Se connecter / S'enregistrer
Votre question

Win32.brontok

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Août 2009 00:37:10

bonjour
j'aimerais avoir de l'aide concernant le virus win32.brontok que je n'arrive pas a faire partir qui ralenti considerablement mon pc et une fenetre d'alerte qui apparait systematiquement
merci d'y repondre

Autres pages sur : win32 brontok

a c 295 8 Sécurité
2 Août 2009 00:58:39

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    2 Août 2009 01:13:14

    voila pour log.txt




    Logfile of random's system information tool 1.06 (written by random/random)
    Run by MICKAEL at 2009-08-02 01:10:43
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 31 GB (27%) free of 116 GB
    Total RAM: 766 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:11:11, on 02/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Documents and Settings\MICKAEL\Application Data\Google\cjhhl15625481.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Downloads\RSIT.exe
    C:\Program Files\trend micro\MICKAEL.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
    O4 - HKLM\..\Run: [realteks] "C:\Documents and Settings\MICKAEL\Application Data\Google\cjhhl15625481.exe" 2
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: DirectX Service (Ricov) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 13072 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 158272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "LaunchApp"=Alaunch []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
    "nwiz"=nwiz.exe /install []
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016]
    "Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152]
    "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
    "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
    "lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
    "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-11 312240]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-12-20 37376]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
    "CANAL+ CANALSAT A LA DEMANDE"=C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe [2009-04-28 170072]
    "realteks"=C:\Documents and Settings\MICKAEL\Application Data\Google\cjhhl15625481.exe [2009-07-03 113152]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\valve\steam\steam.exe -silent []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    C:\PROGRA~1\Ciel\Starter.exe [2006-07-06 524288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MICKAEL^Menu Démarrer^Programmes^Démarrage^Registration RAYMAN]
    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage\Registration RAYMAN []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:D evice Monitor Application"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rb"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
    "C:\Program Files\Red Kawa\Video Converter\uninstaller.exe"="C:\Program Files\Red Kawa\Video Converter\uninstaller.exe:*:Enabled:p S3 Video 9 Uninstall"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
    "C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:D isabled:Football Manager 2008"
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:D isabled:EA Download Manager"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d37ebcd-2d96-11dd-9156-0019214c1c6b}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238a1da8-5e24-11de-9215-0019214c1c6b}]
    shell\AutoRun\command - L:\RECYCLED\BIN\ok.exe
    shell\open\command - L:\RECYCLED\BIN\ok.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d43f2ba-db82-11db-9071-0019214b1a80}]
    shell\Auto\command - L:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41a41e3a-f29c-11db-908a-0019214b1a80}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82b7bac6-4336-11de-920d-0019214c1c6b}]
    shell\AutoRun\command - L:\browsercall.exe PhotoServiceEditionSetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a838204a-c459-11dc-9118-0019214c1c6b}]
    shell\AutoRun\command - L:\vsbvxbuv.exe
    shell\explore\command - L:\vsbvxbuv.exe
    shell\open\command - L:\vsbvxbuv.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a838204b-c459-11dc-9118-0019214c1c6b}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8491413-94cc-11db-903e-0019214b1a80}]
    shell\AutoRun\command - K:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2d569f2-9288-11db-ab1c-0019214b1a80}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


    ======List of files/folders created in the last 1 months======

    2009-08-02 01:10:45 ----D---- C:\Program Files\trend micro
    2009-08-02 01:10:43 ----D---- C:\rsit
    2009-07-27 01:15:03 ----A---- C:\WINDOWS\wininit.ini
    2009-07-27 00:35:12 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-27 00:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-16 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-02 01:10:48 ----D---- C:\WINDOWS\Prefetch
    2009-08-02 01:10:45 ----D---- C:\Program Files
    2009-08-02 01:10:09 ----D---- C:\Downloads
    2009-08-01 22:57:14 ----D---- C:\WINDOWS\temp
    2009-08-01 18:51:54 ----A---- C:\WINDOWS\win.ini
    2009-08-01 18:51:10 ----D---- C:\Program Files\eMule
    2009-08-01 18:50:09 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Hamachi
    2009-08-01 18:49:40 ----AD---- C:\WINDOWS
    2009-08-01 18:46:51 ----HD---- C:\WINDOWS\inf
    2009-08-01 18:46:40 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-01 01:45:37 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-30 11:53:09 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Google
    2009-07-30 11:51:22 ----D---- C:\Program Files\Movie Maker
    2009-07-30 11:51:22 ----D---- C:\Program Files\Google
    2009-07-30 11:51:22 ----AD---- C:\WINDOWS\system32
    2009-07-30 03:01:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-30 03:01:00 ----D---- C:\WINDOWS\system32\fr-fr
    2009-07-30 03:01:00 ----D---- C:\Program Files\Internet Explorer
    2009-07-30 03:00:50 ----D---- C:\WINDOWS\ie7updates
    2009-07-30 03:00:29 ----SHD---- C:\WINDOWS\Installer
    2009-07-30 03:00:28 ----D---- C:\WINDOWS\WinSxS
    2009-07-29 23:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-07-29 23:03:56 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-29 23:03:56 ----D---- C:\Program Files\Electronic Arts
    2009-07-29 09:55:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-27 01:37:49 ----A---- C:\rapport.txt
    2009-07-27 01:36:02 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-07-23 13:08:58 ----D---- C:\Program Files\Mozilla Firefox
    2009-07-23 13:02:06 ----D---- C:\WINDOWS\Debug
    2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-16 03:04:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-11 15:16:07 ----D---- C:\WINDOWS\network diagnostic
    2009-07-11 14:58:45 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-07-03 23:53:53 ----AD---- C:\WINDOWS\system32\drivers

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
    R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
    R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-21 25280]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 XPADFL02;XPAD Filter Service 02; C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-04-28 188416]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]
    R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-19 66872]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
    S2 Ricov;DirectX Service; C:\WINDOWS\system32\directx.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    -----------------EOF-----------------
    Contenus similaires
    2 Août 2009 01:14:13

    voila pour info.txt

    info.txt logfile of random's system information tool 1.06 2009-08-02 01:11:14

    ======Uninstall list======

    -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
    Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
    Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
    Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
    Acer WLAN 11g USB Dongle-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1036
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
    Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    BitComet 0.84-->C:\Program Files\BitComet\uninst.exe
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
    CANAL+ CANALSAT A LA DEMANDE-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-3081E67009BA}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Decrypter 3.5.4.0 Fr-->C:\Program Files\DVD Decrypter\UnInstall_DVDdecrypt.exe
    EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
    Free Mp3 Wma Converter V 1.7.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"
    GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
    Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
    LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
    Megavideo Video Downloader 3.12-->"C:\Program Files\DownloadToolz\Megavideo Video Downloader\unins000.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.20)-->c:\progra~1\Mozilla Firefox\uninstall\helper.exe
    MSN Polygamy 8.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}\Setup.exe"
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
    Nero MediaHome CE-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Otto-->"C:\Program Files\FrenchOtto\uninstallotto.exe"
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
    Package de pilotes Windows - AMD System (04/06/2006 1.0.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdaway_6BBB63755B7B133065E435E51557E416289081C4\amdaway.inf
    PGameScan-->MsiExec.exe /I{84D2F388-FEB2-41D1-B380-630444D3ABDF}
    PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
    QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SixaxisDriver 0.91-->"C:\Program Files\SixaxisDriver\unins000.exe"
    SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
    Solutions de télécopie Lexmark-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
    SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
    The Simpsons Hit & Run(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}\setup.exe" -l0x40c
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    TVUPlayer 2.3.4.1-->C:\Program Files\TVUPlayer\uninst.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
    Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
    VDownloader 0.77-->"C:\Program Files\VDOWNLOADER\unins000.exe"
    VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VirtualDub 1.8.6 Fr-->"C:\Program Files\VirtualDub\unins000.exe"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 SDK-->MsiExec.exe /X{009435FA-9011-4C36-AE7C-CCC9669E7875}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090630-0] (outdated)

    ======System event log======

    Computer Name: MICKADROGBA
    Event Code: 51
    Message: Une erreur a été détectée sur le périphérique \Device\CdRom1 au cours d'une opération de pagination.

    Record Number: 12815
    Source Name: Cdrom
    Time Written: 20090525192829.000000+120
    Event Type: Avertissement
    User:

    Computer Name: MICKADROGBA
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 12814
    Source Name: EventLog
    Time Written: 20090525192808.000000+120
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 12813
    Source Name: EventLog
    Time Written: 20090525192808.000000+120
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 8033
    Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{C7E851B6-A726-462B-AFAE-5B87836245B1} car un maître explorateur a été arrêté.

    Record Number: 12812
    Source Name: BROWSER
    Time Written: 20090525191548.000000+120
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 4202
    Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{C7E851B6-A726-462B-AFAE-5B87836245B1} était déconnectée du réseau,
    et la configuration réseau de la carte a été abandonnée. Si la carte
    réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
    Contactez le fabricant pour des pilotes mis à jour.

    Record Number: 12811
    Source Name: Tcpip
    Time Written: 20090525191548.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: MICKADROGBA
    Event Code: 700
    Message: MsnMsgr (988) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\MICKAEL\Local Settings\Application Data\Microsoft\Messenger\mickadrogba@hotmail.fr\SharingMetadata\Working\database_F20C_BEE2_48C5_338C\dfsr.db'.

    Record Number: 18531
    Source Name: ESENT
    Time Written: 20081122070002.000000+060
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 701
    Message: MsnMsgr (988) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\MICKAEL\Local Settings\Application Data\Microsoft\Messenger\mickadrogba@hotmail.fr\SharingMetadata\Working\database_F20C_BEE2_48C5_338C\dfsr.db'.

    Record Number: 18530
    Source Name: ESENT
    Time Written: 20081122060002.000000+060
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 700
    Message: MsnMsgr (988) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\MICKAEL\Local Settings\Application Data\Microsoft\Messenger\mickadrogba@hotmail.fr\SharingMetadata\Working\database_F20C_BEE2_48C5_338C\dfsr.db'.

    Record Number: 18529
    Source Name: ESENT
    Time Written: 20081122060002.000000+060
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 701
    Message: MsnMsgr (988) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\MICKAEL\Local Settings\Application Data\Microsoft\Messenger\mickadrogba@hotmail.fr\SharingMetadata\Working\database_F20C_BEE2_48C5_338C\dfsr.db'.

    Record Number: 18528
    Source Name: ESENT
    Time Written: 20081122050002.000000+060
    Event Type: Informations
    User:

    Computer Name: MICKADROGBA
    Event Code: 700
    Message: MsnMsgr (988) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\MICKAEL\Local Settings\Application Data\Microsoft\Messenger\mickadrogba@hotmail.fr\SharingMetadata\Working\database_F20C_BEE2_48C5_338C\dfsr.db'.

    Record Number: 18527
    Source Name: ESENT
    Time Written: 20081122050002.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=4b02
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

    -----------------EOF-----------------
    a c 295 8 Sécurité
    2 Août 2009 01:39:38

    Tu n'as pas que du Brontok.

  • Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    2 Août 2009 05:09:54


    ############################## | UsbFix V6.012 |

    User : MICKAEL (Administrateurs) # MICKADROGBA
    Update on 01/08/09 by Chiquitine29 & C_XX
    Start at: 05:06:38 | 02/08/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1335 [VPS 090630-0] 4.8.1335 [ Enabled | (!) Outdated ]

    C:\ -> Disque fixe local # 113,27 Go (30,3 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 113,73 Go (104,69 Go free) [ACERDATA] # FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque CD-ROM
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Documents and Settings\MICKAEL\Application Data\Google\cjhhl15625481.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | Other |

    Suspect ! C:\dotnetfx\DOTNETFX.EXE

    ################## | Registre # Clés Run infectieuses |


    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{1d37ebcd-2d96-11dd-9156-0019214c1c6b}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

    HKCU\..\..\Explorer\MountPoints2\{238a1da8-5e24-11de-9215-0019214c1c6b}
    Shell\AutoRun\command =L:\RECYCLED\BIN\ok.exe
    Shell\open\command =L:\RECYCLED\BIN\ok.exe

    HKCU\..\..\Explorer\MountPoints2\{3d43f2ba-db82-11db-9071-0019214b1a80}
    Shell\Auto\command =L:\AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    HKCU\..\..\Explorer\MountPoints2\{41a41e3a-f29c-11db-908a-0019214b1a80}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    HKCU\..\..\Explorer\MountPoints2\{82b7bac6-4336-11de-920d-0019214c1c6b}
    Shell\AutoRun\command =L:\browsercall.exe PhotoServiceEditionSetup.exe

    HKCU\..\..\Explorer\MountPoints2\{a838204a-c459-11dc-9118-0019214c1c6b}
    Shell\AutoRun\command =L:\vsbvxbuv.exe
    Shell\explore\Command =L:\vsbvxbuv.exe
    Shell\open\Command =L:\vsbvxbuv.exe

    HKCU\..\..\Explorer\MountPoints2\{a838204b-c459-11dc-9118-0019214c1c6b}
    Shell\Auto\command =AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    HKCU\..\..\Explorer\MountPoints2\{d8491413-94cc-11db-903e-0019214b1a80}
    Shell\AutoRun\command =K:\autorun.exe

    HKCU\..\..\Explorer\MountPoints2\{e2d569f2-9288-11db-ab1c-0019214b1a80}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # UsbFix V6.012 ! |

    a c 295 8 Sécurité
    2 Août 2009 05:33:39

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    2 Août 2009 05:47:21


    ############################## | UsbFix V6.012 |

    User : MICKAEL (Administrateurs) # MICKADROGBA
    Update on 01/08/09 by Chiquitine29 & C_XX
    Start at: 05:39:30 | 02/08/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1335 [VPS 090630-0] 4.8.1335 [ Enabled | (!) Outdated ]

    C:\ -> Disque fixe local # 113,27 Go (30,3 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 113,73 Go (104,69 Go free) [ACERDATA] # FAT32
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM
    G:\ -> Disque CD-ROM
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible
    M:\ -> Disque amovible # 7,53 Go (3,63 Go free) [UDISK 2.0] # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\eHome\ehRec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | Registre # Clés Run infectieuses |


    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{1d37ebcd-2d96-11dd-9156-0019214c1c6b}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{238a1da8-5e24-11de-9215-0019214c1c6b}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{3d43f2ba-db82-11db-9071-0019214b1a80}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{41a41e3a-f29c-11db-908a-0019214b1a80}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{82b7bac6-4336-11de-920d-0019214c1c6b}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{a838204a-c459-11dc-9118-0019214c1c6b}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{a838204b-c459-11dc-9118-0019214c1c6b}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{d8491413-94cc-11db-903e-0019214b1a80}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{e2d569f2-9288-11db-ab1c-0019214b1a80}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [11/08/2006 19:52|--a------|50] -> C:\AUTOEXEC.BAT
    [26/03/2007 12:49|---------|12378887] -> C:\AVG7QT.DAT
    [29/11/2008 01:55|-rahs----|221] -> C:\boot.ini
    [10/08/2004 22:00|-rahs----|4952] -> C:\Bootfont.bin
    [29/11/2007 19:16|--a------|74] -> C:\CMLoader.log
    [11/08/2006 19:29|--a------|0] -> C:\CONFIG.SYS
    [18/08/2007 20:06|--a------|740] -> C:\crashAddress.txt
    [?|?|?] -> C:\hiberfil.sys
    [11/08/2006 19:29|-rahs----|0] -> C:\IO.SYS
    [27/01/2008 14:28|--a------|820153] -> C:\lxdd.log
    [11/08/2006 19:29|-rahs----|0] -> C:\MSDOS.SYS
    [10/08/2004 22:00|-rahs----|47564] -> C:\NTDETECT.COM
    [27/08/2008 16:57|-rahs----|252240] -> C:\ntldr
    [?|?|?] -> C:\pagefile.sys
    [11/08/2006 21:18|--a------|79] -> C:\preload.aaa
    [27/07/2009 01:37|--a------|6398] -> C:\rapport.txt
    [11/08/2006 19:41|--a------|499] -> C:\RHDSetup.log
    [03/01/2007 19:37|--ah-----|232] -> C:\sqmdata00.sqm
    [06/01/2007 19:08|--ah-----|232] -> C:\sqmdata01.sqm
    [10/03/2007 02:23|--ah-----|232] -> C:\sqmdata02.sqm
    [10/03/2007 02:24|--ah-----|232] -> C:\sqmdata03.sqm
    [10/03/2007 02:24|--ah-----|232] -> C:\sqmdata04.sqm
    [27/03/2007 18:41|--ah-----|232] -> C:\sqmdata05.sqm
    [27/03/2007 18:55|--ah-----|232] -> C:\sqmdata06.sqm
    [06/04/2007 10:28|--ah-----|268] -> C:\sqmdata07.sqm
    [19/04/2007 19:08|--ah-----|268] -> C:\sqmdata08.sqm
    [29/04/2007 20:42|--ah-----|268] -> C:\sqmdata09.sqm
    [27/05/2007 19:55|--ah-----|232] -> C:\sqmdata10.sqm
    [13/12/2007 18:38|--ah-----|232] -> C:\sqmdata11.sqm
    [23/02/2008 18:37|--ah-----|232] -> C:\sqmdata12.sqm
    [23/11/2008 11:24|--ah-----|268] -> C:\sqmdata13.sqm
    [14/12/2008 01:50|--a------|236] -> C:\sqmdata14.sqm
    [14/12/2008 14:08|--a------|236] -> C:\sqmdata15.sqm
    [14/12/2008 14:20|--a------|236] -> C:\sqmdata16.sqm
    [14/12/2008 14:28|--a------|236] -> C:\sqmdata17.sqm
    [14/12/2008 16:13|--a------|200] -> C:\sqmdata18.sqm
    [14/12/2008 17:35|--a------|236] -> C:\sqmdata19.sqm
    [03/01/2007 19:37|--ah-----|244] -> C:\sqmnoopt00.sqm
    [06/01/2007 19:08|--ah-----|244] -> C:\sqmnoopt01.sqm
    [10/03/2007 02:23|--ah-----|244] -> C:\sqmnoopt02.sqm
    [10/03/2007 02:24|--ah-----|244] -> C:\sqmnoopt03.sqm
    [10/03/2007 02:24|--ah-----|244] -> C:\sqmnoopt04.sqm
    [27/03/2007 18:41|--ah-----|244] -> C:\sqmnoopt05.sqm
    [27/03/2007 18:55|--ah-----|244] -> C:\sqmnoopt06.sqm
    [06/04/2007 10:28|--ah-----|244] -> C:\sqmnoopt07.sqm
    [19/04/2007 19:08|--ah-----|244] -> C:\sqmnoopt08.sqm
    [29/04/2007 20:42|--ah-----|244] -> C:\sqmnoopt09.sqm
    [27/05/2007 19:55|--ah-----|244] -> C:\sqmnoopt10.sqm
    [13/12/2007 18:38|--ah-----|244] -> C:\sqmnoopt11.sqm
    [23/02/2008 18:37|--ah-----|244] -> C:\sqmnoopt12.sqm
    [23/11/2008 11:24|--ah-----|244] -> C:\sqmnoopt13.sqm
    [14/12/2008 01:50|--a------|200] -> C:\sqmnoopt14.sqm
    [14/12/2008 14:08|--a------|200] -> C:\sqmnoopt15.sqm
    [14/12/2008 14:20|--a------|200] -> C:\sqmnoopt16.sqm
    [14/12/2008 14:28|--a------|200] -> C:\sqmnoopt17.sqm
    [14/12/2008 16:13|--a------|200] -> C:\sqmnoopt18.sqm
    [14/12/2008 17:35|--a------|200] -> C:\sqmnoopt19.sqm
    [18/10/2008 16:15|--a------|0] -> C:\Tech_Vista.log
    [15/02/2008 14:27|--a------|51757] -> C:\test.log
    [02/08/2009 05:42|--a------|6836] -> C:\UsbFix.txt
    [01/08/2009 18:45|--a------|1558] -> M:\BOOTEX.LOG
    [09/06/2009 07:54|---h-----|29184] -> M:\~WRL2370.tmp
    [24/07/2009 19:23|--a------|370026870] -> M:\Heroes.S03E22.FRENCH.LD.HDTV.XviD-JMT(Smartorrent).avi
    [24/07/2009 19:09|--a------|373991950] -> M:\Heroes.S03E21.FRENCH.LD.HDTV.XviD-JMT(Smartorrent).avi

    ################## | Vaccination |

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # M:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # UsbFix V6.012 ! |

    a c 295 8 Sécurité
    2 Août 2009 05:49:28

    1/

  • Démarre Spybot, clique sur Mode, coche Mode avancé.
  • A gauche, clique sur Outils, puis sur Résident.
  • Décoche la case devant Résident "TeaTimer" :

  • Quitte Spybot.


    2/

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    2 Août 2009 06:06:07

    ComboFix 09-08-01.06 - MICKAEL 02/08/2009 5:56.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.766.455 [GMT 2:00]
    Running from: c:\downloads\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090630-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\MICKAEL\Application Data\Google\cjhhl15625481.exe
    c:\documents and settings\MICKAEL\Local Settings\Application Data\jgceuxmqfi.dat
    c:\documents and settings\MICKAEL\Local Settings\Application Data\jgceuxmqfi_nav.dat
    c:\documents and settings\MICKAEL\Local Settings\Application Data\jgceuxmqfi_navps.dat
    c:\windows\kb913800.exe
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\system32\_000010_.tmp.dll
    c:\windows\system32\_000011_.tmp.dll
    c:\windows\system32\_000012_.tmp.dll
    c:\windows\system32\_000110_.tmp.dll
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\fbowlwuh.dat
    c:\windows\system32\fbowlwuh_nav.dat
    c:\windows\system32\fbowlwuh_navps.dat
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\pvfqqqi.dat
    c:\windows\system32\pvfqqqi_nav.dat
    c:\windows\system32\pvfqqqi_navps.dat
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
    .

    2009-08-02 03:05 . 2009-08-02 03:44 -------- d-----w- C:\UsbFix
    2009-08-01 23:10 . 2009-08-01 23:11 -------- d-----w- c:\program files\trend micro
    2009-08-01 23:10 . 2009-08-01 23:11 -------- d-----w- C:\rsit
    2009-08-01 16:49 . 2009-04-30 00:05 38208 ----a-w- c:\documents and settings\MICKAEL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-07-30 09:53 . 2009-08-01 16:48 67584 ----a-w- c:\documents and settings\MICKAEL\Application Data\Google\Shell32.dll
    2009-07-26 22:35 . 2009-07-26 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-26 22:35 . 2009-07-26 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-03 21:07 . 2009-07-03 21:07 422 ----a-w- c:\documents and settings\MICKAEL\Application Data\AdobeUM\socks32.exe
    2009-07-03 21:07 . 2009-07-03 21:07 16141 ----a-w- c:\documents and settings\MICKAEL\Application Data\Apple Computer\megalon.exe
    2009-07-03 21:07 . 2009-07-03 21:07 13221 ----a-w- c:\documents and settings\MICKAEL\Application Data\Adobe\reniga.dll
    2009-07-03 21:07 . 2009-07-03 21:07 131 ----a-w- c:\documents and settings\MICKAEL\Application Data\Ahead\horsi.exe
    2009-07-03 21:07 . 2009-07-03 21:07 11232 ----a-w- c:\documents and settings\MICKAEL\Application Data\AccurateRip\moha.exe
    2009-07-03 10:00 . 2009-07-03 10:00 -------- d-----w- c:\documents and settings\PAPA\Local Settings\Application Data\Google
    2009-07-03 09:57 . 2009-04-30 00:05 38208 ----a-w- c:\documents and settings\PAPA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-01 16:51 . 2006-12-23 13:46 -------- d-----w- c:\program files\eMule
    2009-08-01 16:50 . 2007-02-03 17:34 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\Hamachi
    2009-07-30 09:51 . 2007-01-09 23:23 -------- d-----w- c:\program files\Google
    2009-07-29 21:03 . 2009-07-02 07:55 -------- d-----w- c:\program files\Electronic Arts
    2009-07-29 21:03 . 2006-08-11 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-16 01:04 . 2007-11-11 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-07-02 09:25 . 2009-07-02 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-07-02 08:11 . 2009-07-02 08:11 10134 ----a-r- c:\documents and settings\MICKAEL\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-07-02 08:11 . 2009-07-02 08:11 -------- d-----w- c:\program files\Microsoft WSE
    2009-06-29 15:57 . 2006-03-04 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 15:57 . 2004-08-10 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 15:57 . 2004-08-10 20:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-23 15:14 . 2007-02-10 10:27 -------- d-----w- c:\program files\BitComet
    2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-13 12:32 . 2007-03-07 00:33 -------- d-----w- c:\program files\Project64 1.6
    2009-06-12 14:57 . 2009-06-12 14:57 -------- d-----w- c:\program files\SixaxisDriver
    2009-06-04 06:51 . 2006-08-11 17:43 79026 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-04 06:51 . 2006-08-11 17:43 479040 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-03 19:10 . 2005-08-30 04:16 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-05-07 15:33 . 2004-08-10 20:00 348672 ----a-w- c:\windows\system32\localspl.dll
    2009-05-02 01:06 . 2008-01-08 00:53 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2009-05-02 01:06 . 2008-01-08 00:53 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2009-05-02 01:06 . 2008-01-08 00:53 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-05-02 01:06 . 2008-01-08 00:53 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2009-05-02 01:06 . 2008-01-08 00:53 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
    "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
    "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-11 1519616]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\MICKAEL\Menu D‚marrer\Programmes\D‚marrage\
    hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-6-21 625952]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-23 45056]
    Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-12-24 122880]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\La Solution Ciel.lnk
    backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^MICKAEL^Menu Démarrer^Programmes^Démarrage^Registration RAYMAN]
    path=c:\documents and settings\MICKAEL\Menu Démarrer\Programmes\Démarrage\Registration RAYMAN
    backup=c:\windows\pss\Registration RAYMANStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\condition zero\\hl.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\condition zero deleted scenes\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25154:TCP"= 25154:TCP:BitComet 25154 TCP
    "25154:UDP"= 25154:UDP:BitComet 25154 UDP

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17:31 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17:31 20560]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30/01/2009 21:49 33792]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [25/03/2008 21:15 33792]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [25/05/2007 11:41 99248]
    S2 Ricov;DirectX Service;c:\windows\system32\directx.exe --> c:\windows\system32\directx.exe [?]
    S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [12/06/2009 16:57 27904]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - EAPHOST
    *NewlyCreated* - IP6FW
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-realteks - c:\documents and settings\MICKAEL\Application Data\Google\cjhhl15625481.exe


    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\MICKAEL\Application Data\Mozilla\Firefox\Profiles\t303i6ju.default\
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast - .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-02 06:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-08-02 6:04
    ComboFix-quarantined-files.txt 2009-08-02 04:04

    Pre-Run: 33 246 064 640 octets libres
    Post-Run: 33 225 285 632 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    217 --- E O F --- 2009-07-30 01:01
    a c 295 8 Sécurité
    2 Août 2009 06:20:18

    /!\ Seul micka84_62 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    Ricov

    File::
    c:\documents and settings\MICKAEL\Application Data\AdobeUM\socks32.exe
    c:\documents and settings\MICKAEL\Application Data\Apple Computer\megalon.exe
    c:\documents and settings\MICKAEL\Application Data\Adobe\reniga.dll
    c:\documents and settings\MICKAEL\Application Data\Ahead\horsi.exe
    c:\documents and settings\MICKAEL\Application Data\AccurateRip\moha.exe
    c:\windows\system32\directx.exe

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\drivers\\svchost.exe"=-

    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    2 Août 2009 06:41:40

    ComboFix 09-08-01.06 - MICKAEL 02/08/2009 6:25.2.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.766.429 [GMT 2:00]
    Running from: c:\downloads\ComboFix.exe
    Command switches used :: c:\downloads\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090630-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\documents and settings\MICKAEL\Application Data\AccurateRip\moha.exe"
    "c:\documents and settings\MICKAEL\Application Data\Adobe\reniga.dll"
    "c:\documents and settings\MICKAEL\Application Data\AdobeUM\socks32.exe"
    "c:\documents and settings\MICKAEL\Application Data\Ahead\horsi.exe"
    "c:\documents and settings\MICKAEL\Application Data\Apple Computer\megalon.exe"
    "c:\windows\system32\directx.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\MICKAEL\Application Data\AccurateRip\moha.exe
    c:\documents and settings\MICKAEL\Application Data\Adobe\reniga.dll
    c:\documents and settings\MICKAEL\Application Data\AdobeUM\socks32.exe
    c:\documents and settings\MICKAEL\Application Data\Ahead\horsi.exe
    c:\documents and settings\MICKAEL\Application Data\Apple Computer\megalon.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RICOV
    -------\Service_Ricov


    ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
    .

    2009-08-02 03:05 . 2009-08-02 03:44 -------- d-----w- C:\UsbFix
    2009-08-01 23:10 . 2009-08-01 23:11 -------- d-----w- c:\program files\trend micro
    2009-08-01 23:10 . 2009-08-01 23:11 -------- d-----w- C:\rsit
    2009-08-01 16:49 . 2009-04-30 00:05 38208 ----a-w- c:\documents and settings\MICKAEL\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-07-30 09:53 . 2009-08-01 16:48 67584 ----a-w- c:\documents and settings\MICKAEL\Application Data\Google\Shell32.dll
    2009-07-26 22:35 . 2009-07-26 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-26 22:35 . 2009-07-26 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-03 10:00 . 2009-07-03 10:00 -------- d-----w- c:\documents and settings\PAPA\Local Settings\Application Data\Google
    2009-07-03 09:57 . 2009-04-30 00:05 38208 ----a-w- c:\documents and settings\PAPA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-02 04:36 . 2006-12-23 13:46 -------- d-----w- c:\program files\eMule
    2009-08-02 04:36 . 2007-02-03 17:34 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\Hamachi
    2009-08-02 04:29 . 2007-03-17 09:25 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\Apple Computer
    2009-08-02 04:29 . 2007-01-09 18:37 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\AdobeUM
    2009-08-02 04:29 . 2007-01-06 05:44 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\Ahead
    2009-08-02 04:29 . 2008-02-02 20:07 -------- d-----w- c:\documents and settings\MICKAEL\Application Data\AccurateRip
    2009-07-30 09:51 . 2007-01-09 23:23 -------- d-----w- c:\program files\Google
    2009-07-29 21:03 . 2009-07-02 07:55 -------- d-----w- c:\program files\Electronic Arts
    2009-07-29 21:03 . 2006-08-11 17:53 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-16 01:04 . 2007-11-11 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-07-02 09:25 . 2009-07-02 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-07-02 08:11 . 2009-07-02 08:11 10134 ----a-r- c:\documents and settings\MICKAEL\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-07-02 08:11 . 2009-07-02 08:11 -------- d-----w- c:\program files\Microsoft WSE
    2009-06-29 15:57 . 2006-03-04 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 15:57 . 2004-08-10 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 15:57 . 2004-08-10 20:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-23 15:14 . 2007-02-10 10:27 -------- d-----w- c:\program files\BitComet
    2009-06-16 14:40 . 2005-10-17 21:21 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:40 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-13 12:32 . 2007-03-07 00:33 -------- d-----w- c:\program files\Project64 1.6
    2009-06-12 14:57 . 2009-06-12 14:57 -------- d-----w- c:\program files\SixaxisDriver
    2009-06-04 06:51 . 2006-08-11 17:43 79026 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-04 06:51 . 2006-08-11 17:43 479040 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-03 19:10 . 2005-08-30 04:16 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-05-07 15:33 . 2004-08-10 20:00 348672 ----a-w- c:\windows\system32\localspl.dll
    2009-05-02 01:06 . 2008-01-08 00:53 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2009-05-02 01:06 . 2008-01-08 00:53 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2009-05-02 01:06 . 2008-01-08 00:53 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-05-02 01:06 . 2008-01-08 00:53 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2009-05-02 01:06 . 2008-01-08 00:53 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-02_04.02.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-02 04:32 . 2009-08-02 04:32 16384 c:\windows\temp\Perflib_Perfdata_690.dat
    + 2009-08-02 04:32 . 2009-08-02 04:32 16384 c:\windows\temp\Perflib_Perfdata_628.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
    "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2008-08-01 5480448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
    "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
    "lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-12-20 37376]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
    "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-04-28 170072]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-11 1519616]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-01 16208384]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\MICKAEL\Menu D‚marrer\Programmes\D‚marrage\
    hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-6-21 625952]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-23 45056]
    Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-12-24 122880]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\La Solution Ciel.lnk
    backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^MICKAEL^Menu Démarrer^Programmes^Démarrage^Registration RAYMAN]
    path=c:\documents and settings\MICKAEL\Menu Démarrer\Programmes\Démarrage\Registration RAYMAN
    backup=c:\windows\pss\Registration RAYMANStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\counter-strike\\hl.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\condition zero\\hl.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Valve\\Steam\\SteamApps\\mickacana19\\condition zero deleted scenes\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "25154:TCP"= 25154:TCP:BitComet 25154 TCP
    "25154:UDP"= 25154:UDP:BitComet 25154 UDP

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/04/2008 17:31 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/04/2008 17:31 20560]
    R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [28/04/2009 17:33 188416]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30/01/2009 21:49 33792]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [25/03/2008 21:15 33792]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [25/05/2007 11:41 99248]
    S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [12/06/2009 16:57 27904]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\MICKAEL\Application Data\Mozilla\Firefox\Profiles\t303i6ju.default\
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast - .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-02 06:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1156)
    c:\windows\system32\MSNCHATHOOK.DLL
    c:\windows\system32\sysenv.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\MFC71U.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\acer\Empowering Technology\ePerformance\MemCheck.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\windows\ehome\ehrec.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\system32\lxddcoms.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-02 6:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-02 04:39
    ComboFix2.txt 2009-08-02 04:04

    Pre-Run: 33 220 235 264 octets libres
    Post-Run: 33 093 431 296 octets libres

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    240 --- E O F --- 2009-07-30 01:01
    a c 295 8 Sécurité
    2 Août 2009 06:49:22

  • Désinstalle UsbFix.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Refais un scan RSIT et poste le rapport log.
    2 Août 2009 06:52:34

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by MICKAEL at 2009-08-02 06:52:29
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 32 GB (28%) free of 116 GB
    Total RAM: 766 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:52:32, on 02/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\RSIT.exe
    C:\Program Files\trend micro\MICKAEL.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 12552 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 158272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "LaunchApp"=Alaunch []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
    "nwiz"=nwiz.exe /install []
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016]
    "Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152]
    "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
    "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
    "lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
    "lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
    "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-11 312240]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-12-20 37376]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
    "CANAL+ CANALSAT A LA DEMANDE"=C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe [2009-04-28 170072]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\valve\steam\steam.exe -silent []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    C:\PROGRA~1\Ciel\Starter.exe [2006-07-06 524288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MICKAEL^Menu Démarrer^Programmes^Démarrage^Registration RAYMAN]
    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage\Registration RAYMAN []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "HonorAutoRunSetting"=1
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:D evice Monitor Application"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:D isabled:EA Download Manager"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    ======List of files/folders created in the last 1 months======

    2009-08-02 06:51:59 ----SD---- C:\ComboFix
    2009-08-02 06:42:56 ----SHD---- C:\RECYCLER
    2009-08-02 06:40:00 ----A---- C:\ComboFix.txt
    2009-08-02 05:55:26 ----D---- C:\WINDOWS\ERDNT
    2009-08-02 05:42:21 ----RASHD---- C:\autorun.inf
    2009-08-02 05:38:39 ----A---- C:\UsbFix.txt
    2009-08-02 01:10:45 ----D---- C:\Program Files\trend micro
    2009-08-02 01:10:43 ----D---- C:\rsit
    2009-07-27 01:15:03 ----A---- C:\WINDOWS\wininit.ini
    2009-07-27 00:35:12 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-27 00:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-16 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-02 06:52:14 ----AD---- C:\WINDOWS
    2009-08-02 06:52:08 ----D---- C:\Downloads
    2009-08-02 06:52:08 ----AD---- C:\WINDOWS\system32
    2009-08-02 06:52:00 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-02 06:51:17 ----D---- C:\WINDOWS\temp
    2009-08-02 06:41:10 ----A---- C:\WINDOWS\win.ini
    2009-08-02 06:40:02 ----AD---- C:\WINDOWS\system32\drivers
    2009-08-02 06:36:36 ----D---- C:\Program Files\eMule
    2009-08-02 06:36:33 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Hamachi
    2009-08-02 06:35:59 ----D---- C:\WINDOWS\Prefetch
    2009-08-02 06:34:13 ----A---- C:\WINDOWS\system.ini
    2009-08-02 06:30:37 ----D---- C:\WINDOWS\system32\config
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Apple Computer
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Ahead
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\AdobeUM
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Adobe
    2009-08-02 06:29:58 ----D---- C:\Documents and Settings\MICKAEL\Application Data\AccurateRip
    2009-08-02 06:29:03 ----D---- C:\WINDOWS\AppPatch
    2009-08-02 06:29:00 ----D---- C:\Program Files\Fichiers communs
    2009-08-02 06:24:53 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-02 06:20:52 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-02 06:03:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-02 06:01:38 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Google
    2009-08-02 01:10:45 ----D---- C:\Program Files
    2009-08-01 18:46:51 ----HD---- C:\WINDOWS\inf
    2009-08-01 01:45:37 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-30 11:51:22 ----D---- C:\Program Files\Movie Maker
    2009-07-30 11:51:22 ----D---- C:\Program Files\Google
    2009-07-30 03:01:00 ----D---- C:\WINDOWS\system32\fr-fr
    2009-07-30 03:01:00 ----D---- C:\Program Files\Internet Explorer
    2009-07-30 03:00:50 ----D---- C:\WINDOWS\ie7updates
    2009-07-30 03:00:29 ----SHD---- C:\WINDOWS\Installer
    2009-07-30 03:00:28 ----D---- C:\WINDOWS\WinSxS
    2009-07-29 23:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-07-29 23:03:56 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-29 23:03:56 ----D---- C:\Program Files\Electronic Arts
    2009-07-29 09:55:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-27 01:37:49 ----A---- C:\rapport.txt
    2009-07-27 01:36:02 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-07-23 13:02:06 ----D---- C:\WINDOWS\Debug
    2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-16 03:04:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-11 15:16:07 ----D---- C:\WINDOWS\network diagnostic
    2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
    R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
    R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-21 25280]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S3 XPADFL02;XPAD Filter Service 02; C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-04-28 188416]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]
    R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-19 66872]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe /h ccCommon []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    -----------------EOF-----------------
    2 Août 2009 11:54:52

    est ce que c'est fini?
    a c 295 8 Sécurité
    2 Août 2009 16:37:08

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 10
    - J2SE Runtime Environment 5.0 Update 11
    - J2SE Runtime Environment 5.0 Update 6
    - Java 6 Update 11
    - Java 6 Update 7

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    2 Août 2009 17:36:28

    Malwarebytes' Anti-Malware 1.39
    Version de la base de données: 2546
    Windows 5.1.2600 Service Pack 3

    02/08/2009 17:33:21
    mbam-log-2009-08-02 (17-33-21).txt

    Type de recherche: Examen rapide
    Eléments examinés: 118574
    Temps écoulé: 6 minute(s), 29 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{60422bd5-70f0-4edf-9aef-3267c4db3770} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{731b8592-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{731b8682-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\WINDOWS\system32\mpeg2dmx.ax (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\documents and settings\MICKAEL\application data\Google\Shell32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    a c 295 8 Sécurité
    2 Août 2009 17:53:04

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Supprime les traces de Norton avec ceci.

  • Fais un scan avec Kaspersky Online Scanner et poste le rapport.
    2 Août 2009 20:47:20

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: rapport d'analyse
    dimanche 2 août 2009
    Système d'exploitation : Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Version de Kaspersky Online Scanner : 7.0.26.13
    Dernière mise à jour de la base : Sunday, August 02, 2009 18:08:48
    Enregistrements dans la base : 2575477
    --------------------------------------------------------------------------------

    Paramètres d'analyse:
    analyser avec la base suivante: étendue
    Analyser les archives: oui
    Analyser les bases de messagerie: oui

    Zone d'analyse - Poste de travail:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    M:\

    Statistiques d'analyse:
    Objets analysés: 90053
    Menaces trouvées: 0
    Objets infectés trouvés: 0
    Objets suspects trouvés: 0
    Durée d'analyse: 02:05:20

    Aucune menace trouvée. La zone d'analyse est propre.

    La zone sélectionnée a été analysée.
    2 Août 2009 23:31:52

    voila je vous remercie de ce que vous faites pour moi.
    par contre ma connexion internet est toujours aussi lente je ne comprend pas
    a c 295 8 Sécurité
    3 Août 2009 05:41:29

  • Refais un scan RSIT et poste le rapport log.
    3 Août 2009 12:55:28

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by MICKAEL at 2009-08-03 12:54:50
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 32 GB (28%) free of 116 GB
    Total RAM: 766 MB (27% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55:05, on 03/08/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\libusbd-nt.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\RSIT.exe
    C:\Program Files\trend micro\MICKAEL.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoD...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 12609 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 158272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-02 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-02 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "LaunchApp"=Alaunch []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-12 7626752]
    "nwiz"=nwiz.exe /install []
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
    "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
    "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-07-12 86016]
    "Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152]
    "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
    "eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
    "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
    "lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
    "lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
    "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-06-11 312240]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-12-20 37376]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
    "CANAL+ CANALSAT A LA DEMANDE"=C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe [2009-04-28 170072]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-02 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-08-01 5480448]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"=C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE [2007-05-02 383216]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\valve\steam\steam.exe -silent []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    C:\PROGRA~1\Ciel\Starter.exe [2006-07-06 524288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MICKAEL^Menu Démarrer^Programmes^Démarrage^Registration RAYMAN]
    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage\Registration RAYMAN []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

    C:\Documents and Settings\MICKAEL\Menu Démarrer\Programmes\Démarrage
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "HonorAutoRunSetting"=1
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:D evice Monitor Application"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
    "C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\mickacana19\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:D isabled:EA Download Manager"
    "C:\Documents and Settings\MICKAEL\Local Settings\temp\7zS1.tmp\SymNRT.exe"="C:\Documents and Settings\MICKAEL\Local Settings\temp\7zS1.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:p rinting Application"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

    ======List of files/folders created in the last 1 months======

    2009-08-02 17:57:42 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2009-08-02 17:23:30 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Malwarebytes
    2009-08-02 17:23:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-02 17:23:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-02 17:11:15 ----SHD---- C:\Config.Msi
    2009-08-02 16:53:14 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-08-02 16:53:13 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-08-02 16:53:13 ----A---- C:\WINDOWS\system32\java.exe
    2009-08-02 06:51:59 ----SD---- C:\ComboFix
    2009-08-02 06:42:56 ----SHD---- C:\RECYCLER
    2009-08-02 06:40:00 ----A---- C:\ComboFix.txt
    2009-08-02 05:55:26 ----D---- C:\WINDOWS\ERDNT
    2009-08-02 05:42:21 ----RASHD---- C:\autorun.inf
    2009-08-02 05:38:39 ----A---- C:\UsbFix.txt
    2009-08-02 01:10:45 ----D---- C:\Program Files\trend micro
    2009-08-02 01:10:43 ----D---- C:\rsit
    2009-07-27 01:15:03 ----A---- C:\WINDOWS\wininit.ini
    2009-07-27 00:35:12 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-27 00:35:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-16 03:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-16 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-16 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

    ======List of files/folders modified in the last 1 months======

    2009-08-03 12:54:55 ----D---- C:\WINDOWS\Prefetch
    2009-08-03 12:49:22 ----D---- C:\WINDOWS\temp
    2009-08-03 02:49:30 ----D---- C:\Downloads
    2009-08-02 20:56:28 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Hamachi
    2009-08-02 20:53:59 ----A---- C:\WINDOWS\win.ini
    2009-08-02 20:53:41 ----D---- C:\Program Files\eMule
    2009-08-02 20:53:25 ----AD---- C:\WINDOWS
    2009-08-02 20:51:28 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-02 18:00:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-02 17:59:01 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
    2009-08-02 17:38:47 ----AD---- C:\WINDOWS\system32\drivers
    2009-08-02 17:33:21 ----AD---- C:\WINDOWS\system32
    2009-08-02 17:23:23 ----D---- C:\Program Files
    2009-08-02 17:14:57 ----D---- C:\WINDOWS\system32\Restore
    2009-08-02 17:14:54 ----SHD---- C:\System Volume Information
    2009-08-02 17:12:32 ----SHD---- C:\WINDOWS\Installer
    2009-08-02 17:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-08-02 17:11:58 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-08-02 17:11:32 ----D---- C:\Program Files\Adobe
    2009-08-02 16:53:00 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-08-02 16:52:56 ----D---- C:\Program Files\Java
    2009-08-02 16:42:58 ----D---- C:\Program Files\Fichiers communs
    2009-08-02 16:42:00 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-08-02 14:01:38 ----D---- C:\Program Files\Mozilla Firefox
    2009-08-02 06:34:13 ----A---- C:\WINDOWS\system.ini
    2009-08-02 06:30:37 ----D---- C:\WINDOWS\system32\config
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Apple Computer
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Ahead
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\AdobeUM
    2009-08-02 06:29:59 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Adobe
    2009-08-02 06:29:58 ----D---- C:\Documents and Settings\MICKAEL\Application Data\AccurateRip
    2009-08-02 06:29:03 ----D---- C:\WINDOWS\AppPatch
    2009-08-02 06:03:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-02 06:01:38 ----D---- C:\Documents and Settings\MICKAEL\Application Data\Google
    2009-08-01 18:46:51 ----HD---- C:\WINDOWS\inf
    2009-08-01 01:45:37 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-30 11:51:22 ----D---- C:\Program Files\Movie Maker
    2009-07-30 11:51:22 ----D---- C:\Program Files\Google
    2009-07-30 03:01:00 ----D---- C:\WINDOWS\system32\fr-fr
    2009-07-30 03:01:00 ----D---- C:\Program Files\Internet Explorer
    2009-07-30 03:00:50 ----D---- C:\WINDOWS\ie7updates
    2009-07-30 03:00:28 ----D---- C:\WINDOWS\WinSxS
    2009-07-29 23:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2009-07-29 23:03:56 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-29 23:03:56 ----D---- C:\Program Files\Electronic Arts
    2009-07-29 09:55:00 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-27 01:37:49 ----A---- C:\rapport.txt
    2009-07-27 01:36:02 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-07-23 13:02:06 ----D---- C:\WINDOWS\Debug
    2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-16 03:04:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-11 15:16:07 ----D---- C:\WINDOWS\network diagnostic
    2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-12 3934592]
    R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
    R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
    R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-21 25280]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 XPADFL02;XPAD Filter Service 02; C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
    S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-04-28 188416]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-02 152984]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]
    R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-12 155715]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-19 66872]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe []
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    -----------------EOF-----------------
    a c 295 8 Sécurité
    3 Août 2009 20:09:32

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\drivers\svchost.exe"=-

    :files
    C:\WINDOWS\system32\tmp.txt

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    4 Août 2009 01:36:58

    All processes killed
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
    ========== FILES ==========
    C:\WINDOWS\system32\tmp.txt moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: MAMAN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 112094 bytes

    User: MICKAEL
    ->Temp folder emptied: 95728863 bytes
    ->Temporary Internet Files folder emptied: 187575644 bytes
    ->Java cache emptied: 16174829 bytes
    ->FireFox cache emptied: 7812812 bytes
    ->Google Chrome cache emptied: 6887306 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: PAPA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->FireFox cache emptied: 3623974 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39097 bytes
    %systemroot%\System32 .tmp files removed: 61371904 bytes
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied: 115352 bytes
    RecycleBin emptied: 2847 bytes

    Total Files Cleaned = 362,07 mb


    OTM by OldTimer - Version 3.0.0.5 log created on 08042009_012743

    Files moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_678.dat moved successfully.

    Registry entries deleted on Reboot...
    a c 295 8 Sécurité
    4 Août 2009 02:58:39

    Plus de souci ?
    4 Août 2009 08:34:59

    niveau navigation internet c revenu a la normal par contre si je veux aller sur des sites comme dailymotionc'est devenu impossible tellement la video que je veux regarder est lente a se charger mais bon pour le reste tout est revenu impeccable
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS