Se connecter / S'enregistrer
Votre question

[Résolu] Rogue infection - dneaibuwid.exe dans le Temp

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Août 2009 13:36:19

Bonjour à tous,

J'ai été victime hier d'un rogue qui m'a semblé un peu trop facile à virer. Il s'agissait de _ex-68.exe qui était logé dans le temp de XP (SP2).

Depuis j'ai un dneaibuwid.exe qui traine dans le même répertoire et qui est impossible à virer. Ai-je raison de m'inquiéter ?

Je ne trouve aucune référence sur le net concernant cet .exe... :( 

Résumé :

XP pro SP2
Spybot
Ad-Aware
Spyware terminator
Antivir

Voici mon rapport HiJackThis :

Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:41, on 08/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
f:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\TEMP\dneaibuwid.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\TEMP\dneaibuwid.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SAM\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Avertissement AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\dneaibuwid.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9cce6f93572c6) (gupdate1c9cce6f93572c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - f:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11518 bytes


Merci de m'éclairer. :) 

Autres pages sur : resolu rogue infection dneaibuwid exe temp

8 Août 2009 13:41:25

Précision : comme par hasard, CCleaner est incapable de le virer. :pfff: 
8 Août 2009 13:55:14

En lisant les autres topic, je me suis aperçu que Malwarebytes était fortement conseillé. Téléchargement, lancement et... plantage après 2m41s et 9 infections trouvées...

Normal ? :( 
Contenus similaires
8 Août 2009 14:31:36

Bon, en mode sans échec, ça fonctionne mieux... :D 

Enfin presque :

Voici le 1er rapport de Malwarebytes :

Citation :
Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 2 (Safe Mode)

08/08/2009 14:06:00
mbam-log-2009-08-08 (14-05-47).txt

Scan type: Quick Scan
Objects scanned: 93303
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrcbvxyaiq.dll (Trojan.TDSS) -> No action taken.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Files Infected:
\\?\globalroot\systemroot\system32\geyekrcbvxyaiq.dll (Trojan.TDSS) -> No action taken.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.


Et le dernier :

Citation :
Malwarebytes' Anti-Malware 1.40
Database version: 2578
Windows 5.1.2600 Service Pack 2 (Safe Mode)

08/08/2009 14:14:58
mbam-log-2009-08-08 (14-14-58).txt

Scan type: Quick Scan
Objects scanned: 93294
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrcbvxyaiq.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)


Après nettoyage, XP ne veut plus démarrer qu'en mode sans échec sinon c'est écran bleu (pas le temps de lire) et reboot... :cry: 

Merci de m'aider car du 800x600 sur un 24" c'est un peu galère... :fou: 
8 Août 2009 14:48:48

En restaurant C:\autorun.inf J'ai retrouvé XP en mode normal. :) 

Voici le rapport HiJackThis après utilisation de Malwarebytes :

Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:37, on 08/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
f:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SAM\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9cce6f93572c6) (gupdate1c9cce6f93572c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - f:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11108 bytes



Et voici mon répertoire Temp :



Des GUR sont apparus en sus... :cry: 
9 Août 2009 00:37:06

Personne pour m'aider ? :( 
a c 275 8 Sécurité
9 Août 2009 00:47:13

Bonjour,


1/

  • Démarre Spybot, clique sur Mode, coche Mode avancé.
  • A gauche, clique sur Outils, puis sur Résident.
  • Décoche la case devant Résident "TeaTimer" :

  • Quitte Spybot.


    2/

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    9 Août 2009 00:56:01

    Merci de m'aider à cette heure tardive. :) 

    Je reviens avec mon rapport. ;) 
    a c 275 8 Sécurité
    9 Août 2009 01:04:43

    Si ComboFix ne se lance pas, renomme-le en IDN puis relance-le.
    Anonyme
    9 Août 2009 01:16:53

    ou renomme-le en destrio ^^
    9 Août 2009 01:56:28

    Il s'est bien lancé mais nécessitait un reboot suite à ces 5 "geyek..." :

    c:\windows\system32\drivers\geyekrwwkbwtse.sys
    c:\windows\system32\geyekrcbvxyaiq.dll
    c:\windows\system32\geyekrwenxvrae.dat
    c:\windows\system32\geyekrxtimxbny.dat
    c:\windows\system32\geyekryhipypgq.dll


    Au redémarrage, Antivir a fait des siennes sur les stages 2,3,4 et 5 : --> ignorés et enfin le rapport est arrivé :

    Citation :
    ComboFix 09-08-07.09 - SAM 09/08/2009 1:10.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2852 [GMT 2:00]
    Running from: c:\documents and settings\SAM\Mes documents\Téléchargements\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\program files\AskSearch\bin\DefaultSearch.dll
    c:\program files\INSTALL.LOG
    c:\recycler\S-1-5-21-1454471165-1383384898-725345543-1003
    c:\recycler\S-1-5-21-1454471165-1383384898-725345543-500
    c:\recycler\S-1-5-21-1645522239-1220945662-725345543-1003
    c:\recycler\S-1-5-21-1715567821-1647877149-725345543-1003
    c:\recycler\S-1-5-21-73586283-1078145449-839522115-1003
    c:\windows\system32\drivers\geyekrwwkbwtse.sys
    c:\windows\system32\geyekrcbvxyaiq.dll
    c:\windows\system32\geyekrwenxvrae.dat
    c:\windows\system32\geyekrxtimxbny.dat
    c:\windows\system32\geyekryhipypgq.dll
    E:\autorun.inf
    c:\windows\system32\drivers\str.sys . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_geyekrxnsvrcri
    -------\Legacy_geyekrxnsvrcri


    ((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
    .

    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Favoris
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Bureau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----r- c:\documents and settings\Administrateur\Menu Démarrer
    2009-08-07 12:46 . 2009-05-04 15:45 -------- d--h--w- c:\documents and settings\Administrateur\Modèles
    2009-08-07 12:46 . 2009-08-07 12:47 -------- d-----w- c:\documents and settings\Administrateur
    2009-08-07 12:24 . 2009-08-07 12:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\17547034
    2009-08-07 11:15 . 2009-08-07 11:15 -------- d-----w- c:\documents and settings\SAM\Application Data\Image Zone Express
    2009-08-02 06:12 . 2009-08-02 06:12 249856 ------w- c:\windows\Setup1.exe
    2009-08-02 06:12 . 2009-08-02 06:12 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-08-02 02:40 . 2009-08-08 00:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-08-02 02:34 . 2009-08-02 02:40 36684 ----a-w- c:\windows\DIIUnin.dat
    2009-08-02 02:34 . 2009-08-02 02:34 2829 ----a-w- c:\windows\DIIUnin.pif
    2009-08-02 02:34 . 2009-08-02 02:34 102400 ----a-w- c:\windows\DIIUnin.exe
    2009-08-02 02:01 . 2009-08-02 02:35 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-08-02 02:01 . 2009-08-02 02:35 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-08-02 02:01 . 2009-08-02 02:35 12067 ----atw- c:\windows\system32\SIntf16.dll
    2009-07-27 23:48 . 2009-07-27 23:48 -------- d-----w- C:\Beta World Editor 32 bit -128 by128 -png Beta
    2009-07-22 18:07 . 2009-07-22 18:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\Media Player Classic
    2009-07-19 13:42 . 2009-07-19 13:44 -------- d-----w- c:\program files\SH3 Mini Tweaker
    2009-07-18 06:36 . 2009-07-31 22:39 -------- d-----w- c:\documents and settings\SAM\Local Settings\Application Data\Temp
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\documents and settings\SAM\Application Data\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
    2009-07-10 17:09 . 2009-08-01 20:28 -------- d-----w- c:\program files\Crawler

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-08 23:23 . 2009-05-06 13:51 -------- d-----w- c:\program files\DNA
    2009-08-08 23:23 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\DNA
    2009-08-08 22:52 . 2009-05-04 20:20 -------- d-----w- c:\program files\XnView
    2009-08-08 12:00 . 2009-08-08 12:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\documents and settings\SAM\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2009-08-08 10:04 . 2009-06-14 13:53 -------- d-----w- c:\program files\WinClamAVShield
    2009-08-08 05:44 . 2009-06-14 13:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2009-08-08 04:00 . 2009-06-14 13:43 -------- d-----w- c:\documents and settings\SAM\Application Data\Spyware Terminator
    2009-08-07 20:21 . 2009-05-04 21:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
    2009-08-07 18:59 . 2009-05-29 18:03 -------- d-----w- c:\program files\SpeedFan
    2009-08-07 12:37 . 2009-05-04 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-06 20:17 . 2009-05-22 03:43 -------- d-----w- c:\documents and settings\SAM\Application Data\dvdcss
    2009-08-03 11:36 . 2009-08-08 11:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2009-08-08 11:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 17:33 . 2009-05-06 17:00 -------- d-----w- c:\documents and settings\SAM\Application Data\Skype
    2009-08-02 14:06 . 2009-05-06 17:01 -------- d-----w- c:\documents and settings\SAM\Application Data\skypePM
    2009-07-30 22:47 . 2009-05-06 20:44 -------- d-----w- c:\documents and settings\SAM\Application Data\GigaTribe
    2009-07-27 11:28 . 2009-05-05 14:44 1 ----a-w- c:\documents and settings\SAM\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-07-25 13:26 . 2009-05-22 00:27 -------- d-----w- c:\documents and settings\SAM\Application Data\UseNeXT
    2009-07-23 21:34 . 2009-06-21 08:11 -------- d-----w- c:\program files\OpenAL
    2009-07-23 17:27 . 2009-05-05 03:26 -------- d-----w- c:\documents and settings\SAM\Application Data\GrabIt
    2009-07-10 23:10 . 2009-05-04 16:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-10 23:09 . 2009-06-14 13:34 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
    2009-07-01 23:07 . 2009-05-05 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-01 23:06 . 2009-07-01 23:06 8854 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 40960 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 10134 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
    2009-07-01 15:43 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\BitTorrent
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-06-24 12:54 . 2009-05-22 23:35 -------- d-----w- c:\documents and settings\SAM\Application Data\gtk-2.0
    2009-06-21 08:12 . 2009-06-21 08:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
    2009-06-21 08:11 . 2009-06-21 08:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2009-06-21 08:11 . 2009-06-21 08:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2009-06-15 14:10 . 2009-06-15 14:10 -------- d-----w- c:\program files\GameSpy Arcade
    2009-06-14 13:43 . 2009-06-14 13:43 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-06-14 13:39 . 2009-06-14 13:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
    2009-06-14 13:39 . 2009-06-15 01:43 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-06-14 13:39 . 2009-06-14 13:39 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-06-14 13:36 . 2009-06-14 13:36 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-06-14 13:36 . 2009-06-14 13:36 -------- d-----w- c:\program files\Lavasoft
    2009-06-12 07:04 . 2009-05-04 15:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut4_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut1_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 3774 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\ARPPRODUCTICON.exe
    2009-06-08 14:40 . 2009-05-04 16:28 41256 ----a-w- c:\documents and settings\SAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-14 21:48 . 2009-05-14 21:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-05-12 19:55 . 2009-05-05 11:56 121251 ----a-w- c:\windows\hpoins11.dat
    2003-12-18 09:33 . 2009-05-15 01:41 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 05:46 . 2009-05-15 01:41 10960 ----a-w- c:\program files\EULA.txt
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-07 00:20 . 2009-05-07 00:20 61 --sh--w- c:\windows\cnerolf.dat
    .

    ------- Sigcheck -------

    [-] 2001-08-28 12:00 434176 7486A7D62930D64E83CD847C3C69E7CC c:\windows\$NtServicePackUninstall$\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\system32\winlogon.exe
    [7] 2004-08-19 14:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\VistaMizer\old\winlogon.exe

    [7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2001-08-28 12:00 1873920 8A5E3C21797E4F43301CD3DBE57542D8 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [7] 2004-08-19 14:04 2017280 35567C8C50986C2BC5C3EFD79CB045E4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2017792 0CEAF5FB401082156BE8EBAC8B923995 c:\windows\VistaMizer\old\ntkrnlpa.exe

    [7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2001-08-28 12:00 1902080 561B0E78DB267E69895D4D3E196B9B30 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [7] 2004-08-19 14:04 2150400 36F32A5A83DF734E022734D93860A9A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2009-02-09 11:50 2138112 8D57501F4865CFAC25034939E0FF6F8D c:\windows\VistaMizer\old\ntoskrnl.exe

    [-] 2001-08-28 12:00 13312 F95275CF5E7C30CEA58B0B1B7B40210F c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\system32\ctfmon.exe
    [7] 2004-08-19 14:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\VistaMizer\old\ctfmon.exe

    [-] 2001-08-28 12:00 851968 947E9F85D05DFC633C971D2BB4F05AAF c:\windows\$NtServicePackUninstall$\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\system32\comres.dll
    [7] 2004-08-19 14:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\VistaMizer\old\comres.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-06 321344]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "SpywareTerminatorUpdate"="f:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-06-14 3055616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-01-03 13508608]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-01-03 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
    "SpywareTerminator"="f:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-08 2173440]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-03 1626112]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 25088]

    c:\documents and settings\SAM\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-4 108544]

    c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
    Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "f:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "f:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "f:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    "f:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53:UDP"= 53:UDP:p romo

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/06/2009 15:39 64160]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14/06/2009 15:43 142592]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/05/2009 18:43 108289]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
    R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [14/07/2009 01:26 30152]
    R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [08/05/2009 01:16 16896]
    S2 gupdate1c9cce6f93572c6;Service Google Update (gupdate1c9cce6f93572c6);c:\program files\Google\Update\GoogleUpdate.exe [04/05/2009 20:34 133104]
    S2 qggquw;qggquw;c:\windows\system32\drivers\ykcnfbt.sys --> c:\windows\system32\drivers\ykcnfbt.sys [?]
    S2 zzirin;zzirin;c:\windows\system32\drivers\krhnkfoy.sys --> c:\windows\system32\drivers\krhnkfoy.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [08/08/2009 13:44 38160]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    Notify-WgaLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
    IE: Crawler Search - tbr:iemenu
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
    FF - ProfilePath - c:\docume~1\SAM\APPLIC~1\Mozilla\Firefox\Profiles\9osbqezf.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox|http://www.google.fr/ig?hl=fr&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=6007...
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 01:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\drivers\str.sys 213024 bytes
    c:\windows\system32\drivers\wlnuv.sys 76544 bytes executable

    scan completed successfully
    hidden files: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ezuxmkbffl]
    "ImagePath"="\??\c:\windows\system32\drivers\wlnuv.sys"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,92,d6,0c,1d,
    f6,a8,7b,e2,63,26,f1,3f,c8,ff,68,7a,72,ee,ff,d7,8e,d9,c8,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,76,fb,6e,35,ca,
    27,cd,c1,6a,9c,d6,61,af,45,84,18,8b,c5,e7,47,bb,7a,45,1f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,c3,ab,d2,55,aa,
    6f,a1,6a,ff,7c,85,e0,43,d4,0e,fe,ce,ab,aa,e5,b0,b3,2b,6b,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ef,2f,7a,7c,44,
    d1,2d,00,86,8c,21,01,be,91,eb,e7,00,99,8a,1d,bf,77,dd,b7,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,ab,14,aa,59,
    60,a3,2e,f5,1d,4d,73,a8,13,5c,05,29,fa,00,1f,b3,ea,c0,26,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0c,fc,43,07,0e,
    be,37,39,df,20,58,62,78,6b,cf,c8,81,b9,83,0a,be,e0,c1,28,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5c,82,23,a2,9b,
    c0,0e,26,fb,a7,78,e6,12,2f,9a,ea,e2,05,ad,6b,60,91,0c,aa,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,aa,16,b1,3f,9d,
    04,6e,7a,01,3a,48,fc,e8,04,4a,f1,54,e1,b4,94,97,91,5f,2e,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,0a,6b,5b,bf,
    0a,cc,50,f6,0f,4e,58,98,5b,89,c9,4a,68,86,75,8b,24,0f,14,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,c4,5f,5b,54,f0,
    55,23,6e,3d,ce,ea,26,2d,45,aa,78,08,15,00,cc,d1,67,06,4f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2a,8c,73,02,70,
    e8,6e,91,2a,b7,cc,b5,b9,7f,41,e7,9b,14,b7,18,fc,35,fa,80,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c6,1c,21,c1,2f,
    08,50,a5,6c,43,2d,1e,aa,22,2f,9c,4d,d2,c6,c8,77,3b,3a,ae,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(772)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(832)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\psbase.dll

    - - - - - - - > 'explorer.exe'(4716)
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    f:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\rundll32.exe
    c:\program files\TechSmith\Snagit 9\TscHelp.exe
    c:\program files\TechSmith\Snagit 9\SnagPriv.exe
    c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-08 1:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-08 23:31

    Pre-Run: 5 360 975 872 octets libres
    Post-Run: 5 885 263 872 octets libres

    427 --- E O F --- 2009-05-06 03:40


    Pour la barre Crawler, pas la peine de s'inquiéter, je la virerais par la suite (pas eu le temps et je me sers de plus en plus de Chrome, donc...)

    Merci du suivit en tout cas. :) 
    a c 275 8 Sécurité
    9 Août 2009 02:03:29

    /!\ Seul Astina peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Collect::[4]
    c:\windows\system32\drivers\wlnuv.sys
    c:\windows\system32\drivers\ykcnfbt.sys
    c:\windows\system32\drivers\krhnkfoy.sys

    Driver::
    qggquw
    zzirin
    ezuxmkbffl

    File::
    c:\windows\system32\drivers\str.sys

    DirLook::
    c:\docume~1\ALLUSE~1\APPLIC~1\17547034

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    9 Août 2009 02:33:06

    Tout d'abord un grand merci, Destrio5, pour s'occuper de moi de cette façon si exclusive. :wahoo: 

    Ce coup ci c'est Spyware Terminator qui a bloqué un process au redémarrage. Malgré l'avertissement de ComboFix quand à l'utilisation de quelques softs, j'ai arrêté SpyTer. J'espère qu'il n'y aura pas eu d'incidence.

    Voici le rapport :


    Citation :
    ComboFix 09-08-07.09 - SAM 09/08/2009 2:11.2.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2660 [GMT 2:00]
    Running from: c:\documents and settings\SAM\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\SAM\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\system32\drivers\str.sys"

    file zipped: c:\windows\system32\drivers\wlnuv.sys
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\str.sys
    c:\windows\system32\drivers\wlnuv.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EZUXMKBFFL
    -------\Legacy_QGGQUW
    -------\Legacy_ZZIRIN
    -------\Service_qggquw
    -------\Service_zzirin


    ((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
    .

    2009-08-08 12:21 . 2009-08-08 12:21 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Favoris
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Bureau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----r- c:\documents and settings\Administrateur\Menu Démarrer
    2009-08-07 12:46 . 2009-05-04 15:45 -------- d--h--w- c:\documents and settings\Administrateur\Modèles
    2009-08-07 12:46 . 2009-08-07 12:47 -------- d-----w- c:\documents and settings\Administrateur
    2009-08-07 12:24 . 2009-08-07 12:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\17547034
    2009-08-07 11:15 . 2009-08-07 11:15 -------- d-----w- c:\documents and settings\SAM\Application Data\Image Zone Express
    2009-08-02 06:12 . 2009-08-02 06:12 249856 ------w- c:\windows\Setup1.exe
    2009-08-02 06:12 . 2009-08-02 06:12 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-08-02 02:40 . 2009-08-08 00:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-08-02 02:34 . 2009-08-02 02:40 36684 ----a-w- c:\windows\DIIUnin.dat
    2009-08-02 02:34 . 2009-08-02 02:34 2829 ----a-w- c:\windows\DIIUnin.pif
    2009-08-02 02:34 . 2009-08-02 02:34 102400 ----a-w- c:\windows\DIIUnin.exe
    2009-08-02 02:01 . 2009-08-02 02:35 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-08-02 02:01 . 2009-08-02 02:35 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-08-02 02:01 . 2009-08-02 02:35 12067 ----atw- c:\windows\system32\SIntf16.dll
    2009-07-27 23:48 . 2009-07-27 23:48 -------- d-----w- C:\Beta World Editor 32 bit -128 by128 -png Beta
    2009-07-22 18:07 . 2009-07-22 18:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\Media Player Classic
    2009-07-19 13:42 . 2009-07-19 13:44 -------- d-----w- c:\program files\SH3 Mini Tweaker
    2009-07-18 06:36 . 2009-07-31 22:39 -------- d-----w- c:\documents and settings\SAM\Local Settings\Application Data\Temp
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\documents and settings\SAM\Application Data\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
    2009-07-10 17:09 . 2009-08-01 20:28 -------- d-----w- c:\program files\Crawler

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-09 00:20 . 2009-05-06 13:51 -------- d-----w- c:\program files\DNA
    2009-08-09 00:20 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\DNA
    2009-08-08 23:58 . 2009-05-04 20:20 -------- d-----w- c:\program files\XnView
    2009-08-08 12:00 . 2009-08-08 12:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\documents and settings\SAM\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2009-08-08 10:04 . 2009-06-14 13:53 -------- d-----w- c:\program files\WinClamAVShield
    2009-08-08 05:44 . 2009-06-14 13:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2009-08-08 04:00 . 2009-06-14 13:43 -------- d-----w- c:\documents and settings\SAM\Application Data\Spyware Terminator
    2009-08-07 20:21 . 2009-05-04 21:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
    2009-08-07 18:59 . 2009-05-29 18:03 -------- d-----w- c:\program files\SpeedFan
    2009-08-07 12:37 . 2009-05-04 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-06 20:17 . 2009-05-22 03:43 -------- d-----w- c:\documents and settings\SAM\Application Data\dvdcss
    2009-08-03 11:36 . 2009-08-08 11:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2009-08-08 11:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 17:33 . 2009-05-06 17:00 -------- d-----w- c:\documents and settings\SAM\Application Data\Skype
    2009-08-02 14:06 . 2009-05-06 17:01 -------- d-----w- c:\documents and settings\SAM\Application Data\skypePM
    2009-07-30 22:47 . 2009-05-06 20:44 -------- d-----w- c:\documents and settings\SAM\Application Data\GigaTribe
    2009-07-27 11:28 . 2009-05-05 14:44 1 ----a-w- c:\documents and settings\SAM\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-07-25 13:26 . 2009-05-22 00:27 -------- d-----w- c:\documents and settings\SAM\Application Data\UseNeXT
    2009-07-23 21:34 . 2009-06-21 08:11 -------- d-----w- c:\program files\OpenAL
    2009-07-23 17:27 . 2009-05-05 03:26 -------- d-----w- c:\documents and settings\SAM\Application Data\GrabIt
    2009-07-10 23:10 . 2009-05-04 16:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-10 23:09 . 2009-06-14 13:34 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
    2009-07-01 23:07 . 2009-05-05 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-01 23:06 . 2009-07-01 23:06 8854 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 40960 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 10134 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
    2009-07-01 15:43 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\BitTorrent
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-06-24 12:54 . 2009-05-22 23:35 -------- d-----w- c:\documents and settings\SAM\Application Data\gtk-2.0
    2009-06-21 08:12 . 2009-06-21 08:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
    2009-06-21 08:11 . 2009-06-21 08:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2009-06-21 08:11 . 2009-06-21 08:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2009-06-15 14:10 . 2009-06-15 14:10 -------- d-----w- c:\program files\GameSpy Arcade
    2009-06-14 13:43 . 2009-06-14 13:43 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-06-14 13:39 . 2009-06-14 13:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
    2009-06-14 13:39 . 2009-06-15 01:43 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-06-14 13:39 . 2009-06-14 13:39 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-06-14 13:36 . 2009-06-14 13:36 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-06-14 13:36 . 2009-06-14 13:36 -------- d-----w- c:\program files\Lavasoft
    2009-06-12 07:04 . 2009-05-04 15:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut4_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut1_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 3774 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\ARPPRODUCTICON.exe
    2009-06-08 14:40 . 2009-05-04 16:28 41256 ----a-w- c:\documents and settings\SAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-14 21:48 . 2009-05-14 21:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-05-12 19:55 . 2009-05-05 11:56 121251 ----a-w- c:\windows\hpoins11.dat
    2003-12-18 09:33 . 2009-05-15 01:41 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 05:46 . 2009-05-15 01:41 10960 ----a-w- c:\program files\EULA.txt
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-07 00:20 . 2009-05-07 00:20 61 --sh--w- c:\windows\cnerolf.dat
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\docume~1\ALLUSE~1\APPLIC~1\17547034 ----

    2009-08-07 12:25 . 2009-08-07 12:38 56 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\17547034\17547034


    ------- Sigcheck -------

    [-] 2001-08-28 12:00 434176 7486A7D62930D64E83CD847C3C69E7CC c:\windows\$NtServicePackUninstall$\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\system32\winlogon.exe
    [7] 2004-08-19 14:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\VistaMizer\old\winlogon.exe

    [7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2001-08-28 12:00 1873920 8A5E3C21797E4F43301CD3DBE57542D8 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [7] 2004-08-19 14:04 2017280 35567C8C50986C2BC5C3EFD79CB045E4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2017792 0CEAF5FB401082156BE8EBAC8B923995 c:\windows\VistaMizer\old\ntkrnlpa.exe

    [7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2001-08-28 12:00 1902080 561B0E78DB267E69895D4D3E196B9B30 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [7] 2004-08-19 14:04 2150400 36F32A5A83DF734E022734D93860A9A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2009-02-09 11:50 2138112 8D57501F4865CFAC25034939E0FF6F8D c:\windows\VistaMizer\old\ntoskrnl.exe

    [-] 2001-08-28 12:00 13312 F95275CF5E7C30CEA58B0B1B7B40210F c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\system32\ctfmon.exe
    [7] 2004-08-19 14:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\VistaMizer\old\ctfmon.exe

    [-] 2001-08-28 12:00 851968 947E9F85D05DFC633C971D2BB4F05AAF c:\windows\$NtServicePackUninstall$\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\system32\comres.dll
    [7] 2004-08-19 14:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\VistaMizer\old\comres.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-08_23.24.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-09 00:17 . 2009-08-09 00:17 16384 c:\windows\temp\Perflib_Perfdata_248.dat
    + 2009-08-09 00:15 . 2009-08-09 00:15 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    + 2009-08-09 00:15 . 2009-08-09 00:15 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    + 2009-08-09 00:15 . 2009-08-09 00:15 503808 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-09 00:15 . 2009-08-09 00:15 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
    + 2009-08-09 00:15 . 2009-08-09 00:15 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-09 00:15 . 2009-08-09 00:15 9580544 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-06 321344]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "SpywareTerminatorUpdate"="f:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-06-14 3055616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-01-03 13508608]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-01-03 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
    "SpywareTerminator"="f:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-08 2173440]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-03 1626112]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 25088]

    c:\documents and settings\SAM\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-4 108544]

    c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
    Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "f:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "f:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "f:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    "f:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53:UDP"= 53:UDP:p romo

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/06/2009 15:39 64160]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14/06/2009 15:43 142592]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/05/2009 18:43 108289]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
    R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [14/07/2009 01:26 30152]
    R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [08/05/2009 01:16 16896]
    S2 ezuxmkbffl;ezuxmkbffl;\??\c:\windows\system32\drivers\wlnuv.sys --> c:\windows\system32\drivers\wlnuv.sys [?]
    S2 gupdate1c9cce6f93572c6;Service Google Update (gupdate1c9cce6f93572c6);c:\program files\Google\Update\GoogleUpdate.exe [04/05/2009 20:34 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [08/08/2009 13:44 38160]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
    IE: Crawler Search - tbr:iemenu
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
    FF - ProfilePath - c:\docume~1\SAM\APPLIC~1\Mozilla\Firefox\Profiles\9osbqezf.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox|http://www.google.fr/ig?hl=fr&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=6007...

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 02:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,92,d6,0c,1d,
    f6,a8,7b,e2,63,26,f1,3f,c8,ff,68,7a,72,ee,ff,d7,8e,d9,c8,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,76,fb,6e,35,ca,
    27,cd,c1,6a,9c,d6,61,af,45,84,18,8b,c5,e7,47,bb,7a,45,1f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,c3,ab,d2,55,aa,
    6f,a1,6a,ff,7c,85,e0,43,d4,0e,fe,ce,ab,aa,e5,b0,b3,2b,6b,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ef,2f,7a,7c,44,
    d1,2d,00,86,8c,21,01,be,91,eb,e7,00,99,8a,1d,bf,77,dd,b7,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,ab,14,aa,59,
    60,a3,2e,f5,1d,4d,73,a8,13,5c,05,29,fa,00,1f,b3,ea,c0,26,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0c,fc,43,07,0e,
    be,37,39,df,20,58,62,78,6b,cf,c8,81,b9,83,0a,be,e0,c1,28,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5c,82,23,a2,9b,
    c0,0e,26,fb,a7,78,e6,12,2f,9a,ea,e2,05,ad,6b,60,91,0c,aa,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,aa,16,b1,3f,9d,
    04,6e,7a,01,3a,48,fc,e8,04,4a,f1,54,e1,b4,94,97,91,5f,2e,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,0a,6b,5b,bf,
    0a,cc,50,f6,0f,4e,58,98,5b,89,c9,4a,68,86,75,8b,24,0f,14,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,c4,5f,5b,54,f0,
    55,23,6e,3d,ce,ea,26,2d,45,aa,78,08,15,00,cc,d1,67,06,4f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2a,8c,73,02,70,
    e8,6e,91,2a,b7,cc,b5,b9,7f,41,e7,9b,14,b7,18,fc,35,fa,80,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c6,1c,21,c1,2f,
    08,50,a5,6c,43,2d,1e,aa,22,2f,9c,4d,d2,c6,c8,77,3b,3a,ae,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\cscui.dll

    - - - - - - - > 'lsass.exe'(836)
    c:\windows\system32\setupapi.dll
    c:\windows\system32\psbase.dll

    - - - - - - - > 'explorer.exe'(4092)
    c:\windows\system32\COMRes.dll
    c:\windows\System32\cscui.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    f:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\rundll32.exe
    c:\program files\TechSmith\Snagit 9\TscHelp.exe
    c:\program files\TechSmith\Snagit 9\SnagPriv.exe
    c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-09 2:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-09 00:28
    ComboFix2.txt 2009-08-08 23:31

    Pre-Run: 5 844 979 712 octets libres
    Post-Run: 5 703 614 464 octets libres

    424 --- E O F --- 2009-05-06 03:40

    a c 275 8 Sécurité
    9 Août 2009 02:45:46

    /!\ Seul Astina peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    ezuxmkbffl

    DirLook::
    c:\docume~1\ALLUSE~1\APPLIC~1\17547034\17547034

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    9 Août 2009 03:21:30

    Ce coup là, Check Disk au démarrage...

    Voici le rapport CHKDSK (merci l'apn :sol:  ) si cela peut t'aider :





    Et le rapport CB :

    Citation :
    ComboFix 09-08-07.09 - SAM 09/08/2009 2:51.3.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2594 [GMT 2:00]
    Running from: c:\documents and settings\SAM\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\SAM\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ezuxmkbffl


    ((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
    .

    2009-08-08 12:21 . 2009-08-08 12:21 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage réseau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d--h--w- c:\documents and settings\Administrateur\Voisinage d'impression
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Favoris
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----w- c:\documents and settings\Administrateur\Bureau
    2009-08-07 12:46 . 2009-05-04 16:40 -------- d-----r- c:\documents and settings\Administrateur\Menu Démarrer
    2009-08-07 12:46 . 2009-05-04 15:45 -------- d--h--w- c:\documents and settings\Administrateur\Modèles
    2009-08-07 12:46 . 2009-08-07 12:47 -------- d-----w- c:\documents and settings\Administrateur
    2009-08-07 12:24 . 2009-08-07 12:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\17547034
    2009-08-07 11:15 . 2009-08-07 11:15 -------- d-----w- c:\documents and settings\SAM\Application Data\Image Zone Express
    2009-08-02 06:12 . 2009-08-02 06:12 249856 ------w- c:\windows\Setup1.exe
    2009-08-02 06:12 . 2009-08-02 06:12 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-08-02 02:40 . 2009-08-08 00:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
    2009-08-02 02:34 . 2009-08-02 02:40 36684 ----a-w- c:\windows\DIIUnin.dat
    2009-08-02 02:34 . 2009-08-02 02:34 2829 ----a-w- c:\windows\DIIUnin.pif
    2009-08-02 02:34 . 2009-08-02 02:34 102400 ----a-w- c:\windows\DIIUnin.exe
    2009-08-02 02:01 . 2009-08-02 02:35 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2009-08-02 02:01 . 2009-08-02 02:35 17212 ----atw- c:\windows\system32\SIntf32.dll
    2009-08-02 02:01 . 2009-08-02 02:35 12067 ----atw- c:\windows\system32\SIntf16.dll
    2009-07-27 23:48 . 2009-07-27 23:48 -------- d-----w- C:\Beta World Editor 32 bit -128 by128 -png Beta
    2009-07-22 18:07 . 2009-07-22 18:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\Media Player Classic
    2009-07-19 13:42 . 2009-07-19 13:44 -------- d-----w- c:\program files\SH3 Mini Tweaker
    2009-07-18 06:36 . 2009-07-31 22:39 -------- d-----w- c:\documents and settings\SAM\Local Settings\Application Data\Temp
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\documents and settings\SAM\Application Data\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Viewpoint
    2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
    2009-07-10 17:09 . 2009-08-01 20:28 -------- d-----w- c:\program files\Crawler

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-09 01:04 . 2009-05-06 13:51 -------- d-----w- c:\program files\DNA
    2009-08-09 01:04 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\DNA
    2009-08-09 00:40 . 2009-06-14 13:43 -------- d-----w- c:\documents and settings\SAM\Application Data\Spyware Terminator
    2009-08-09 00:33 . 2009-05-04 20:20 -------- d-----w- c:\program files\XnView
    2009-08-08 12:00 . 2009-08-08 12:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\documents and settings\SAM\Application Data\Malwarebytes
    2009-08-08 11:44 . 2009-08-08 11:44 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2009-08-08 10:04 . 2009-06-14 13:53 -------- d-----w- c:\program files\WinClamAVShield
    2009-08-08 05:44 . 2009-06-14 13:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spyware Terminator
    2009-08-07 20:21 . 2009-05-04 21:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
    2009-08-07 18:59 . 2009-05-29 18:03 -------- d-----w- c:\program files\SpeedFan
    2009-08-07 12:37 . 2009-05-04 16:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-06 20:17 . 2009-05-22 03:43 -------- d-----w- c:\documents and settings\SAM\Application Data\dvdcss
    2009-08-03 11:36 . 2009-08-08 11:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2009-08-08 11:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-02 17:33 . 2009-05-06 17:00 -------- d-----w- c:\documents and settings\SAM\Application Data\Skype
    2009-08-02 14:06 . 2009-05-06 17:01 -------- d-----w- c:\documents and settings\SAM\Application Data\skypePM
    2009-07-30 22:47 . 2009-05-06 20:44 -------- d-----w- c:\documents and settings\SAM\Application Data\GigaTribe
    2009-07-27 11:28 . 2009-05-05 14:44 1 ----a-w- c:\documents and settings\SAM\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-07-25 13:26 . 2009-05-22 00:27 -------- d-----w- c:\documents and settings\SAM\Application Data\UseNeXT
    2009-07-23 21:34 . 2009-06-21 08:11 -------- d-----w- c:\program files\OpenAL
    2009-07-23 17:27 . 2009-05-05 03:26 -------- d-----w- c:\documents and settings\SAM\Application Data\GrabIt
    2009-07-10 23:10 . 2009-05-04 16:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-10 23:09 . 2009-06-14 13:34 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
    2009-07-01 23:07 . 2009-05-05 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-01 23:06 . 2009-07-01 23:06 8854 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 40960 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
    2009-07-01 23:06 . 2009-07-01 23:06 10134 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
    2009-07-01 15:43 . 2009-05-06 13:51 -------- d-----w- c:\documents and settings\SAM\Application Data\BitTorrent
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
    2009-06-26 02:18 . 2009-06-26 02:17 -------- d-----w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-06-26 02:17 . 2009-06-26 02:17 207872 ----a-w- c:\documents and settings\SAM\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-06-24 12:54 . 2009-05-22 23:35 -------- d-----w- c:\documents and settings\SAM\Application Data\gtk-2.0
    2009-06-21 08:12 . 2009-06-21 08:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
    2009-06-21 08:11 . 2009-06-21 08:11 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2009-06-21 08:11 . 2009-06-21 08:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2009-06-15 14:10 . 2009-06-15 14:10 -------- d-----w- c:\program files\GameSpy Arcade
    2009-06-14 13:43 . 2009-06-14 13:43 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-06-14 13:39 . 2009-06-14 13:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
    2009-06-14 13:39 . 2009-06-15 01:43 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-06-14 13:39 . 2009-06-14 13:39 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-06-14 13:36 . 2009-06-14 13:36 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-06-14 13:36 . 2009-06-14 13:36 -------- d-----w- c:\program files\Lavasoft
    2009-06-12 07:04 . 2009-05-04 15:55 -------- d-----w- c:\program files\Fichiers communs\InstallShield
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut4_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 45056 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\NewShortcut1_8D361950BDB340CFB57C53F9F4E5048A.exe
    2009-06-12 04:33 . 2009-06-12 04:33 3774 ----a-r- c:\documents and settings\SAM\Application Data\Microsoft\Installer\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}\ARPPRODUCTICON.exe
    2009-06-08 14:40 . 2009-05-04 16:28 41256 ----a-w- c:\documents and settings\SAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-14 21:48 . 2009-05-14 21:48 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-05-12 19:55 . 2009-05-05 11:56 121251 ----a-w- c:\windows\hpoins11.dat
    2003-12-18 09:33 . 2009-05-15 01:41 20102 ----a-w- c:\program files\Readme.txt
    2003-09-03 05:46 . 2009-05-15 01:41 10960 ----a-w- c:\program files\EULA.txt
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-07 00:20 . 2009-05-07 00:20 61 --sh--w- c:\windows\cnerolf.dat
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\docume~1\ALLUSE~1\APPLIC~1\17547034\17547034 ----



    ------- Sigcheck -------

    [-] 2001-08-28 12:00 434176 7486A7D62930D64E83CD847C3C69E7CC c:\windows\$NtServicePackUninstall$\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\ServicePackFiles\i386\winlogon.exe
    [-] 2008-04-14 02:34 512000 DD73D6B9F6B4CB630CF35B438B540174 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
    [-] 2004-08-19 14:10 546304 43EBD7D863968DCACA9627E7605C4770 c:\windows\system32\winlogon.exe
    [7] 2004-08-19 14:10 506368 123EEA158F74D0F67A51DCDF065D1091 c:\windows\VistaMizer\old\winlogon.exe

    [7] 2005-03-02 18:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-09 11:42 2065024 0150FE5C1E07F8AE422FEC6C8E8A0C98 c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-10 17:06 2068096 F751E041E682F53EAF34F7FAEA78994D c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
    [7] 2009-02-09 11:17 2068224 ED5E20AE4AC5A63A4FF43FFE704A5153 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [-] 2001-08-28 12:00 1873920 8A5E3C21797E4F43301CD3DBE57542D8 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [7] 2004-08-19 14:04 2017280 35567C8C50986C2BC5C3EFD79CB045E4 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2059776 663D7167ED065786EC9DCFF2569A39F7 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [-] 2008-04-14 02:07 2067968 B71A8F101CEFAF82FC5EC16130A54A3F c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\ntkrnlpa.exe
    [-] 2009-02-09 11:50 2277376 E96EDCF692A85C16546DB021C4527B4C c:\windows\system32\dllcache\ntkrnlpa.exe
    [7] 2009-02-09 11:50 2017792 0CEAF5FB401082156BE8EBAC8B923995 c:\windows\VistaMizer\old\ntkrnlpa.exe

    [7] 2005-03-02 18:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:43 2188160 B55AA66BC9269BC5257B915FFDAA790B c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
    [7] 2009-02-09 11:24 2191104 AB896577F35CF5FED7A9F87D3C3205ED c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
    [7] 2009-02-10 17:16 2191232 BEF458B8424553279E95E250D1E0CE7E c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [-] 2001-08-28 12:00 1902080 561B0E78DB267E69895D4D3E196B9B30 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [7] 2004-08-19 14:04 2150400 36F32A5A83DF734E022734D93860A9A4 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [7] 2009-02-09 11:50 2182528 4183ED119200F8520F5E834498AFB927 c:\windows\Driver Cache\i386\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [-] 2008-04-14 02:08 2191104 099D639DA1EF6968D4E41795BB507E6B c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\ntoskrnl.exe
    [-] 2009-02-09 11:50 2397696 BC21BB950393BCA5C8EF7AEBB2D97C0F c:\windows\system32\dllcache\ntoskrnl.exe
    [7] 2009-02-09 11:50 2138112 8D57501F4865CFAC25034939E0FF6F8D c:\windows\VistaMizer\old\ntoskrnl.exe

    [-] 2001-08-28 12:00 13312 F95275CF5E7C30CEA58B0B1B7B40210F c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\ServicePackFiles\i386\ctfmon.exe
    [-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe
    [-] 2004-08-19 14:09 25088 A1ED191B1274F29C5B7E452624B7F876 c:\windows\system32\ctfmon.exe
    [7] 2004-08-19 14:09 15360 64E41E8FEE655B03E3F19DED21BA5118 c:\windows\VistaMizer\old\ctfmon.exe

    [-] 2001-08-28 12:00 851968 947E9F85D05DFC633C971D2BB4F05AAF c:\windows\$NtServicePackUninstall$\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\ServicePackFiles\i386\comres.dll
    [-] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\comres.dll
    [-] 2004-08-19 14:09 1450496 C6E81EA47D055677D57794098884F53B c:\windows\system32\comres.dll
    [7] 2004-08-19 14:09 851968 E2F47BBB69D1E4E5ED1AF720893B4460 c:\windows\VistaMizer\old\comres.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-08-08_23.24.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-09 01:02 . 2009-08-09 01:02 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
    + 2009-08-09 00:54 . 2009-08-09 00:54 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
    + 2009-08-09 00:54 . 2009-08-09 00:54 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
    + 2009-08-09 00:54 . 2009-08-09 00:54 503808 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
    + 2009-08-09 00:54 . 2009-08-09 00:54 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
    + 2009-08-09 00:54 . 2009-08-09 00:54 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
    + 2009-08-09 00:54 . 2009-08-09 00:54 9580544 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-06 321344]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "SpywareTerminatorUpdate"="f:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-06-14 3055616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-01-03 13508608]
    "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-01-03 86016]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
    "SpywareTerminator"="f:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-08 2173440]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-03 1626112]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 25088]

    c:\documents and settings\SAM\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-4 108544]

    c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
    Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "f:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "f:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "c:\\WINDOWS\\system32\\dpnsvr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "f:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
    "f:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53:UDP"= 53:UDP:p romo

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/06/2009 15:39 64160]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14/06/2009 15:43 142592]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/05/2009 18:43 108289]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
    R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [14/07/2009 01:26 30152]
    R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [08/05/2009 01:16 16896]
    S2 gupdate1c9cce6f93572c6;Service Google Update (gupdate1c9cce6f93572c6);c:\program files\Google\Update\GoogleUpdate.exe [04/05/2009 20:34 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [08/08/2009 13:44 38160]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
    IE: Crawler Search - tbr:iemenu
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
    FF - ProfilePath - c:\docume~1\SAM\APPLIC~1\Mozilla\Firefox\Profiles\9osbqezf.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/#inbox|http://www.google.fr/ig?hl=fr&source=iglk
    FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=6007...

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-09 03:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,92,d6,0c,1d,
    f6,a8,7b,e2,63,26,f1,3f,c8,ff,68,7a,72,ee,ff,d7,8e,d9,c8,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,76,fb,6e,35,ca,
    27,cd,c1,6a,9c,d6,61,af,45,84,18,8b,c5,e7,47,bb,7a,45,1f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,c3,ab,d2,55,aa,
    6f,a1,6a,ff,7c,85,e0,43,d4,0e,fe,ce,ab,aa,e5,b0,b3,2b,6b,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,ef,2f,7a,7c,44,
    d1,2d,00,86,8c,21,01,be,91,eb,e7,00,99,8a,1d,bf,77,dd,b7,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1b,ab,14,aa,59,
    60,a3,2e,f5,1d,4d,73,a8,13,5c,05,29,fa,00,1f,b3,ea,c0,26,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0c,fc,43,07,0e,
    be,37,39,df,20,58,62,78,6b,cf,c8,81,b9,83,0a,be,e0,c1,28,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5c,82,23,a2,9b,
    c0,0e,26,fb,a7,78,e6,12,2f,9a,ea,e2,05,ad,6b,60,91,0c,aa,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,aa,16,b1,3f,9d,
    04,6e,7a,01,3a,48,fc,e8,04,4a,f1,54,e1,b4,94,97,91,5f,2e,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,1e,0a,6b,5b,bf,
    0a,cc,50,f6,0f,4e,58,98,5b,89,c9,4a,68,86,75,8b,24,0f,14,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,c4,5f,5b,54,f0,
    55,23,6e,3d,ce,ea,26,2d,45,aa,78,08,15,00,cc,d1,67,06,4f,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2a,8c,73,02,70,
    e8,6e,91,2a,b7,cc,b5,b9,7f,41,e7,9b,14,b7,18,fc,35,fa,80,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c6,1c,21,c1,2f,
    08,50,a5,6c,43,2d,1e,aa,22,2f,9c,4d,d2,c6,c8,77,3b,3a,ae,6c,43,2d,1e,aa,22,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    f:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\system32\rundll32.exe
    c:\program files\TechSmith\Snagit 9\TscHelp.exe
    c:\program files\TechSmith\Snagit 9\SnagPriv.exe
    c:\program files\TechSmith\Snagit 9\SnagitEditor.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-09 3:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-09 01:11
    ComboFix2.txt 2009-08-09 00:28
    ComboFix3.txt 2009-08-08 23:31

    Pre-Run: 5 708 935 168 octets libres
    Post-Run: 5 678 309 376 octets libres

    391 --- E O F --- 2009-05-06 03:40






    9 Août 2009 03:25:39

    Précision :

    Sur le E: se trouve une image de C: datant d'un mois environ. ;) 
    a c 275 8 Sécurité
    9 Août 2009 03:29:02

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Relance MBAM, va dans Quarantaine et supprime tout.

    Ton PC va comment ?

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    9 Août 2009 03:41:43

    Destrio5 a dit :
  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Relance MBAM, va dans Quarantaine et supprime tout.

    Ton PC va comment ?


  • Apparemment tout est ok :

    Rapport MBAM :

    Citation :
    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2578
    Windows 5.1.2600 Service Pack 2

    09/08/2009 03:35:55
    mbam-log-2009-08-09 (03-35-55).txt

    Type de recherche: Examen rapide
    Eléments examinés: 93456
    Temps écoulé: 3 minute(s), 13 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)



    Rapport RSIT :


    Citation :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by SAM at 2009-08-09 03:39:59
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 9 GB (11%) free of 79 GB
    Total RAM: 3327 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:40:14, on 09/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    f:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
    C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
    C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SAM\Mes documents\Downloads\RSIT.exe
    C:\Documents and Settings\SAM\Bureau\SAM.exe
    C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service Google Update (gupdate1c9cce6f93572c6) (gupdate1c9cce6f93572c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - f:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10401 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
    SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17 68936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
    C:\PROGRA~1\Crawler\ctbr.dll [2009-06-26 1215488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-22 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-06 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-06 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
    {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\ctbr.dll [2009-06-26 1215488]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-01-03 13508608]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-01-03 86016]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-06 148888]
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
    "SpywareTerminator"=F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-08 2173440]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-04 39408]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-05-06 321344]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
    "SpywareTerminatorUpdate"=F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-06-14 3055616]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 25088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPSKEYS]
    C:\Program Files\Vpskeys\vpskeys.exe [2003-03-29 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Snagit 9.lnk - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe

    C:\Documents and Settings\SAM\Menu Démarrer\Programmes\Démarrage
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "F:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="F:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
    "C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
    "F:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="F:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
    "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:p innacle VideoSpin"
    "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:D isabled:Crawler Spyware Terminator"
    "F:\Program Files\Codemasters\GRID\GRID.exe"="F:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-08-09 03:39:59 ----D---- C:\rsit
    2009-08-09 03:32:16 ----SD---- C:\ComboFix
    2009-08-09 03:11:57 ----SHD---- C:\RECYCLER
    2009-08-09 03:11:36 ----A---- C:\ComboFix.txt
    2009-08-09 02:15:10 ----D---- C:\WINDOWS\temp
    2009-08-09 01:00:43 ----D---- C:\WINDOWS\ERDNT
    2009-08-08 14:20:38 ----D---- C:\WINDOWS\CSC
    2009-08-08 13:59:33 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-08 13:44:07 ----D---- C:\Documents and Settings\SAM\Application Data\Malwarebytes
    2009-08-08 13:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-07 14:24:50 ----D---- C:\Documents and Settings\All Users\Application Data\17547034
    2009-08-07 13:15:28 ----D---- C:\Documents and Settings\SAM\Application Data\Image Zone Express
    2009-08-02 08:12:43 ----N---- C:\WINDOWS\Setup1.exe
    2009-08-02 08:12:41 ----A---- C:\WINDOWS\ST6UNST.EXE
    2009-08-02 04:40:43 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2009-08-02 04:34:12 ----A---- C:\WINDOWS\DIIUnin.exe
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2009-07-28 01:48:27 ----D---- C:\Beta World Editor 32 bit -128 by128 -png Beta
    2009-07-23 01:21:48 ----A---- C:\WINDOWS\wininit.ini
    2009-07-19 15:42:55 ----D---- C:\Program Files\SH3 Mini Tweaker
    2009-07-14 01:26:19 ----D---- C:\Documents and Settings\SAM\Application Data\Viewpoint
    2009-07-14 01:26:07 ----D---- C:\Program Files\Viewpoint
    2009-07-14 01:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2009-07-10 19:09:58 ----D---- C:\Program Files\Crawler

    ======List of files/folders modified in the last 1 months======

    2009-08-09 03:35:03 ----D---- C:\Documents and Settings\SAM\Application Data\DNA
    2009-08-09 03:32:29 ----D---- C:\WINDOWS
    2009-08-09 03:32:23 ----D---- C:\WINDOWS\system32
    2009-08-09 03:24:24 ----D---- C:\Documents and Settings\SAM\Application Data\Spyware Terminator
    2009-08-09 03:16:30 ----D---- C:\Program Files\XnView
    2009-08-09 03:11:38 ----D---- C:\WINDOWS\system32\drivers
    2009-08-09 03:04:49 ----D---- C:\Program Files\DNA
    2009-08-09 03:04:38 ----A---- C:\WINDOWS\system.ini
    2009-08-09 03:02:34 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-09 03:02:21 ----SD---- C:\WINDOWS\Tasks
    2009-08-09 02:55:03 ----D---- C:\WINDOWS\system32\config
    2009-08-09 02:53:45 ----D---- C:\WINDOWS\AppPatch
    2009-08-09 02:53:40 ----D---- C:\Program Files\Fichiers communs
    2009-08-09 02:50:47 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-09 01:29:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-09 01:23:23 ----D---- C:\WINDOWS\Prefetch
    2009-08-09 01:18:03 ----RD---- C:\Program Files
    2009-08-09 00:35:24 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-08 12:04:46 ----D---- C:\Program Files\WinClamAVShield
    2009-08-08 07:44:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-08-07 22:21:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-08-07 20:59:59 ----D---- C:\Program Files\SpeedFan
    2009-08-07 14:46:34 ----D---- C:\Documents and Settings
    2009-08-07 14:37:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-08-07 14:27:50 ----D---- C:\WINDOWS\Minidump
    2009-08-06 22:17:24 ----D---- C:\Documents and Settings\SAM\Application Data\dvdcss
    2009-08-05 16:35:28 ----SHD---- C:\WINDOWS\Installer
    2009-08-05 16:35:28 ----HD---- C:\Config.Msi
    2009-08-02 19:33:56 ----D---- C:\Documents and Settings\SAM\Application Data\Skype
    2009-08-02 16:06:38 ----D---- C:\Documents and Settings\SAM\Application Data\skypePM
    2009-07-31 00:47:31 ----D---- C:\Documents and Settings\SAM\Application Data\GigaTribe
    2009-07-25 15:26:48 ----D---- C:\Documents and Settings\SAM\Application Data\UseNeXT
    2009-07-23 23:34:12 ----D---- C:\Program Files\OpenAL
    2009-07-23 19:27:25 ----D---- C:\Documents and Settings\SAM\Application Data\GrabIt
    2009-07-23 01:21:47 ----D---- C:\WINDOWS\system
    2009-07-22 15:29:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-07-11 01:36:20 ----D---- C:\WINDOWS\repair
    2009-07-11 01:35:51 ----D---- C:\WINDOWS\Registration
    2009-07-11 01:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-11 01:09:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-03 59136]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-02 4394496]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-01-03 7077344]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
    R3 wsvad_driver;WS Audio Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-08-29 16896]
    S3 asonnk9k;asonnk9k; C:\WINDOWS\system32\drivers\asonnk9k.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
    S3 msgame;Activateur de port HID vers manette de jeu Sidewinder; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
    S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-13 185089]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-06 152984]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-01-03 155716]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; f:\Program Files\Spyware Terminator\sp_rsser.exe [2009-06-14 487424]
    R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    S2 gupdate1c9cce6f93572c6;Service Google Update (gupdate1c9cce6f93572c6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 183280]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-08 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

    -----------------EOF-----------------




    Serais-je sauf ? :p 

    a c 275 8 Sécurité
    9 Août 2009 03:50:57

    Bien, peux-tu me poster le rapport info situé dans C:\rsit ?
    9 Août 2009 03:53:38

    Oui, désolé de l'oubli.

    Citation :
    info.txt logfile of random's system information tool 1.06 2009-08-09 03:40:15

    ======Uninstall list======

    Trident-->f:\Program Files\Microsoft Games\Flight Simulator 9\ Trident.exe
    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    AC500 Cargo VC Dirty-->f:\Program Files\Microsoft Games\Flight Simulator 9\AC500 Cargo VC Dirty.exe
    Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AFG_Pilatus_pc12-->f:\Program Files\Microsoft Games\Flight Simulator 9\AFG_Pilatus_pc12.exe
    AnalogX DLLArchive-->f:\Program Files\AnalogX\DLLArchive\dllarchu.exe
    Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Architecture 3D - 2.1.3 (version gratuite)-->"f:\Program Files\LiveCAD\Architecture 3D - 2 (version gratuite)\unins000.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    Bell 205A-1 Iroquois - N10RF-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller Bell 205A-1 Iroquois - N10RF.exe
    Bell 430-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller Bell 430.exe
    Beta World Editor 32 bit -128 by128 -png Beta-->C:\Beta World Editor 32 bit -128 by128 -png Beta\Uninstal.exe
    Boeing 737-200 American Airlines-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller Boeing 737-200 American Airlines.exe
    Boeing F/A 18E Super Hornet-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller Boeing F-A 18E Super Hornet.exe
    Boeing iFly747-400-->f:\Program Files\Microsoft Games\Flight Simulator 9\Boeing iFly747-400.exe
    Cars Demo-->MsiExec.exe /X{8D361950-BDB3-40CF-B57C-53F9F4E5048A}
    Cars-->F:\Program Files\THQ\Disney-Pixar\Cars\_uninst\uninstaller.exe
    CCleaner (remove only)-->"f:\Program Files\CCleaner\uninst.exe"
    Cessna 206H1-->f:\Program Files\Microsoft Games\Flight Simulator 9\Cessna_206H1.exe
    Chipmunk-->f:\Program Files\Microsoft Games\Flight Simulator 9\Chipmunk.exe
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
    Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
    DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    Dassault Mercure-->f:\Program Files\Microsoft Games\Flight Simulator 9\Dassault Mercure.exe
    DC-6B_Transocean_Air_Lines_1953-->f:\Program Files\Microsoft Games\Flight Simulator 9\DC-6B_Transocean_Air_Lines_1953.exe
    DHC2 Beaver Alaska Tours flotteurs -->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller DHC2 Beaver Alaska Tours flotteurs.exe
    Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DriveImage XML (Private Edition)-->"f:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "f:\Program Files\Runtime Software\DriveImage XML\install.log" -u
    Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
    EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    Fairchild 24 R2-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller Fairchild 24 R2.exe
    falcon50-->f:\Program Files\Microsoft Games\Flight Simulator 9\falcon50.exe
    FSDS2_Gloster_Meteor_T7_203_AFS-->f:\Program Files\Microsoft Games\Flight Simulator 9\FSDS2_Gloster_Meteor_T7_203_AFS.exe
    GameShadow-->MsiExec.exe /I{D98C9637-93DA-44DB-B73A-B11A1192AB26}
    GigaTribe 2.52-->"C:\Program Files\GigaTribe\unins000.exe"
    GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
    Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.39\Installer\setup.exe" --uninstall --system-level
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
    GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
    GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x040c -removeonly
    Hero Editor V0.95-->C:\WINDOWS\st6unst.exe -n "F:\Program Files\Hero Editor\ST6UNST.LOG"
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Documents and Settings\SAM\Bureau\HijackThis.exe" /uninstall
    Homeworld2-->f:\Program Files\Sierra\Homeworld2\uninstall.exe
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
    HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    ImageShack Uploader-->MsiExec.exe /I{49B7369A-A5EF-4F12-991B-1810AD0DA75A}
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    IsoBuster 2.5-->"f:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    L-410 UVP-T-->f:\Program Files\Microsoft Games\Flight Simulator 9\L-410 UVP-T.exe
    La flotte Air France 1.0.4-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{47BCF~1\Setup.exe /remove /q0
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lockheed L1011 Tristar-->f:\Program Files\Microsoft Games\Flight Simulator 9\Lockheed L1011 Tristar.exe
    Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
    Malwarebytes' Anti-Malware-->"f:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Maule M7-260-->f:\Program Files\Microsoft Games\Flight Simulator 9\Maule M7-260.exe
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Flight Simulator 2004 Un siècle d'aviation-->"F:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
    Microsoft Flight Simulator X: Acceleration-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {A9729B90-D37B-4A69-B66A-7436AC1F7274}
    Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{A9729B90-D37B-4A69-B66A-7436AC1F7274}
    Microsoft Flight Simulator X-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    MiG-31 Firefox-->f:\Program Files\Microsoft Games\Flight Simulator 9\Désinstaller MiG-31 Firefox.exe
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Mise à jour pour Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Multi Virus Cleaner 2009-->"F:\Program Files\AxBx\Multi Virus Cleaner 2009\unins000.exe"
    NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Picture Package-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
    Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}
    Race Driver 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x40c -removeonly
    Rally Masters-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{318D767D-8A18-4C5D-8238-49F4CBEA0E9E}\setup.exe"
    RCS B-25J RAF-->f:\Program Files\Microsoft Games\Flight Simulator 9\RCS B-25J RAF.exe
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    SEA KING HAR3A-->f:\Program Files\Microsoft Games\Flight Simulator 9\SEA KING HAR3A.exe
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SH3 Mini Tweaker-->"C:\Program Files\SH3 Mini Tweaker\unins000.exe"
    Sikorsky Pavehawk UH-60 Blackhawk FS2004-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{555D4~1\Setup.exe /remove /q0
    Sikorsky S-70A Pack V1 FS2004-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E8BD8~1\Setup.exe /remove /q0
    Silent Hunter III-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1033
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Snagit 9.1.2-->MsiExec.exe /I{B440D659-FECA-4BDD-A12B-5C9F05790FF3}
    Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Spyware Terminator-->"f:\Program Files\Spyware Terminator\unins000.exe"
    SpywareBlaster 4.2-->"F:\Program Files\SpywareBlaster\unins000.exe"
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
    UseNeXT-->"f:\Program Files\UseNeXT\unins000.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u
    VistaMizer 3.1.0.0-->C:\WINDOWS\VistaMizer\Uninstall.exe
    VLC media player 0.9.9-->f:\Program Files\VideoLAN\VLC\uninstall.exe
    Vpskeys 4.3-->"C:\Program Files\Vpskeys\unins000.exe"
    Warzone 2100 EditWorld-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\Warzone2100\UninstEDITOR.isu"
    Warzone 2100-->f:\Program Files\Warzone 2100\uninstall.exe
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinHTTrack Website Copier 3.43-5-->"F:\Program Files\WinHTTrack\unins000.exe"
    Wondershare Streaming Audio Recorder (Build 1.0.1.16)-->"C:\Program Files\Wondershare\Streaming Audio Recorder\unins001.exe"
    Wondershare Streaming Audio Recorder(Build 1.0.1.16)-->"C:\Program Files\Wondershare\Streaming Audio Recorder\unins000.exe"
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    ======Security center information======

    AV: AntiVir Desktop (disabled)

    ======System event log======

    Computer Name: SAM-64X25000
    Event Code: 7036
    Message: Le service FLEXnet Licensing Service est entré dans l'état : arrêté.

    Record Number: 5639
    Source Name: Service Control Manager
    Time Written: 20090622001546.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 7036
    Message: Le service FLEXnet Licensing Service est entré dans l'état : en cours d'exécution.

    Record Number: 5638
    Source Name: Service Control Manager
    Time Written: 20090622001146.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service FLEXnet Licensing Service.

    Record Number: 5637
    Source Name: Service Control Manager
    Time Written: 20090622001146.000000+120
    Event Type: Informations
    User: SAM-64X25000\SAM

    Computer Name: SAM-64X25000
    Event Code: 7036
    Message: Le service Carte de performance WMI est entré dans l'état : arrêté.

    Record Number: 5636
    Source Name: Service Control Manager
    Time Written: 20090621160857.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 7036
    Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

    Record Number: 5635
    Source Name: Service Control Manager
    Time Written: 20090621160857.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: SAM-64X25000
    Event Code: 0
    Message:
    Record Number: 1317
    Source Name: gupdate1c9cce6f93572c6
    Time Written: 20090731194539.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 0
    Message:
    Record Number: 1316
    Source Name: gusvc
    Time Written: 20090731194538.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 0
    Message:
    Record Number: 1315
    Source Name: gusvc
    Time Written: 20090731151511.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 0
    Message:
    Record Number: 1314
    Source Name: gusvc
    Time Written: 20090731151400.000000+120
    Event Type: Informations
    User:

    Computer Name: SAM-64X25000
    Event Code: 0
    Message:
    Record Number: 1313
    Source Name: gusvc
    Time Written: 20090731130700.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\DivX Shared;C:\Program Files\Pinnacle\Shared Files;f:\Program Files\Smart Projects\IsoBuster
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=6b02
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------

    9 Août 2009 04:12:37

    Spybot détecte encore un Win32.Iksmas.ai.

    Un quelconque rapport avec l'infection sus-traitée ?

    Rapport SpyBot :

    Citation :
    Win32.Iksmas.ai: [SBI $06907D50] Réglages (Valeur du Registre, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FWDone

    Win32.Iksmas.ai: [SBI $06907D50] Réglages (Valeur du Registre, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\FWDone

    DoubleClick: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    BlueStreak: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    MediaPlex: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    CasaleMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    BurstMedia: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    AdRevolver: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Zedo: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Statcounter: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    FastClick: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    AdRevolver: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    AdRevolver: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Tradedoubler: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)


    Adviva: Cookie traceur (Chrome: Chrome) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-05-04 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-07-28 advcheck.dll (1.6.3.17)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-07-30 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-08-04 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-08-04 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-07-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-07-14 Includes\Malware.sbi (*)
    2009-08-05 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-08-04 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-07-30 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-08-04 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-07-22 Includes\Trojans.sbi (*)
    2009-08-05 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    a c 275 8 Sécurité
    9 Août 2009 04:55:05

  • Désinstalle DAEMON Tools Toolbar, Java 6 Update 7 et Java 6 Update 13.

  • Mets à jour Java.

  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    9 Août 2009 07:13:30

    Je te pensais couché. :ange:  J'ai dormit une paire d'heures et j'ai lancé le scan il y a 5 minutes.

    Il en a pour plusieurs heures (2.3To de capacitée et env. 1.8To d'utilisés)...

    A plus, donc, et encore merci pour ton aide précieuse. :p 
    a c 275 8 Sécurité
    9 Août 2009 07:26:28

    Tu es embêté par Ask Toolbar ?
    9 Août 2009 07:33:04

    Jamais vue. Sous IE ? Parce que je ne l'utilise jamais...
    a c 275 8 Sécurité
    9 Août 2009 07:38:01

    Si tu veux, on fera un nettoyage avec Ad-Remover.
    9 Août 2009 07:42:02

    Pas de problème. Je te suivrais jusqu'en enfer. :D 

    AntiVir : 4.7% pour 34min... Aucun résultat pour l'instant.
    9 Août 2009 16:04:52

    Antivir a planté 2 fois sur le E: (sur lequel il n'y avait que l'image de C: ). CHKDSK à chaque fois mais devant le second plantage, j'ai effacé la partition et formaté : rien d'important sur ce disque.

    Voilà le rapport. Rien de neuf sous le soleil : je les connaissais tous, ils sont vieux et certains sont des faux positifs. Pas de quoi être fier non plus :whistle:  (ce qui explique le spoiler :sol:  ) :


    Spoiler



    Avira AntiVir Personal
    Date de création du fichier de rapport : dimanche 9 août 2009 10:54

    La recherche porte sur 1618860 souches de virus.

    Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
    Numéro de série : 0000149996-ADJIE-0000001
    Plateforme : Windows XP
    Version de Windows : (Service Pack 2) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur : SAM-64X25000

    Informations de version :
    BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
    AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
    LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 17:09:24
    ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 03/08/2009 18:19:06
    ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 07/08/2009 22:35:41
    Version du moteur : 8.2.0.248
    AEVDF.DLL : 8.1.1.1 106868 Bytes 04/05/2009 16:45:42
    AESCRIPT.DLL : 8.1.2.23 455033 Bytes 08/08/2009 22:35:49
    AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 17:59:22
    AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 16:52:05
    AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 16:45:16
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 16:47:26
    AEHEUR.DLL : 8.1.0.154 1917302 Bytes 08/08/2009 22:35:49
    AEHELP.DLL : 8.1.5.3 233846 Bytes 22/07/2009 17:59:21
    AEGEN.DLL : 8.1.1.55 356723 Bytes 08/08/2009 22:35:43
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
    AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 17:59:19
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 13/07/2009 16:50:30
    RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Contrôle intégral du système
    Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: ignorer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:, D:, E:, F:, H:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: arrêt
    Fichier mode de recherche.....................: Tous les fichiers
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: moyen

    Début de la recherche : dimanche 9 août 2009 10:54

    La recherche d'objets cachés commence.
    '42383' objets ont été contrôlés, '0' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'chrome.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ViewMgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SnagitEditor.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SnagPriv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'TscHelp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ViewpointService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Snagit32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SpywareTerminatorUpdate.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'btdna.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SpywareTerminatorShield.Exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AAWTray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sp_rsser.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'HPZipm12.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AAWService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '47' processus ont été contrôlés avec '47' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD2
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD3
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD4
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'E:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'F:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'H:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    Le registre a été contrôlé ( '59' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\' <80Go>
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\WINDOWS\system32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Recherche débutant dans 'D:\' <1To>
    D:\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [0] Type d'archive: RAR SFX (self extracting)
    --> findkey.exe
    [RESULTAT] Contient le cheval de Troie TR/Agent.542720.C
    D:\Restauration System\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\a-squared Free 2.1.0.12\Quarantine\9d54d3488741fe418a93f11a0c0b0e57.a2q
    [0] Type d'archive: ZIP
    --> WINNT/Downloaded Program Files/PlanetNews2.dll
    [1] Type d'archive: HIDDEN
    --> MEM\AV00031f0a.AV$
    [RESULTAT] Contient le modèle de détection du logiciel espion ou publicitaire ADSPY/Toolbar.NewsGator
    Recherche débutant dans 'E:\' <Nouveau nom>
    Recherche débutant dans 'F:\' <500Go - I>
    F:\80Go\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [0] Type d'archive: RAR SFX (self extracting)
    --> findkey.exe
    [RESULTAT] Contient le cheval de Troie TR/Agent.542720.C
    F:\Program Files\Sim City 4\Batiments\sky2222 bat\st2222.000
    [0] Type d'archive: CAB (Microsoft)
    --> st2222\st-0000-0020-4-0x5ad0e817_0xd92e5a2_0x470000.SC4Model
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    F:\Program Files\Sim City 4\Cheats Sim City Rush Hour\s4d-sc4rh2.zip
    [0] Type d'archive: ZIP
    --> Sim.City.4.Rush.Hour.Expansion.Plus.2.Trainer.exe
    [RESULTAT] Contient le cheval de Troie TR/Keylog.HotKeysHook.BE
    F:\Program Files\Sim City 4\Cheats Sim City Rush Hour\Trainer full money\SimCity4RushHourPLUS2Trainer.rar
    [0] Type d'archive: RAR
    --> Sim.City.4.Rush.Hour.Expansion.Plus.2.Trainer.exe
    [RESULTAT] Contient le cheval de Troie TR/Keylog.HotKeysHook.BE
    F:\Program Files\Sim City 4\Sim city 4 add ons\building\sky2222.zip
    [0] Type d'archive: ZIP
    --> st2222.000
    [1] Type d'archive: CAB (Microsoft)
    --> st2222\st-0000-0020-4-0x5ad0e817_0xd92e5a2_0x470000.SC4Model
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
    Recherche débutant dans 'H:\' <500Go - II>
    H:\80Go\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [0] Type d'archive: RAR SFX (self extracting)
    --> findkey.exe
    [RESULTAT] Contient le cheval de Troie TR/Agent.542720.C
    H:\Arrivés du net\Applications\Jeux\Diablo 2\Diablo 2 CD Key Generator.exe
    [RESULTAT] Contient le modèle de détection du ver WORM/Virtool.BUY
    H:\Arrivés du net\Applications\Jeux\Test Drive Unliminited\MoFunZone.com--test_drive_unlimited_v1_66a_2_trainer.zip
    [0] Type d'archive: ZIP
    --> tduplus2.exe
    [RESULTAT] Contient le cheval de Troie TR/Delf.owj.26
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\Adobe_Photoshop_CS3_Final_Extended.zip
    [0] Type d'archive: ZIP
    --> CS3 keygen.exe
    [RESULTAT] Contient le cheval de Troie TR/Spy.118784.10
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\CS3 keygen.exe
    [RESULTAT] Contient le cheval de Troie TR/Spy.118784.10
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\Adobe_Photoshop_CS3_Final_Extended\CS3 keygen.exe
    [RESULTAT] Contient le cheval de Troie TR/Spy.118784.10
    H:\Arrivés du net\Applications\Utilitaires\Photoshop CS2\Adobe Photoshop CS2 9.0.1Full+crack\Adobe Photoshop CS2 9.0.1.zip
    [0] Type d'archive: ZIP
    --> Keygen/KeyGen.exe
    [RESULTAT] Contient le modèle de détection du ver WORM/Autorun.cxl

    Début de la désinfection :
    D:\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4af7aaa0.qua' !
    D:\Restauration System\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\a-squared Free 2.1.0.12\Quarantine\9d54d3488741fe418a93f11a0c0b0e57.a2q
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab3aa9f.qua' !
    F:\80Go\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b44abd1.qua' !
    F:\Program Files\Sim City 4\Cheats Sim City Rush Hour\s4d-sc4rh2.zip
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ae2aa70.qua' !
    F:\Program Files\Sim City 4\Cheats Sim City Rush Hour\Trainer full money\SimCity4RushHourPLUS2Trainer.rar
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aebaaa5.qua' !
    H:\80Go\Restauration System\Pack.Validation.WGA.Définitif-JiGWaReZ\keyfinder.exe
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4af7aaa1.qua' !
    H:\Arrivés du net\Applications\Jeux\Diablo 2\Diablo 2 CD Key Generator.exe
    [RESULTAT] Contient le modèle de détection du ver WORM/Virtool.BUY
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4adfaaa5.qua' !
    H:\Arrivés du net\Applications\Jeux\Test Drive Unliminited\MoFunZone.com--test_drive_unlimited_v1_66a_2_trainer.zip
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ac4aaab.qua' !
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\Adobe_Photoshop_CS3_Final_Extended.zip
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aedaaa0.qua' !
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\CS3 keygen.exe
    [RESULTAT] Contient le cheval de Troie TR/Spy.118784.10
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4ab1aa8f.qua' !
    H:\Arrivés du net\Applications\Utilitaires\Pack cs3\Adobe CS3\Photoshop\crack\Adobe_Photoshop_CS3_Final_Extended\CS3 keygen.exe
    [RESULTAT] Contient le cheval de Troie TR/Spy.118784.10
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49778268.qua' !
    H:\Arrivés du net\Applications\Utilitaires\Photoshop CS2\Adobe Photoshop CS2 9.0.1Full+crack\Adobe Photoshop CS2 9.0.1.zip
    [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b59a399.qua' !


    Fin de la recherche : dimanche 9 août 2009 12:51
    Temps nécessaire: 1:56:41 Heure(s)

    La recherche a été effectuée intégralement

    18385 Les répertoires ont été contrôlés
    651008 Des fichiers ont été contrôlés
    12 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    12 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    2 Impossible de contrôler des fichiers
    650994 Fichiers non infectés
    3950 Les archives ont été contrôlées
    6 Avertissements
    13 Consignes
    42383 Des objets ont été contrôlés lors du Rootkitscan
    0 Des objets cachés ont été trouvés





    Le C:\WINDOWS\system32\drivers\sptd.sys reste suspect ?
    Vu que DAEMON Tools a été désinstallé, il ne devrait pas laisser ce genre de traces, non ?

    Je veux bien passer par Ad-Remover pour être sur. :p 

    Encore un grand merci pour ta compétence, ton accessibilité (on voit que tu as l'habitude de vulgariser) et ta patience. :) 
    9 Août 2009 17:13:20

    Le rapport Ad-Remover :


    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 16:57:48, 09/08/2009 | Mode Normal | Option: SCAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: SAM-64X25000 | Utilisateur actuel: SAM
    .
    Administrateur: Administrateur
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité *Desactive*
    Administrateur: SAM
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    .
    C:\Program Files\AskSearch
    C:\DOCUME~1\SAM\APPLIC~1\Mozilla\Firefox\Profiles\9osbqezf.default\searchplugins\ask.xml
    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.5.2 *

    Nom du profil: 9osbqezf.default (SAM)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Crawler Search");
    (Prefs.js) user_pref("browser.startup.homepage", "https://mail.google.com/mail/#inbox|hxxp://www.google.fr/ig?hl=fr&source=iglk");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.2");
    .
    .

    * Internet Explorer Version 8.0.6001.18702 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Start Page: hxxp://fr.msn.com/?ocid=iehp

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: tbr:res?id=tabs&rep=1

    .
    ============== Processus Caches/Bloque ==============
    .
    PID: 21780 [HIDDEN] C:\Program Files\Ad-remover\SED.com
    .

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\Windows XP Keygen.exe.d638dcae66aec45eaf64ab43c93912.aawqff
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.005.0000_patch_3.008.004.000.torrent
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.006.0000_patch_3.008.005.000.torrent
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.007.0000_patch_3.008.006.000.torrent
    C:\Documents and Settings\SAM\Application Data\BitTorrent\Microsoft Flight Simulator X working Serial Key.exe.torrent
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Adobe_Photoshop_9.0_CS2_(Serial).zip
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Crack_photoshop_CS2.rar
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Photoshop_CS2.9.0_(Serial).zip
    C:\Documents and Settings\SAM\Mes documents\T‚l‚chargements\diablo_2_patch_non_officiel_v1.02_multi-langues_294168.zip
    .
    ===================================
    .
    3424 Octet(s) - C:\Ad-Report-SCAN.log
    .
    44 Fichier(s) - C:\DOCUME~1\SAM\LOCALS~1\Temp
    22 Fichier(s) - C:\WINDOWS\Temp
    .
    0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 17:09:11 | 09/08/2009
    .
    ============== E.O.F ==============
    .



    C'était juste un scan. Dois-je lancer le nettoyage ?

    a c 275 8 Sécurité
    9 Août 2009 17:38:31

    Tu peux faire l'option L.
    9 Août 2009 17:56:38

    Rapport Ad Remover après nettoyage :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:42:09, 09/08/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: SAM-64X25000 | Utilisateur actuel: SAM
    .
    Administrateur: Administrateur
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité *Desactive*
    Administrateur: SAM
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    .
    C:\Program Files\AskSearch\bin
    C:\Program Files\AskSearch
    C:\DOCUME~1\SAM\APPLIC~1\Mozilla\Firefox\Profiles\9osbqezf.default\searchplugins\ask.xml

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 3.5.2 *

    Nom du profil: 9osbqezf.default (SAM)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Crawler Search");
    (Prefs.js) user_pref("browser.startup.homepage", "https://mail.google.com/mail/#inbox|hxxp://www.google.fr/ig?hl=fr&source=iglk");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.2");
    .
    .

    * Internet Explorer Version 8.0.6001.18702 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Start Page: hxxp://fr.msn.com/?ocid=iehp

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchAssistant: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\Windows XP Keygen.exe.d638dcae66aec45eaf64ab43c93912.aawqff
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.005.0000_patch_3.008.004.000.torrent
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.006.0000_patch_3.008.005.000.torrent
    C:\Documents and Settings\All Users\Application Data\Spyware Terminator\SharedFiles\SPT_38_DB_3.008.007.0000_patch_3.008.006.000.torrent
    C:\Documents and Settings\SAM\Application Data\BitTorrent\Microsoft Flight Simulator X working Serial Key.exe.torrent
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Adobe_Photoshop_9.0_CS2_(Serial).zip
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Crack_photoshop_CS2.rar
    C:\Documents and Settings\SAM\Bureau\Utilitaires\Photoshop_CS2.9.0_(Serial).zip
    C:\Documents and Settings\SAM\Mes documents\T‚l‚chargements\diablo_2_patch_non_officiel_v1.02_multi-langues_294168.zip
    .
    ===================================
    .
    3711 Octet(s) - C:\Ad-Report-CLEAN.log
    3734 Octet(s) - C:\Ad-Report-SCAN.log
    .
    2 Fichier(s) - C:\DOCUME~1\SAM\LOCALS~1\Temp
    20 Fichier(s) - C:\WINDOWS\Temp
    .
    19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    1 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 17:53:39 | 09/08/2009
    .
    ============== E.O.F ==============
    .
    a c 275 8 Sécurité
    9 Août 2009 18:07:52

  • Désinstalle Ad-Remover.

  • Refais un scan RSIT et poste le rapport log.
    9 Août 2009 18:19:03

    Rapport Log :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by SAM at 2009-08-09 18:16:01
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 8 GB (10%) free of 79 GB
    Total RAM: 3327 MB (68% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:16:28, on 09/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    f:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DNA\btdna.exe
    F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
    C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Vpskeys\VPSKEYS.EXE
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\GigaTribe\gigatribe.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\SAM\Bureau\RSIT.exe
    C:\Documents and Settings\SAM\Bureau\SAM.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gc...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service Google Update (gupdate1c9cce6f93572c6) (gupdate1c9cce6f93572c6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - f:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9333 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
    SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17 68936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-22 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-09 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-01-03 13508608]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-01-03 86016]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
    "Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
    "SpywareTerminator"=F:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-08 2173440]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-09 149280]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-04 39408]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-05-06 321344]
    "SpywareTerminatorUpdate"=F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-06-14 3055616]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 25088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPSKEYS]
    C:\Program Files\Vpskeys\vpskeys.exe [2003-03-29 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Snagit 9.lnk - C:\Program Files\TechSmith\Snagit 9\Snagit32.exe

    C:\Documents and Settings\SAM\Menu Démarrer\Programmes\Démarrage
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "F:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="F:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
    "C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
    "F:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="F:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
    "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:p innacle VideoSpin"
    "F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="F:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:D isabled:Crawler Spyware Terminator"
    "F:\Program Files\Codemasters\GRID\GRID.exe"="F:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-08-09 16:57:38 ----D---- C:\Program Files\Ad-remover
    2009-08-09 06:58:59 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-09 06:58:59 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-09 06:58:59 ----A---- C:\WINDOWS\system32\java.exe
    2009-08-09 06:58:36 ----D---- C:\Program Files\Java
    2009-08-09 06:55:42 ----D---- C:\WINDOWS\system32\appmgmt
    2009-08-09 03:39:59 ----D---- C:\rsit
    2009-08-09 03:32:16 ----SD---- C:\ComboFix
    2009-08-09 03:11:57 ----SHD---- C:\RECYCLER
    2009-08-09 03:11:36 ----A---- C:\ComboFix.txt
    2009-08-09 02:15:10 ----D---- C:\WINDOWS\temp
    2009-08-09 01:00:43 ----D---- C:\WINDOWS\ERDNT
    2009-08-08 14:20:38 ----D---- C:\WINDOWS\CSC
    2009-08-08 13:59:33 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-08 13:44:07 ----D---- C:\Documents and Settings\SAM\Application Data\Malwarebytes
    2009-08-08 13:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-07 14:24:50 ----D---- C:\Documents and Settings\All Users\Application Data\17547034
    2009-08-07 13:15:28 ----D---- C:\Documents and Settings\SAM\Application Data\Image Zone Express
    2009-08-02 08:12:43 ----N---- C:\WINDOWS\Setup1.exe
    2009-08-02 08:12:41 ----A---- C:\WINDOWS\ST6UNST.EXE
    2009-08-02 04:40:43 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2009-08-02 04:34:12 ----A---- C:\WINDOWS\DIIUnin.exe
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntf32.dll
    2009-08-02 04:01:53 ----AT---- C:\WINDOWS\system32\SIntf16.dll
    2009-07-28 01:48:27 ----D---- C:\Beta World Editor 32 bit -128 by128 -png Beta
    2009-07-23 01:21:48 ----A---- C:\WINDOWS\wininit.ini
    2009-07-19 15:42:55 ----D---- C:\Program Files\SH3 Mini Tweaker
    2009-07-14 01:26:19 ----D---- C:\Documents and Settings\SAM\Application Data\Viewpoint
    2009-07-14 01:26:07 ----D---- C:\Program Files\Viewpoint
    2009-07-14 01:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

    ======List of files/folders modified in the last 1 months======

    2009-08-09 18:15:07 ----D---- C:\Documents and Settings\SAM\Application Data\DNA
    2009-08-09 18:14:02 ----D---- C:\WINDOWS\system32
    2009-08-09 17:52:22 ----RD---- C:\Program Files
    2009-08-09 17:17:26 ----D---- C:\Program Files\XnView
    2009-08-09 16:58:08 ----D---- C:\WINDOWS\Prefetch
    2009-08-09 14:49:10 ----SD---- C:\WINDOWS\Tasks
    2009-08-09 10:44:48 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-09 10:44:22 ----D---- C:\Program Files\DNA
    2009-08-09 07:34:19 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-09 07:02:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-09 07:01:25 ----D---- C:\WINDOWS
    2009-08-09 06:59:15 ----SHD---- C:\WINDOWS\Installer
    2009-08-09 06:59:06 ----HD---- C:\Config.Msi
    2009-08-09 06:58:40 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-08-09 06:55:36 ----D---- C:\Program Files\Fichiers communs
    2009-08-09 06:54:40 ----D---- C:\Program Files\DAEMON Tools Toolbar
    2009-08-09 06:52:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2009-08-09 06:51:09 ----D---- C:\Documents and Settings\SAM\Application Data\Spyware Terminator
    2009-08-09 04:22:04 ----SHD---- C:\System Volume Information
    2009-08-09 04:22:04 ----D---- C:\WINDOWS\system32\Restore
    2009-08-09 03:11:38 ----D---- C:\WINDOWS\system32\drivers
    2009-08-09 03:04:38 ----A---- C:\WINDOWS\system.ini
    2009-08-09 02:55:03 ----D---- C:\WINDOWS\system32\config
    2009-08-09 02:53:45 ----D---- C:\WINDOWS\AppPatch
    2009-08-09 01:29:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-08 12:04:46 ----D---- C:\Program Files\WinClamAVShield
    2009-08-07 22:21:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-08-07 20:59:59 ----D---- C:\Program Files\SpeedFan
    2009-08-07 14:46:34 ----D---- C:\Documents and Settings
    2009-08-07 14:37:20 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-08-07 14:27:50 ----D---- C:\WINDOWS\Minidump
    2009-08-06 22:17:24 ----D---- C:\Documents and Settings\SAM\Application Data\dvdcss
    2009-08-02 19:33:56 ----D---- C:\Documents and Settings\SAM\Application Data\Skype
    2009-08-02 16:06:38 ----D---- C:\Documents and Settings\SAM\Application Data\skypePM
    2009-07-31 00:47:31 ----D---- C:\Documents and Settings\SAM\Application Data\GigaTribe
    2009-07-25 15:26:48 ----D---- C:\Documents and Settings\SAM\Application Data\UseNeXT
    2009-07-23 23:34:12 ----D---- C:\Program Files\OpenAL
    2009-07-23 19:27:25 ----D---- C:\Documents and Settings\SAM\Application Data\GrabIt
    2009-07-23 01:21:47 ----D---- C:\WINDOWS\system
    2009-07-22 15:29:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-07-11 01:36:20 ----D---- C:\WINDOWS\repair
    2009-07-11 01:35:51 ----D---- C:\WINDOWS\Registration
    2009-07-11 01:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-11 01:09:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
    R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-03 59136]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-02 4394496]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-01-03 7077344]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
    R3 wsvad_driver;WS Audio Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [2008-08-29 16896]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
    S3 msgame;Activateur de port HID vers manette de jeu Sidewinder; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
    S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 17632]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-13 185089]
    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-09 153376]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-01-03 155716]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; f:\Program Files\Spyware Terminator\sp_rsser.exe [2009-06-14 487424]
    R2 Viewpoint Service;Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
    S2 gupdate1c9cce6f93572c6;Service Google Update (gupdate1c9cce6f93572c6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 183280]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-08 654848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

    -----------------EOF-----------------
    a c 275 8 Sécurité
    9 Août 2009 18:28:57

    On a bientôt fini.


    1/

  • Lance ce fichier :
    C:\Documents and Settings\SAM\Bureau\SAM.exe
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/as [...] t=&gc=1&q=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/as [...] &gc=1&q=%s

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Documents and Settings\All Users\Application Data\17547034
    C:\Program Files\DAEMON Tools Toolbar

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    9 Août 2009 18:47:18

    Voici le .log OTM :

    All processes killed
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\17547034 moved successfully.
    C:\Program Files\DAEMON Tools Toolbar moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Google Chrome cache emptied: 7803892 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: SAM
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temp\BCG6.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temp\etilqs_2mGXt5g4vKwPwPKqHnP3 scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temp\Perflib_Perfdata_543c.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temp\Perflib_Perfdata_a10.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 42161 bytes
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\TAWFXCX1\vitality[1].txt scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\GPKQMGMQ\client_ad[1].php scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\GGO8ALM2\client_ad[1].php scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 825895 bytes
    ->Java cache emptied: 13425503 bytes
    ->FireFox cache emptied: 41051330 bytes
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 scheduled to be deleted on reboot.
    ->Google Chrome cache emptied: 51658716 bytes

    %systemdrive% .tmp files removed: 0 bytes
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    %systemroot% .tmp files removed: 1121437 bytes
    %systemroot%\System32 .tmp files removed: 5483304 bytes
    Windows Temp folder emptied: 185542 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 116,01 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 08092009_184028

    Files moved on Reboot...
    File C:\Documents and Settings\SAM\Local Settings\Temp\BCG6.tmp not found!
    File C:\Documents and Settings\SAM\Local Settings\Temp\etilqs_2mGXt5g4vKwPwPKqHnP3 not found!
    File C:\Documents and Settings\SAM\Local Settings\Temp\Perflib_Perfdata_543c.dat not found!
    File C:\Documents and Settings\SAM\Local Settings\Temp\Perflib_Perfdata_a10.dat not found!
    C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\TAWFXCX1\vitality[1].txt moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\GPKQMGMQ\client_ad[1].php moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Temporary Internet Files\Content.IE5\GGO8ALM2\client_ad[1].php moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.

    Registry entries deleted on Reboot...
    a c 275 8 Sécurité
    9 Août 2009 18:48:25

    Plus de souci ?
    9 Août 2009 18:56:06

    Mon Temp est vierge (à part le dernier Perflib_Perfdata, normal).

    Je n'avais rien de visible depuis la disparition de _ex-68.exe (qui me collait un fond d'écran spécifique et un faux scanner de spywares), donc je ne peux te dire. Ca me semble ok. :) 

    Big merci pour ton aide et ton abnégation. Je me demande ce qui te motive. A part aider le néophyte, je ne vois pas trop l'intérêt de ma petite infection pour un expert comme toi. Donc respect.[:_tom_:7]

    Je change mon titre. :) 

    a c 275 8 Sécurité
    9 Août 2009 19:04:25

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    9 Août 2009 19:24:27

    Destrio5 a dit :
    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


  • Voici le rapport de nettoyage :


    [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\Combofix: trouvé !
    C:\_OTM: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\SAM\Bureau\OTM.exe: trouvé !
    C:\Documents and Settings\SAM\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\SAM\Bureau\hijackthis.log: trouvé !
    C:\Documents and Settings\SAM\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\SAM\Mes documents\Downloads\Ad-R.exe: trouvé !
    C:\Documents and Settings\SAM\Mes documents\Downloads\hijackthis.log: trouvé !
    C:\Documents and Settings\SAM\Mes documents\Téléchargements\ComboFix.exe: trouvé !
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\HijackThis: trouvé !
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\hijackthis\HijackThis.exe: trouvé !
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\hijackthis\hijackthis.log: trouvé !
    C:\Program Files\Ad-remover: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\SAM\Bureau\OTM.exe: supprimé !
    C:\Documents and Settings\SAM\Bureau\HijackThis.exe: supprimé !
    C:\Documents and Settings\SAM\Mes documents\Downloads\Ad-R.exe: supprimé !
    C:\Documents and Settings\SAM\Mes documents\Téléchargements\ComboFix.exe: ERREUR DE SUPPRESSION !!
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\hijackthis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\Documents and Settings\SAM\Bureau\hijackthis.log: supprimé !
    C:\Documents and Settings\SAM\Bureau\Rsit.exe: supprimé !
    C:\Documents and Settings\SAM\Mes documents\Downloads\hijackthis.log: supprimé !
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\hijackthis\hijackthis.log: supprimé !
    C:\Combofix: supprimé !
    C:\_OTM: supprimé !
    C:\Rsit: supprimé !
    C:\Phb Donnation\Applis\portappz big v4.0\programmes\securite et cleaners\HijackThis: supprimé !
    C:\Program Files\Ad-remover: supprimé !

    Corbeille vidée!
    Point de restauration crée !
    Fichiers temporaires nettoyés !
    Sauvegarde du registre crée !
    Destrio5 a dit :



    ==Prévention==

    Pour supprimer les popups d'AntiVir : Lien


    Un grand merci. Plutôt énervant le pop-up quotidien. :) 

    Destrio5 a dit :


    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).


    J'ai préféré les désactiver, passer en manuel et désactiver la notification : il m'indiquait SP3 en permanence et je ne compte pas installer cette MAJ. ;) 

    Encore un grand merci pour ton aide Destrio5.[:_tom_:7]

    a c 275 8 Sécurité
    9 Août 2009 19:26:49

    Ok, tu peux supprimer ToolsCleaner.

    Bonne soirée ;) 
    9 Août 2009 19:29:08

    A toi aussi (Vais aller dormir un peu :sleep:  ) ;) .
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS