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\DAO\SVCHOST.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    D:\DuriE\USDownloader135\USDownloader.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\DuriE\RSIT.exe
    D:\DuriE\slipknot.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [User Themes] C:\Program Files\Fichiers communs\Microsoft Shared\DAO\SVCHOST.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{484E44DF-7673-4AF4-8E84-9DFDC9665097}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66513F57-CA50-4CB7-8E0C-D219C73199B7}: NameServer = 80.10.246.130 81.253.149.10
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 6773 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-04-25 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-04-25 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-28 847900]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2002-10-25 4239360]
    "nwiz"=nwiz.exe /install []
    "LWBMOUSE"=C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE [2001-11-20 356352]
    "LWBKEYBOARD"=C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe [2002-04-02 371200]
    "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]
    "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
    "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-04-25 148888]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-05-10 180269]
    "EPSON Stylus DX6000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE [2006-02-13 131072]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
    "User Themes"=C:\Program Files\Fichiers communs\Microsoft Shared\DAO\SVCHOST.exe [2007-08-16 163840]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
    "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

    C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
    ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2009-09-27 22:48:34 ----D---- C:\rsit
    2009-09-25 23:44:42 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Help
    2009-09-24 17:36:31 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Malwarebytes
    2009-09-24 17:36:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-09-24 17:36:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-09-24 01:02:02 ----D---- C:\Program Files\CCleaner
    2009-09-13 19:22:37 ----A---- C:\WINDOWS\System32\aswBoot.exe
    2009-09-13 19:22:34 ----D---- C:\Program Files\Alwil Software
    2009-09-11 23:56:52 ----A---- C:\WINDOWS\System32\VB6STKIT.DLL
    2009-09-11 23:33:28 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Xilisoft Corporation
    2009-09-08 19:02:54 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\InfraRecorder
    2009-09-08 18:50:08 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Macromedia
    2009-09-08 18:45:52 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Adobe
    2009-09-08 18:45:34 ----SD---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Microsoft
    2009-09-08 18:45:33 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\Azureus
    2009-09-08 03:48:18 ----D---- C:\Documents and Settings\slipknot.S-3UAHKJIVUG6NN\Application Data\WinRAR

    ======List of files/folders modified in the last 1 months======

    2009-09-27 22:48:42 ----D---- C:\WINDOWS\Prefetch
    2009-09-27 22:45:50 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-09-27 22:45:35 ----A---- C:\WINDOWS\winamp.ini
    2009-09-27 16:59:47 ----D---- C:\WINDOWS\Temp
    2009-09-27 10:58:34 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-09-27 08:47:18 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
    2009-09-27 08:47:18 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
    2009-09-27 01:39:48 ----A---- C:\WINDOWS\winhelp.ini
    2009-09-27 00:59:31 ----D---- C:\Program Files\Wanadoo
    2009-09-27 00:58:40 ----D---- C:\WINDOWS\Debug
    2009-09-25 12:08:04 ----RD---- C:\Program Files
    2009-09-25 12:06:01 ----D---- C:\WINDOWS
    2009-09-25 12:04:31 ----D---- C:\WINDOWS\system32
    2009-09-25 01:53:08 ----D---- C:\Nouveau dossier
    2009-09-24 21:01:34 ----D---- C:\Program Files\S-3UAHKJIVUG6NN
    2009-09-24 17:36:26 ----D---- C:\WINDOWS\System32\drivers
    2009-09-24 01:27:42 ----SHD---- C:\WINDOWS\Installer
    2009-09-24 01:27:42 ----D---- C:\WINDOWS\Help
    2009-09-24 01:02:59 ----D---- C:\WINDOWS\Minidump
    2009-09-22 18:06:40 ----D---- C:\Program Files\FlashFXP
    2009-09-21 16:52:07 ----D---- C:\My Music
    2009-09-15 17:44:21 ----D---- C:\WINDOWS\System32\config
    2009-09-15 17:37:40 ----D---- C:\Program Files\Vuze
    2009-09-13 21:06:02 ----D---- C:\WINDOWS\System32\CatRoot2
    2009-09-13 19:15:37 ----HD---- C:\WINDOWS\inf
    2009-09-08 21:08:04 ----D---- C:\Program Files\abgx360
    2009-09-08 19:01:20 ----D---- C:\Documents and Settings
    2009-09-08 18:28:58 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\System32\drivers\Aavmker4.sys [2009-08-17 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\System32\drivers\aswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\System32\drivers\aswTdi.sys [2009-08-17 51376]
    R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-16 16512]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\System32\drivers\aswMon2.sys [2009-08-17 94160]
    R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
    R3 aswRdr;aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [2009-08-17 23152]
    R3 axvdkbus;axvdkbus; C:\WINDOWS\System32\DRIVERS\axvdkbus.sys [2003-02-25 8672]
    R3 axvodka;axvodka; C:\WINDOWS\System32\DRIVERS\axvodka.sys [2003-03-10 102400]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [2006-11-22 34576]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [2006-11-22 27792]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [2006-11-22 18320]
    R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\System32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
    R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
    R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-10-25 1177658]
    R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
    R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
    R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
    R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2002-04-22 27648]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-04-01 19072]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-04-01 51584]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2001-08-28 15616]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-28 21760]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\System32\DRIVERS\VComm.sys [2006-11-22 34448]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-11-22 44304]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-04-04 12297]
    S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-04-04 12297]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-11-22 33936]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2001-08-17 16256]
    S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2001-08-17 4992]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752]
    S3 Smport;Smport; \??\C:\WINDOWS\System32\Smport.sys []
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2001-08-17 24960]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2001-08-17 24832]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2001-08-17 13824]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [2005-08-17 330240]
    S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
    R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2006-11-30 117520]
    R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-04-25 152984]
    R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-10-25 65536]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

    -----------------EOF-----------------



    pour linfo:


    info.txt logfile of random's system information tool 1.06 2009-09-27 22:48:45

    ======Uninstall list======

    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
    Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Blindwrite suite-->"C:\Program Files\vso\blindwrite\unins000.exe"
    BlueSoleil 3.0 Std Release-->MsiExec.exe /X{B174DCA1-D1AF-45B4-976D-87943E4C5957}
    Browser Mouse-->C:\Program Files\Browser Mouse\Browser Mouse\1.1\unins005.EXE
    BulletProofSoft Youtube Video Grabber 1.0.0.5-->"C:\Program Files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    ESDX6000_CX5900 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESDX6000_CX5900\USE_G\DOCUNINS.EXE
    ETAJV DS 2.17-->C:\Program Files\ETAJV DS\uninst.exe
    Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
    HijackThis 2.0.2-->"D:\DuriE\HijackThis.exe" /uninstall
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    MultiMedia Keyboard 1.1-->C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\unins002.EXE
    Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
    PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PSP WIFI Max-->"C:\Program Files\Datel\PSP WIFI Max\unins000.exe"
    QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    ROUTE 66 Safety Camera Update-->C:\Program Files\InstallShield Installation Information\{FB89456A-8EEE-4357-AAE1-1A5A46A974AD}\setup.exe -runfromtemp -l0x040c -removeonly
    SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Windows Installer 3.0 (KB884016)-->C:\WINDOWS\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows XP Hotfix (SP1) [See Q312370 for more information]-->C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.exe
    Xilisoft YouTube Video Converter-->C:\Program Files\Xilisoft\YouTube Video Converter\Uninstall.exe
    ZyDAS IEEE 802.11 b+g Wireless LAN - USB-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9

    ======System event log======

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 6006
    Message: Le service d'Enregistrement d'événement a été arrêté.

    Record Number: 4283
    Source Name: EventLog
    Time Written: 20090729224857.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 20159
    Message: La connexion à Orange effectuée par l'utilisateur fti/ckrvphv utilisant le périphérique ISDN12-0 a été déconnectée.

    Record Number: 4282
    Source Name: RemoteAccess
    Time Written: 20090729224855.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.

    Record Number: 4281
    Source Name: Disk
    Time Written: 20090729095234.000000+120
    Event Type: Avertissement
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.

    Record Number: 4280
    Source Name: Disk
    Time Written: 20090729095233.000000+120
    Event Type: Avertissement
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.

    Record Number: 4279
    Source Name: Disk
    Time Written: 20090729095134.000000+120
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1090
    Message: Windows n'a pas pu enregistrer le statut de la session RSoP (Jeu de stratégies résultant). Une tentative de connexion à WMI a échoué. Aucun enregistrement RSoP, ne sera effectué pour cette application de stratégie.

    Record Number: 771
    Source Name: Userenv
    Time Written: 20090514182002.000000+120
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 2002
    Message: La procédure d'ouverture du service "WmiApRpl" dans la bibliothèque "C:\WINDOWS\System32\wbem\wmiaprpl.dll" a
    pris plus longtemps que le délai imparti pour cette opération. Il y a
    peut-être un problème pour ce compteur extensible ou le service dont il
    tire ses informations, ou le système était peut-être très occupé au moment
    où l'appel a été tenté.

    Record Number: 770
    Source Name: Perflib
    Time Written: 20090514181800.000000+120
    Event Type: erreur
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 2001
    Message: Le service EAPOL a été démarré correctement

    Record Number: 769
    Source Name: EAPOL
    Time Written: 20090514181738.000000+120
    Event Type: Informations
    User:

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1517
    Message: Windows a sauvegardé le Registre utilisateur S-3UAHKJIVUG6NN\slipknot alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.


    Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

    Record Number: 768
    Source Name: Userenv
    Time Written: 20090514180927.000000+120
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: S-3UAHKJIVUG6NN
    Event Code: 1002
    Message: Application bloquée msimn.exe, version 6.0.2600.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Record Number: 767
    Source Name: Application Hang
    Time Written: 20090514180443.000000+120
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------


    et voila
    a c 313 8 Sécurité
    28 Septembre 2009 04:30:32

  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "User Themes"=-

    :files
    C:\Program Files\Fichiers communs\Microsoft Shared\DAO\SVCHOST.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS