Se connecter / S'enregistrer
Votre question

Spyware intempestif > infection ? [ résolu ]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Août 2009 13:42:14

Tout d'abord, bonjour à tous.

Alors, voila ma petite histoire.

Je m'étais mis à regarder un anime sur Wat TV, lorsque soudainement, le pc me prévient d'un "Your computer in infected".

bref, un spyware de mon frère, pas grave, je le bousille avec Spybot.

Après double analyse et double élimination, je pensais m'en être débarrassé.

Seulement, il n'a pas fallut d'une seule seconde pour qu'il revienne.

j'ai réessayer avec Virus Removal tool ( de Kaspersky ) et, après six-sept bonne heures d'analyse et de suppression de fichier, le spyware revient encore et toujours.

Voici un peu les "ravages" que fait le spyware en question ~

http://image.netenviesdemariage.com/images/12493875868c...

Bref, j'préfère donc m'en remettre à des experts avant que je fasse une connerie.

D'après la procédure habituelle, il semble que je doive utiliser Rsit ~

Voici donc le double rapport que j'ai fait il y a même pas deux minutes.

info.txt

info.txt logfile of random's system information tool 1.06 2009-08-04 13:22:08

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
C-Steam-->MsiExec.exe /I{BF90901F-9026-4A33-AE47-6F07079AE0BB}
FindyKill-->C:\FindyKill\Uninstal.exe
Free FLV Converter V 6.4.1-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Video Converter V 2.0-->"C:\Program Files\Free Video Converter\unins000.exe"
Freez Screen Video Capture v1.2-->"C:\Program Files\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
GIMP 2.6.6-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hybrid Downloader 1,0,2,6-->C:\Program Files\Persona\uninst.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexmark Z2300 Series-->C:\Program Files\Lexmark Z2300 Series\Install\x86\Uninst.exe
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
SystemSecurity2009-->C:\Documents and Settings\DimitriLan\Menu Démarrer\Programmes\System Security\\System Security
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======System event log======

Computer Name: DIMITRI
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 3385
Source Name: Service Control Manager
Time Written: 20090713103236.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 3384
Source Name: Service Control Manager
Time Written: 20090713103236.000000+120
Event Type: Informations
User: DIMITRI\DimitriLan

Computer Name: DIMITRI
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : arrêté.

Record Number: 3383
Source Name: Service Control Manager
Time Written: 20090713102604.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 3382
Source Name: Service Control Manager
Time Written: 20090713102604.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 3381
Source Name: Service Control Manager
Time Written: 20090713102604.000000+120
Event Type: Informations
User: DIMITRI\DimitriLan

=====Application event log=====

Computer Name: DIMITRI
Event Code: 0
Message:
Record Number: 6232
Source Name: gusvc
Time Written: 20090718151321.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 0
Message:
Record Number: 6231
Source Name: gupdate1c9a633f54d1102
Time Written: 20090718151255.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 0
Message:
Record Number: 6230
Source Name: MSCamSvc
Time Written: 20090718151244.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 1007
Message: Le CLUF a déjà été refusé.

Record Number: 6229
Source Name: WgaSetup
Time Written: 20090718151229.000000+120
Event Type: Informations
User:

Computer Name: DIMITRI
Event Code: 1003
Message: Échec de l'installation. code = 0x800704c7, erreur = L'opération a été annulée par l'utilisateur.


Record Number: 6228
Source Name: WgaSetup
Time Written: 20090718151229.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------




log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by DimitriLan at 2009-08-04 13:22:06
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 36 GB (64%) free of 56 GB
Total RAM: 1279 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:06, on 4/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\DimitriLan\Bureau\installer & setup\RSIT.exe
C:\Program Files\trend micro\DimitriLan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [19471254] C:\Documents and Settings\All Users\Application Data\19471254\19471254.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Insaniquarium%20Deluxe/Images/stg_drm.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv100...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Insaniquarium%20Deluxe/Images/armhelper.ocx
O20 - AppInit_DLLs: ,
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Version Cue CS3 AdobeAlerter (AdobeAlerter) - Unknown owner - C:\WINDOWS\TEMP\hrevftbnnb.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9a633f54d1102) (gupdate1c9a633f54d1102) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9104 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-19 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"MSxmlHpr"=C:\WINDOWS\system32\msxm192z.dll [2004-08-17 28672]
"PromoReg"=C:\WINDOWS\Temp\_ex-68.exe []
"19471254"=C:\Documents and Settings\All Users\Application Data\19471254\19471254 [2009-08-04 56]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=","

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe"="C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2"
"C:\Program Files\Persona\Persona.exe"="C:\Program Files\Persona\Persona.exe:*:Enabled:p ersona"
"C:\Ntreev\Grand Chase\main.exe"="C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:p rinter Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:p rinter Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.bat - edit -
.js - open - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-08-04 13:09:06 ----D---- C:\WINDOWS\LastGood
2009-08-03 23:54:37 ----A---- C:\WINDOWS\wininit.ini
2009-08-03 22:47:41 ----D---- C:\Documents and Settings\All Users\Application Data\19471254
2009-08-02 21:15:11 ----SHD---- C:\Config.Msi
2009-07-29 14:53:18 ----SHD---- C:\WINDOWS\system32\lowsec
2009-07-21 18:00:35 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Auslogics
2009-07-21 18:00:32 ----D---- C:\Program Files\Auslogics
2009-07-21 17:32:11 ----RASHD---- C:\autorun.inf
2009-07-21 17:32:11 ----A---- C:\UsbFix.txt
2009-07-21 15:28:32 ----A---- C:\FindyKill.txt
2009-07-21 02:08:43 ----D---- C:\Program Files\Smallvideosoft
2009-07-21 02:08:43 ----A---- C:\WINDOWS\system32\SkinMagic.dll
2009-07-21 00:50:51 ----ASH---- C:\WINDOWS\system32\1054a.dll
2009-07-12 09:00:18 ----D---- C:\Documents and Settings\DimitriLan\Application Data\.minecraft
2009-07-12 04:36:10 ----D---- C:\Program Files\StepMania
2009-07-09 05:56:07 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-07-09 05:56:05 ----D---- C:\Program Files\Registry Mechanic
2009-07-09 05:53:30 ----D---- C:\Program Files\Microsoft
2009-07-05 16:39:00 ----D---- C:\FindyKill
2009-07-05 16:14:24 ----D---- C:\Program Files\trend micro
2009-07-05 16:14:23 ----D---- C:\rsit
2009-07-05 04:41:46 ----SHD---- C:\WINDOWS\CSC
2009-07-05 03:06:13 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-05 00:47:46 ----A---- C:\WINDOWS\msb.exe
2009-07-05 00:45:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-05 00:45:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-08-04 13:13:46 ----D---- C:\WINDOWS\Temp
2009-08-04 13:13:46 ----D---- C:\WINDOWS\system32
2009-08-04 13:12:37 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 13:10:45 ----D---- C:\Program Files\Symantec AntiVirus
2009-08-04 13:10:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 13:09:06 ----D---- C:\WINDOWS\system32\drivers
2009-08-04 13:09:06 ----D---- C:\WINDOWS
2009-08-04 13:08:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 13:08:07 ----SD---- C:\WINDOWS\Tasks
2009-08-04 13:07:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-04 12:01:17 ----D---- C:\WINDOWS\Prefetch
2009-08-04 01:25:16 ----RD---- C:\Program Files
2009-08-04 01:22:59 ----D---- C:\Ntreev
2009-08-04 01:16:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-04 01:11:47 ----HD---- C:\WINDOWS\inf
2009-08-03 22:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-02 21:16:06 ----SHD---- C:\WINDOWS\Installer
2009-08-01 02:20:11 ----D---- C:\Documents and Settings\DimitriLan\Application Data\gtk-2.0
2009-07-30 17:17:41 ----D---- C:\WINDOWS\Minidump
2009-07-27 15:27:01 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-27 15:26:39 ----D---- C:\Documents and Settings\DimitriLan\Application Data\SystemRequirementsLab
2009-07-26 09:04:11 ----D---- C:\Games
2009-07-26 09:03:32 ----D---- C:\My Games
2009-07-21 17:35:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 17:33:24 ----SHD---- C:\RECYCLER
2009-07-15 11:09:41 ----D---- C:\WINDOWS\system32\wbem
2009-07-11 19:19:17 ----RSD---- C:\WINDOWS\Fonts
2009-07-09 17:08:19 ----SD---- C:\Documents and Settings\DimitriLan\Application Data\Microsoft
2009-07-09 05:59:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-09 05:53:25 ----D---- C:\Program Files\Windows Live
2009-07-09 05:43:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-09 05:36:31 ----D---- C:\Program Files\PopCap Games
2009-07-06 01:16:29 ----D---- C:\Documents and Settings\All Users\Application Data\14910154
2009-07-06 01:03:03 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Google
2009-07-05 04:40:36 ----A---- C:\WINDOWS\DUMP6b5c.tmp
2009-07-05 03:05:03 ----A---- C:\WINDOWS\DUMP6f34.tmp
2009-07-05 03:03:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-05 03:03:30 ----A---- C:\ckxd.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
S2 mzwvhu;mzwvhu; \??\C:\WINDOWS\system32\drivers\pgkyrgvbojjwl.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-08 116176]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090719.004\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090719.004\navex15.sys []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva277;XDva277; \??\C:\WINDOWS\system32\XDva277.sys []
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeAlerter;Adobe Version Cue CS3 AdobeAlerter; C:\WINDOWS\TEMP\hrevftbnnb.exe [2009-08-03 40448]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
S2 gupdate1c9a633f54d1102;Service Google Update (gupdate1c9a633f54d1102); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 ias;Ias; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
S2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849844]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Voila.

Merci infiniment d'avance et, j'espère que l'on pourra m'aider =)

PW,
HS.

Autres pages sur : spyware intempestif infection resolu

a c 295 8 Sécurité
4 Août 2009 15:17:13

Bonjour,

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    mzwvhu
    AdobeAlerter

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\drivers\svchost.exe"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\drivers\svchost.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSxmlHpr"=-
    "PromoReg"=-
    "19471254"=-

    :files
    C:\WINDOWS\system32\drivers\pgkyrgvbojjwl.sys
    C:\WINDOWS\TEMP\hrevftbnnb.exe
    C:\ckxd.exe
    C:\Documents and Settings\All Users\Application Data\14910154
    C:\WINDOWS\msb.exe
    C:\WINDOWS\system32\lowsec
    C:\Documents and Settings\All Users\Application Data\19471254
    C:\WINDOWS\system32\msxm192z.dll

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    4 Août 2009 15:40:13

    Merci de cette réponse rapide ;) 

    Bref, voici donc le rapport d'OTM.



    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========

    Service\Driver mzwvhu deleted successfully.

    Service\Driver AdobeAlerter deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSxmlHpr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PromoReg deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\19471254 deleted successfully.
    ========== FILES ==========
    C:\WINDOWS\system32\drivers\pgkyrgvbojjwl.sys moved successfully.
    C:\WINDOWS\TEMP\hrevftbnnb.exe moved successfully.
    C:\ckxd.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\14910154 moved successfully.
    C:\WINDOWS\msb.exe moved successfully.
    Folder move failed. C:\WINDOWS\system32\lowsec scheduled to be moved on reboot.
    C:\Documents and Settings\All Users\Application Data\19471254 moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\msxm192z.dll
    C:\WINDOWS\system32\msxm192z.dll NOT unregistered.
    C:\WINDOWS\system32\msxm192z.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: DimitriLan
    File delete failed. C:\Documents and Settings\DimitriLan\Local Settings\Temp\6ED9DE.dmp scheduled to be deleted on reboot.
    ->Temp folder emptied: 10186627 bytes
    File delete failed. C:\Documents and Settings\DimitriLan\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 5587197 bytes
    ->Java cache emptied: 16145834 bytes
    ->FireFox cache emptied: 64999803 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 111826 bytes

    User: Maman
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 466283 bytes
    ->Java cache emptied: 514737 bytes
    ->FireFox cache emptied: 34422814 bytes

    User: Mickey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 133606 bytes
    ->FireFox cache emptied: 52526929 bytes

    User: NetworkService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 394093 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1319182 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    Windows Temp folder emptied: 7069987 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 185,06 mb


    OTM by OldTimer - Version 3.0.0.5 log created on 08042009_153111


    Quand je pense que je pense que trop peu à vider mes caches >.<

    PW,
    HS.
    Contenus similaires
    a c 295 8 Sécurité
    4 Août 2009 15:44:55

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    4 Août 2009 16:01:42

    Nouvelle étape finie, voici le rapport :



    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2557
    Windows 5.1.2600 Service Pack 3 (Safe Mode)

    4/08/2009 15:55:34
    mbam-log-2009-08-04 (15-55-34).txt

    Type de recherche: Examen rapide
    Eléments examinés: 103206
    Temps écoulé: 2 minute(s), 50 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 12
    Valeur(s) du Registre infectée(s): 7
    Elément(s) de données du Registre infecté(s): 7
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 12

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    \\?\globalroot\systemroot\system32\hjgruioxxxxsap.dll (Trojan.TDSS) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\DimitriLan\Menu Démarrer\Programmes\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

    Fichier(s) infecté(s):
    \\?\globalroot\systemroot\system32\hjgruioxxxxsap.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\recp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\DimitriLan\Menu Démarrer\Programmes\System Security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
    C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    4 Août 2009 16:06:22

  • Relance MBAM, va dans Quarantaine et supprime tout.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    4 Août 2009 17:38:00

    Me re voila .o.

    j'ai du m'absenter.

    bref, voici le rapport ComboFix :

    ComboFix 09-08-03.A2 - DimitriLan 04/08/2009 17:13.1.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1279.776 [GMT 2:00]
    Running from: c:\documents and settings\DimitriLan\Bureau\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\DimitriLan\Bureau\Windows Live Messenger .lnk
    c:\documents and settings\Maman\Bureau\Windows Live Messenger .lnk
    c:\windows\Fonts\mlog
    c:\windows\Install.txt
    c:\windows\system32\drivers\hjgruipauqtwmc.sys
    c:\windows\system32\hjgruiefdvpwfn.dat
    c:\windows\system32\hjgruioxxxxsap.dll
    c:\windows\system32\hjgruispulxtou.dat
    c:\windows\system32\hjgruixxursyov.dll
    c:\windows\system32\Install.txt
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\sdra64.exe
    c:\windows\Temp\9.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_hjgruimyoywpod
    -------\Legacy_avast!antivirus
    -------\Legacy_ias
    -------\Legacy_msncache
    -------\Legacy_sopidkc
    -------\Service_ias


    ((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
    .

    2009-08-04 13:48 . 2009-08-04 13:48 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\Malwarebytes
    2009-08-04 13:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-04 13:48 . 2009-08-04 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-04 13:48 . 2009-08-04 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-08-04 13:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-04 13:31 . 2009-08-04 13:31 -------- d-----w- C:\_OTM
    2009-07-27 13:26 . 2009-07-27 13:26 207872 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-07-27 13:26 . 2009-07-27 13:26 207872 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-07-27 13:26 . 2009-07-27 13:26 207872 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-07-27 13:26 . 2009-07-27 13:26 207872 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-07-25 11:52 . 2009-07-25 11:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2009-07-21 17:33 . 2009-08-04 07:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-07-21 16:00 . 2009-07-21 16:00 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\Auslogics
    2009-07-21 16:00 . 2009-07-21 16:00 -------- d-----w- c:\program files\Auslogics
    2009-07-21 00:08 . 2009-07-21 00:08 -------- d-----w- c:\program files\Smallvideosoft
    2009-07-21 00:08 . 2006-10-17 20:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
    2009-07-20 22:49 . 2009-08-02 01:00 3461 --s-a-w- c:\windows\system32\1295148365.dat
    2009-07-14 10:53 . 2007-03-20 13:49 2781184 ----a-w- c:\documents and settings\DimitriLan\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
    2009-07-12 07:00 . 2009-07-12 07:08 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\.minecraft
    2009-07-12 02:36 . 2009-08-04 13:46 -------- d-----w- c:\program files\StepMania
    2009-07-09 03:53 . 2009-07-09 03:53 -------- d-----w- c:\program files\Microsoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-04 15:21 . 2009-03-07 11:50 -------- d-----w- c:\program files\Symantec AntiVirus
    2009-08-04 11:22 . 2009-07-05 14:14 -------- d-----w- c:\program files\trend micro
    2009-08-03 23:17 . 2009-07-04 22:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-03 23:17 . 2009-07-04 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-03 23:16 . 2009-03-07 10:47 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-03 20:18 . 2009-03-16 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-08-01 00:20 . 2009-03-10 09:14 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\gtk-2.0
    2009-07-27 13:27 . 2009-03-10 08:54 -------- d-----w- c:\program files\SystemRequirementsLab
    2009-07-27 13:26 . 2009-03-10 08:54 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab
    2009-07-21 15:35 . 2001-08-28 12:00 85696 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-21 15:35 . 2001-08-28 12:00 513492 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-12 05:48 . 2009-03-07 10:26 70584 ----a-w- c:\documents and settings\DimitriLan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-07-09 03:59 . 2009-03-14 15:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-07-09 03:53 . 2009-03-07 12:07 -------- d-----w- c:\program files\Windows Live
    2009-07-09 03:36 . 2009-03-14 10:54 -------- d-----w- c:\program files\PopCap Games
    2009-07-05 00:31 . 2009-03-14 09:11 72152 ----a-w- c:\documents and settings\Maman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-07-05 00:26 . 2009-07-05 00:26 72152 ----a-w- c:\documents and settings\Mickey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-07-05 00:20 . 2009-07-05 00:20 -------- d-----w- c:\documents and settings\Mickey\Application Data\Notepad++
    2009-07-05 00:17 . 2009-07-05 00:16 -------- d-----w- c:\documents and settings\Maman\Application Data\Notepad++
    2009-07-04 21:59 . 2009-03-22 23:02 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\DNA
    2009-07-04 21:59 . 2009-07-04 21:59 422 ----a-w- c:\documents and settings\DimitriLan\Application Data\Blender Foundation\socks32.exe
    2009-07-04 21:59 . 2009-07-04 21:59 16141 ----a-w- c:\documents and settings\DimitriLan\Application Data\GetRightToGo\megalon.exe
    2009-07-04 21:59 . 2009-07-04 21:59 13221 ----a-w- c:\documents and settings\DimitriLan\Application Data\AVS4YOU\reniga.dll
    2009-07-04 21:59 . 2009-07-04 21:59 131 ----a-w- c:\documents and settings\DimitriLan\Application Data\fltk.org\horsi.exe
    2009-07-04 21:59 . 2009-07-04 21:59 11232 ----a-w- c:\documents and settings\DimitriLan\Application Data\Adobe\moha.exe
    2009-07-04 21:58 . 2001-08-28 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
    2009-07-04 21:17 . 2009-07-04 21:16 -------- d-----w- c:\documents and settings\DimitriLan\Application Data\Notepad++
    2009-07-04 21:16 . 2009-07-04 21:16 -------- d-----w- c:\program files\Notepad++
    2009-07-04 07:27 . 2009-03-22 23:02 -------- d-----w- c:\program files\DNA
    2009-07-03 03:12 . 2009-07-03 03:12 -------- d-----w- c:\program files\Fichiers communs\DirectX
    2009-07-03 03:10 . 2009-07-03 03:08 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
    2009-07-03 03:09 . 2009-07-03 03:08 -------- d-----w- c:\program files\AGEIA Technologies
    2009-07-02 14:48 . 2009-07-02 14:48 -------- d-----w- c:\program files\C0nw0nk_C-Steam
    2009-06-30 00:27 . 2009-06-25 12:25 279984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-06-26 01:10 . 2009-03-23 15:00 -------- d-----w- c:\program files\Free Video Converter
    2009-06-25 12:27 . 2009-06-25 12:26 -------- d-----w- c:\program files\Microsoft LifeCam
    2009-06-25 12:09 . 2009-06-25 12:09 -------- d-----w- c:\program files\MSBuild
    2009-06-25 12:05 . 2009-06-25 12:05 -------- d-----w- c:\program files\Reference Assemblies
    2009-06-14 22:17 . 2009-03-19 00:36 -------- d-----w- c:\program files\Free FLV Converter
    2009-06-14 04:56 . 2009-06-14 04:40 -------- d-----w- c:\program files\Audacity
    2009-06-14 01:07 . 2009-03-27 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
    2009-06-08 23:23 . 2009-06-08 23:23 290816 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
    2009-06-08 23:23 . 2009-06-08 23:23 290816 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
    2009-06-08 23:23 . 2009-06-08 23:23 290816 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
    2009-06-08 23:23 . 2009-06-08 23:23 290816 ----a-w- c:\documents and settings\DimitriLan\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
    2009-06-05 23:07 . 2009-06-05 23:07 -------- d-----w- c:\program files\Webteh
    2009-05-25 17:24 . 2009-03-19 00:36 299008 ----a-w- c:\windows\system32\TubeFinder.exe
    2009-05-13 02:42 . 2009-05-12 12:58 55 ----a-w- c:\documents and settings\DimitriLan\Application Data\RenPy\persistent\act1.katawa-shoujo.com
    2009-05-12 14:00 . 2009-05-12 14:00 2123831 ----a-w- c:\documents and settings\All Users\SPL64.tmp
    2009-05-07 15:33 . 2001-08-28 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
    2009-08-04 13:34 . 2009-03-07 13:47 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    .

    ------- Sigcheck -------

    [-] 2004-08-03 22:14 182656 1DF7F42665C94B825322FAE71721130D c:\windows\$NtServicePackUninstall$\ndis.sys
    [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
    [-] 2009-07-04 21:58 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
    [-] 2009-07-04 21:58 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Persona\\Persona.exe"=
    "c:\\WINDOWS\\system32\\lxdpcoms.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdppswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdptime.exe"=
    "c:\\Program Files\\Lexmark Z2300 Series\\lxdpmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdpjswx.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/07/2009 8:01 101936]
    S2 gupdate1c9a633f54d1102;Service Google Update (gupdate1c9a633f54d1102);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2009 14:37 133104]
    S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [3/05/2009 17:56 98984]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/09/2006 21:33 116464]
    S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [11/03/2009 20:48 50048]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-04 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 22:50]

    2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 12:37]

    2009-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 12:37]

    2009-08-04 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-05-14 20:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.be/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://holic.netgame.com/launch/object/mglaunch_USAv1004.cab
    FF - ProfilePath - c:\documents and settings\DimitriLan\Application Data\Mozilla\Firefox\Profiles\pe1pbfqp.default\
    FF - prefs.js: browser.startup.homepage - hxxp:// fficial" rel="nofollow" target="_blank">www.google.be/firefox?client=firefox-a&rls=org.mozilla:...
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-04 17:24
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3236)
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxdpcoms.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-04 17:26 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-04 15:26

    Pre-Run: 38.040.961.024 octets libres
    Post-Run: 37.946.785.792 octets libres

    295 --- E O F --- 2009-06-11 01:07


    Il semble ne plus avoir de soucis, mais je préfère attendre ton avis =o

    Sur ce, encore merci d'avance ~

    PW,
    HS.
    a c 295 8 Sécurité
    4 Août 2009 17:57:23

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Désinstalle Java 6 Update 13.

  • Mets à jour Java.

  • Refais un scan RSIT et poste le rapport log.
    4 Août 2009 18:14:01

    Désinstallation de ComboFix finie, installation ( après désinstallation de l'ancien ) de Java finie aussi.

    Pour la dernière étape,

    voici le nouveau rapport log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by DimitriLan at 2009-08-04 18:10:29
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 40 GB (71%) free of 56 GB
    Total RAM: 1279 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:33, on 4/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\lxdpcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\DimitriLan\Bureau\installer & setup\RSIT.exe
    C:\Program Files\trend micro\DimitriLan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Insaniquarium%20Deluxe/Images/stg_drm.ocx
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://holic.netgame.com/launch/object/mglaunch_USAv100...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Insaniquarium%20Deluxe/Images/armhelper.ocx
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service Google Update (gupdate1c9a633f54d1102) (gupdate1c9a633f54d1102) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
    O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9363 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\tasks\WGASetup.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-19 312928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-04 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-04 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
    {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-04 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
    "C:\Program Files\Persona\Persona.exe"="C:\Program Files\Persona\Persona.exe:*:Enabled:p ersona"
    "C:\WINDOWS\system32\lxdpcoms.exe"="C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:p rinter Status Window Interface"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable"
    "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"="C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:p rinter Device Monitor"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======File associations======

    .js - open - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 3 months======

    2009-08-04 18:09:25 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-04 18:09:25 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-04 18:09:25 ----A---- C:\WINDOWS\system32\java.exe
    2009-08-04 18:09:12 ----D---- C:\Program Files\Java
    2009-08-04 18:08:10 ----D---- C:\WINDOWS\LastGood
    2009-08-04 18:04:22 ----SD---- C:\ComboFix
    2009-08-04 17:31:49 ----SHD---- C:\WINDOWS\system32\lowsec
    2009-08-04 17:26:56 ----A---- C:\ComboFix.txt
    2009-08-04 17:06:00 ----D---- C:\WINDOWS\ERDNT
    2009-08-04 16:10:51 ----A---- C:\avenger.txt
    2009-08-04 15:48:37 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Malwarebytes
    2009-08-04 15:48:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-04 15:48:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-04 15:31:11 ----D---- C:\_OTM
    2009-08-03 23:54:37 ----A---- C:\WINDOWS\wininit.ini
    2009-07-21 18:00:35 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Auslogics
    2009-07-21 18:00:32 ----D---- C:\Program Files\Auslogics
    2009-07-21 17:32:11 ----RASHD---- C:\autorun.inf
    2009-07-21 17:32:11 ----A---- C:\UsbFix.txt
    2009-07-21 15:28:32 ----A---- C:\FindyKill.txt
    2009-07-21 02:08:43 ----D---- C:\Program Files\Smallvideosoft
    2009-07-21 02:08:43 ----A---- C:\WINDOWS\system32\SkinMagic.dll
    2009-07-12 09:00:18 ----D---- C:\Documents and Settings\DimitriLan\Application Data\.minecraft
    2009-07-12 04:36:10 ----D---- C:\Program Files\StepMania
    2009-07-09 05:56:07 ----A---- C:\WINDOWS\system32\STKIT432.DLL
    2009-07-09 05:56:05 ----D---- C:\Program Files\Registry Mechanic
    2009-07-09 05:53:30 ----D---- C:\Program Files\Microsoft
    2009-07-05 16:39:00 ----D---- C:\FindyKill
    2009-07-05 16:14:24 ----D---- C:\Program Files\trend micro
    2009-07-05 16:14:23 ----D---- C:\rsit
    2009-07-05 04:41:46 ----SHD---- C:\WINDOWS\CSC
    2009-07-05 03:06:13 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-07-05 00:45:24 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-05 00:45:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-04 23:16:48 ----D---- C:\Program Files\Notepad++
    2009-07-04 23:16:48 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Notepad++
    2009-07-03 05:12:05 ----D---- C:\Program Files\Fichiers communs\DirectX
    2009-07-03 05:08:56 ----D---- C:\WINDOWS\system32\AGEIA
    2009-07-03 05:08:55 ----D---- C:\Program Files\AGEIA Technologies
    2009-07-03 05:08:40 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-07-02 16:48:13 ----D---- C:\Program Files\C0nw0nk_C-Steam
    2009-06-25 14:27:19 ----A---- C:\WINDOWS\system32\LCCoin20.dll
    2009-06-25 14:26:44 ----D---- C:\Program Files\Microsoft LifeCam
    2009-06-25 14:10:15 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2009-06-25 14:09:06 ----D---- C:\Program Files\MSBuild
    2009-06-25 14:05:41 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-06-25 14:05:39 ----D---- C:\WINDOWS\system32\en-us
    2009-06-25 14:05:06 ----D---- C:\Program Files\Reference Assemblies
    2009-06-25 14:04:38 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2009-06-14 06:40:42 ----D---- C:\Program Files\Audacity
    2009-06-14 06:27:29 ----D---- C:\AV_LOGS
    2009-06-11 03:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-06-11 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
    2009-06-11 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-06-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
    2009-06-06 01:07:28 ----D---- C:\Program Files\Webteh
    2009-05-30 00:51:04 ----D---- C:\Documents and Settings\DimitriLan\Application Data\IDMComp
    2009-05-16 03:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
    2009-05-15 04:36:28 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
    2009-05-15 04:36:28 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
    2009-05-15 04:36:28 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
    2009-05-15 04:36:27 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
    2009-05-15 04:36:27 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
    2009-05-15 04:36:26 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
    2009-05-15 04:36:26 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
    2009-05-15 04:36:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
    2009-05-15 04:36:25 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
    2009-05-15 04:36:25 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
    2009-05-15 04:36:24 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
    2009-05-15 04:36:24 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
    2009-05-15 04:36:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
    2009-05-15 04:36:23 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
    2009-05-15 04:36:23 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
    2009-05-15 04:36:23 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
    2009-05-15 04:36:22 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
    2009-05-15 04:36:22 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
    2009-05-15 04:36:22 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
    2009-05-15 04:36:21 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
    2009-05-15 04:36:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2009-05-15 04:36:20 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2009-05-15 04:36:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2009-05-15 04:36:18 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2009-05-15 04:36:17 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2009-05-15 04:36:17 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2009-05-15 04:36:15 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2009-05-15 04:36:14 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2009-05-15 04:36:14 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2009-05-15 04:36:13 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2009-05-15 04:36:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-05-15 04:36:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-05-15 04:36:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-05-15 04:36:10 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
    2009-05-15 04:36:08 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
    2009-05-15 04:36:08 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
    2009-05-15 04:36:06 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
    2009-05-15 04:36:03 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
    2009-05-15 04:36:01 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
    2009-05-15 04:36:00 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
    2009-05-15 04:35:56 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
    2009-05-15 04:34:18 ----D---- C:\WINDOWS\Logs
    2009-05-14 20:15:05 ----D---- C:\WINDOWS\system32\KB905474
    2009-05-14 03:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-05-14 03:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-05-14 03:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
    2009-05-14 03:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-05-14 03:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-05-14 03:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-05-14 03:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2009-05-14 03:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
    2009-05-14 03:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-05-14 03:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-05-14 03:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-05-14 03:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2009-05-14 03:04:12 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-05-14 03:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
    2009-05-14 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-05-13 14:57:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2009-05-13 14:57:48 ----A---- C:\WINDOWS\system32\mucltui.dll
    2009-05-13 14:52:06 ----D---- C:\temp
    2009-05-12 14:35:02 ----D---- C:\Documents and Settings\DimitriLan\Application Data\RenPy
    2009-05-09 09:23:31 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Blender Foundation
    2009-05-08 14:01:02 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
    2009-05-08 13:50:31 ----D---- C:\Program Files\IVT Corporation

    ======List of files/folders modified in the last 3 months======

    2009-08-04 18:09:28 ----SHD---- C:\WINDOWS\Installer
    2009-08-04 18:09:25 ----D---- C:\WINDOWS\system32
    2009-08-04 18:09:15 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-08-04 18:09:12 ----RD---- C:\Program Files
    2009-08-04 18:09:10 ----D---- C:\WINDOWS\Prefetch
    2009-08-04 18:09:09 ----HD---- C:\WINDOWS\inf
    2009-08-04 18:08:31 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-04 18:08:31 ----D---- C:\WINDOWS
    2009-08-04 18:08:08 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-04 18:05:59 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-04 18:04:58 ----D---- C:\Program Files\Symantec AntiVirus
    2009-08-04 18:04:42 ----SHD---- C:\System Volume Information
    2009-08-04 18:03:01 ----D---- C:\WINDOWS\Temp
    2009-08-04 18:02:00 ----SD---- C:\WINDOWS\Tasks
    2009-08-04 17:28:13 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-04 17:26:58 ----D---- C:\WINDOWS\system32\drivers
    2009-08-04 17:26:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-04 17:24:16 ----A---- C:\WINDOWS\system.ini
    2009-08-04 17:19:34 ----D---- C:\WINDOWS\system32\config
    2009-08-04 17:19:12 ----RSD---- C:\WINDOWS\Fonts
    2009-08-04 17:17:24 ----D---- C:\WINDOWS\AppPatch
    2009-08-04 17:17:14 ----D---- C:\Program Files\Fichiers communs
    2009-08-04 13:07:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-08-04 01:22:59 ----D---- C:\Ntreev
    2009-08-04 01:16:36 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-08-03 22:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-08-01 02:20:11 ----D---- C:\Documents and Settings\DimitriLan\Application Data\gtk-2.0
    2009-07-30 17:17:41 ----D---- C:\WINDOWS\Minidump
    2009-07-27 15:27:01 ----D---- C:\Program Files\SystemRequirementsLab
    2009-07-27 15:26:39 ----D---- C:\Documents and Settings\DimitriLan\Application Data\SystemRequirementsLab
    2009-07-26 09:04:11 ----D---- C:\Games
    2009-07-26 09:03:32 ----D---- C:\My Games
    2009-07-21 17:35:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-15 11:09:41 ----D---- C:\WINDOWS\system32\wbem
    2009-07-09 17:08:19 ----SD---- C:\Documents and Settings\DimitriLan\Application Data\Microsoft
    2009-07-09 05:59:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-07-09 05:53:25 ----D---- C:\Program Files\Windows Live
    2009-07-09 05:43:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-07-09 05:36:31 ----D---- C:\Program Files\PopCap Games
    2009-07-06 01:03:03 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Google
    2009-07-04 23:59:53 ----D---- C:\Documents and Settings\DimitriLan\Application Data\DNA
    2009-07-04 09:27:13 ----D---- C:\Program Files\DNA
    2009-07-03 05:08:40 ----D---- C:\WINDOWS\system32\DirectX
    2009-07-03 05:08:09 ----RSD---- C:\WINDOWS\assembly
    2009-06-30 02:28:00 ----D---- C:\WINDOWS\security
    2009-06-26 03:10:06 ----D---- C:\Program Files\Free Video Converter
    2009-06-25 14:40:14 ----D---- C:\WINDOWS\Microsoft.NET
    2009-06-25 14:25:37 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-25 14:20:14 ----D---- C:\WINDOWS\WinSxS
    2009-06-25 14:10:00 ----D---- C:\WINDOWS\system32\fr-fr
    2009-06-25 14:04:48 ----D---- C:\WINDOWS\system32\spool
    2009-06-15 00:17:07 ----D---- C:\Program Files\Free FLV Converter
    2009-06-14 15:40:58 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-14 03:07:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2009-06-13 11:47:17 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Adobe
    2009-06-12 18:35:34 ----D---- C:\Documents and Settings\DimitriLan\Application Data\Macromedia
    2009-06-12 18:35:33 ----D---- C:\WINDOWS\system32\Macromed
    2009-06-11 03:07:32 ----A---- C:\WINDOWS\win.ini
    2009-06-11 03:05:49 ----A---- C:\WINDOWS\imsins.BAK
    2009-06-11 03:01:19 ----D---- C:\Program Files\Internet Explorer
    2009-06-09 01:53:29 ----D---- C:\WINDOWS\Help
    2009-06-09 01:51:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-05-30 01:22:05 ----D---- C:\Program Files\Savage 2 - A Tortured Soul
    2009-05-30 01:19:42 ----D---- C:\Program Files\Perfect World France
    2009-05-26 15:10:52 ----A---- C:\WINDOWS\ODBC.INI
    2009-05-25 19:24:56 ----A---- C:\WINDOWS\system32\TubeFinder.exe
    2009-05-21 18:34:35 ----D---- C:\WINDOWS\system32\Adobe
    2009-05-17 18:48:14 ----D---- C:\Program Files\Google
    2009-05-14 03:06:54 ----D---- C:\WINDOWS\Registration
    2009-05-07 17:33:02 ----A---- C:\WINDOWS\system32\localspl.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-08 116176]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090719.004\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090719.004\navex15.sys []
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
    R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-21 235100]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 XDva277;XDva277; \??\C:\WINDOWS\system32\XDva277.sys []
    S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
    S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-04 152984]
    R2 lxdp_device;lxdp_device; C:\WINDOWS\system32\lxdpcoms.exe [2008-02-27 594600]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
    R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S2 gupdate1c9a633f54d1102;Service Google Update (gupdate1c9a633f54d1102); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-16 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [2008-02-27 98984]
    S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-27 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
    S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2849844]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
    S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------


    PW,
    HS.
    a c 295 8 Sécurité
    4 Août 2009 18:20:50

    Plus de souci ?
    4 Août 2009 18:24:35

    Je pense que non. J'ai récupéré mon fond d'écran White Clarity /o/

    Et je n'ai plus ces incitations à télécharger le soi-disant anti-virus =o

    Je te remercie encore \o/

    Passe une bonne journée/soirée, malgré le travail qui tu as .o. ( Tu dois avoir pas mal de courage avec toutes ces demandes par jour >< ).

    Et encore merci.

    PW,
    HS.

    ps : je change donc le titre en résolu ~
    a c 295 8 Sécurité
    4 Août 2009 18:37:36

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS