Se connecter / S'enregistrer
Votre question

[Résolu] Modification du registre detectée

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Juillet 2009 08:26:17

Bonjour a tous :) 

Alors voila, depuis peu je me bats contre mon PC. tout a commencé par le fameux bug de l'accent circonflexe. J'en suis venu a bout grâce aux indications lues sur ce forum.
Ensuite j'ai eu le droit aux processus b.exe et c.exe, il me semble que j'en suis venu a bout aussi. Ensuite un bug bizarre faisait qu'a chaque démarrage, il fallait que je débranche et rebranche mon câble RJ45 pour que ma connexion au net s'active.

A présent, au bout d'une heure en gros, le système devient super lent, la frappe au clavier est difficile, il est très dur d'ouvrir le gestionnaire des taches windows et mon processeur m'indique une surcharge (en fait c'est en train de commencer :/ ) Avast, Adaware, etc. n'y ont rien fait.

Ad-watch m'indique au bout de cette heure qu'il y a eu environ 5000 "Modification du registre détectée". (6000 à la fin de ce post).

bref, sans plus tarder je vous colle le rapport hijack dans le spoiler qui suit, merci à tous ceux qui m'aideront.

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20:04, on 11/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\drivers\services.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\drivers\services.exe
C:\Documents and Settings\Administrateur\svchost.exe
C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\EXPERTool ATI\TBPanel.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\windows\system32\drivers\services.exe
C:\Documents and Settings\Administrateur\svchost.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\windows\system32\taskmgr.exe
C:\Documents and Settings\Administrateur\Bureau\buse\buse.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Administrateur\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\windows\system32\drivers\services.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A2964E1-8474-481D-AD7D-06C0467C20BD} - C:\WINDOWS\system32\amdpcom3.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\windows\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\windows\system32\drivers\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: userinit.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSDV Driver (msdvdr) - Unknown owner - C:\windows\system32\msdvdr.pif
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorNetTcpPortSharing (RpcLocatorNetTcpPortSharing) - Unknown owner - C:\windows\system32\acelpdecb.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 10262 bytes

Autres pages sur : rasolu modification registre detectae

a c 295 8 Sécurité
11 Juillet 2009 17:21:49

Bonjour,

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    m
    0
    l
    12 Juillet 2009 01:05:00

    merci de me filer un coup de main :) 
    Le rapport est dans le spoiler qui suit.

    Spoiler

    ComboFix 09-07-09.08 - Administrateur 12/07/2009 0:52.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1408 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\combo\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .
    /wow section - STAGE 8
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

    /wow section - STAGE 32A
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

    /wow section - STAGE 33
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

    /wow section - STAGE 34
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrateur\Administrateur.exe
    c:\documents and settings\Administrateur\Application Data\Microsoft\profile.dat
    c:\documents and settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\documents and settings\Administrateur\svchost.exe
    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll
    c:\documents and settings\brizio\Bureau\WebMediaPlayer.lnk
    c:\documents and settings\brizio\eula.txt
    c:\documents and settings\LocalService.AUTORITE NT\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\documents and settings\LocalService.AUTORITE NT\svchost.exe
    c:\documents and settings\NetworkService.AUTORITE NT\oashdihasidhasuidhiasdhiashdiuasdhasd
    c:\program files\webmediaplayer
    c:\program files\webmediaplayer\resources\languages.xml
    c:\program files\webmediaplayer\resources\webmedias
    c:\program files\webmediaplayer\skins\classic.skn
    c:\program files\webmediaplayer\sqlite3.dll
    c:\program files\webmediaplayer\WebMediaPlayer.url
    c:\recycler\S-1-5-21-725345543-1547161642-2147208981-1003
    C:\userinit.exe
    c:\windows\Installer\36c588b.msi
    c:\windows\Installer\36c588f.msi
    c:\windows\Installer\7d60598.msp
    c:\windows\Installer\a8e93.msi
    c:\windows\msa.exe
    c:\windows\system32\_000023_.tmp.dll
    c:\windows\system32\_000024_.tmp.dll
    c:\windows\system32\_000025_.tmp.dll
    c:\windows\system32\_000026_.tmp.dll
    c:\windows\system32\acelpdecb.exe
    c:\windows\system32\ATIODCLI.exe
    c:\windows\system32\ATIODE.exe
    c:\windows\system32\calc.ifo
    c:\windows\system32\config\systemprofile\Application Data\Microsoft\profile.dat
    c:\windows\system32\drivers\i386si.sys
    c:\windows\system32\drivers\ksi32sk.sys
    c:\windows\system32\drivers\securentm.sys
    c:\windows\system32\drivers\services.exe
    c:\windows\system32\drivers\systemntmi.sys
    c:\windows\system32\drivers\ws2_32sik.sys
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\msconfig.exe
    c:\windows\system32\msdvdr.dat
    c:\windows\system32\msdvdr.pif
    c:\windows\system32\sdra64.exe
    c:\windows\system32\sysdm.exe
    c:\windows\system32\uninstall.exe
    c:\windows\system32\wsnpoema
    c:\windows\system32\wsnpoema.exe
    c:\windows\system32\wsnpoema\audio.dll
    c:\windows\system32\wsnpoema\video.dll
    c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
    c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ATI64SI
    -------\Legacy_FIPS32CUP
    -------\Legacy_I386SI
    -------\Legacy_KSI32SK
    -------\Legacy_MSDVDR
    -------\Legacy_NETSIK
    -------\Legacy_NICSK32
    -------\Legacy_PORT135SIK
    -------\Legacy_RPCLOCATORNETTCPPORTSHARING
    -------\Legacy_SECURENTM
    -------\Legacy_SYSTEMNTMI
    -------\Legacy_WS2_32SIK
    -------\Service_i386si
    -------\Service_ksi32sk
    -------\Service_msdvdDrv
    -------\Service_msdvdr
    -------\Service_RpcLocatorNetTcpPortSharing
    -------\Service_securentm
    -------\Service_systemntmi
    -------\Service_ws2_32sik


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-11 au 2009-07-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-06-30 17:34 . 2009-06-30 17:34 16384 --sha-w- c:\windows\system32\actxprxyd.dll
    2009-06-30 17:33 . 2009-06-30 17:34 88 --s-a-w- c:\windows\system32\3404731892.dat
    2009-06-29 05:32 . 2009-06-29 05:24 33124 ---h--w- c:\documents and settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
    2009-06-29 05:32 . 2009-06-29 05:23 33124 ---h--w- c:\documents and settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
    2009-06-28 16:59 . 2009-06-28 19:41 -------- d-----w- c:\documents and settings\Administrateur\.housecall6.6
    2009-06-28 07:15 . 2009-06-28 07:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-16 05:38 . 2009-02-03 20:10 55808 -c----w- c:\windows\system32\dllcache\secur32.dll
    2009-06-16 05:38 . 2009-05-07 15:30 349184 -c----w- c:\windows\system32\dllcache\localspl.dll
    2009-06-16 05:38 . 2008-06-12 13:48 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
    2009-06-16 05:38 . 2008-06-12 13:48 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
    2009-06-16 05:38 . 2008-06-12 13:48 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
    2009-06-16 05:38 . 2008-06-12 13:48 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
    2009-06-16 05:38 . 2008-06-12 13:48 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
    2009-06-16 05:38 . 2008-06-12 13:48 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
    2009-06-16 05:34 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-06-16 05:34 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-06-16 05:30 . 2005-07-26 04:29 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
    2009-06-16 05:30 . 2009-03-06 14:00 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
    2009-06-16 05:30 . 2009-02-09 10:03 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2009-06-16 05:30 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2009-06-16 05:30 . 2009-02-09 10:03 740352 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2009-06-16 05:30 . 2009-02-09 10:03 686080 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2009-06-16 05:30 . 2009-02-09 10:03 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2009-06-16 05:30 . 2009-02-09 09:53 111104 -c----w- c:\windows\system32\dllcache\services.exe
    2009-06-16 05:30 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
    2009-06-16 05:27 . 2008-12-16 12:49 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
    2009-06-16 05:26 . 2008-04-21 21:27 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-11 22:49 . 2008-03-23 22:23 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4
    2009-07-11 10:43 . 2009-02-21 09:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-10 21:15 . 2008-04-20 14:51 -------- d-----w- c:\program files\Ad-Aware
    2009-07-08 20:09 . 2008-04-20 21:31 138512 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-07-08 20:09 . 2008-04-20 21:31 201440 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-07-06 06:12 . 2009-03-09 13:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-28 19:36 . 2008-04-05 16:52 -------- d-----w- c:\program files\Ripp-it_AM
    2009-06-26 21:26 . 2008-05-03 12:22 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-26 21:03 . 2008-05-31 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Azureus
    2009-06-26 05:09 . 2007-09-23 17:16 -------- d-----w- c:\program files\Google
    2009-06-24 19:23 . 2007-05-23 17:41 -------- d-----w- c:\program files\HomePlayer1.5.1.1
    2009-05-13 05:04 . 2004-08-28 14:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-07 15:30 . 2004-08-28 14:00 349184 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 03:30 . 2008-08-06 07:20 3643904 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2009-04-29 02:18 . 2008-10-24 15:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2009-04-29 02:17 . 2008-08-06 07:20 335872 ----a-w- c:\windows\system32\ati2dvag.dll
    2009-04-29 02:07 . 2008-08-06 07:20 204800 ----a-w- c:\windows\system32\atipdlxx.dll
    2009-04-29 02:06 . 2008-08-06 07:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2009-04-29 02:06 . 2008-08-06 07:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2009-04-29 02:06 . 2008-08-06 07:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2009-04-29 02:06 . 2008-08-06 07:20 155648 ----a-w- c:\windows\system32\ati2evxx.dll
    2009-04-29 02:04 . 2008-08-06 07:20 602112 ----a-w- c:\windows\system32\ati2evxx.exe
    2009-04-29 02:03 . 2008-08-06 07:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2009-04-29 02:00 . 2008-10-24 15:56 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2009-04-29 01:56 . 2008-08-06 07:20 2997536 ----a-w- c:\windows\system32\ati3duag.dll
    2009-04-29 01:45 . 2008-09-24 02:09 11603968 ----a-w- c:\windows\system32\atioglxx.dll
    2009-04-29 01:42 . 2008-08-06 07:20 2687872 ----a-w- c:\windows\system32\ativvaxx.dll
    2009-04-29 01:26 . 2009-04-29 01:26 49664 ----a-w- c:\windows\system32\atimpc32.dll
    2009-04-29 01:26 . 2008-08-06 07:20 49664 ----a-w- c:\windows\system32\amdpcom32.dll
    2009-04-29 01:22 . 2008-08-06 07:20 479232 ----a-w- c:\windows\system32\atikvmag.dll
    2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
    2009-04-29 01:20 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
    2009-04-29 01:20 . 2008-08-06 07:20 135168 ----a-w- c:\windows\system32\atiadlxx.dll
    2009-04-29 01:19 . 2008-08-06 07:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2009-04-29 01:19 . 2008-08-06 07:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2009-04-29 01:18 . 2009-04-29 01:18 3280896 ----a-w- c:\windows\system32\aticaldd.dll
    2009-04-29 01:17 . 2008-08-06 07:20 303104 ----a-w- c:\windows\system32\atiok3x2.dll
    2009-04-29 01:13 . 2008-08-06 07:20 630784 ----a-w- c:\windows\system32\ati2cqag.dll
    2009-04-28 19:05 . 2008-10-24 15:56 593920 ------w- c:\windows\system32\ati2sgag.exe
    2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
    2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
    2009-04-19 20:09 . 2004-08-28 14:00 1846784 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 15:17 . 2004-08-28 14:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
    2008-02-08 07:35 . 2007-06-02 16:00 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
    2008-02-08 07:35 . 2007-06-02 16:00 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2008-02-08 07:35 . 2007-06-02 16:00 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
    2008-02-08 07:35 . 2007-06-02 16:00 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2008-02-08 07:35 . 2007-06-02 16:00 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ------- Sigcheck -------

    [-] 2008-04-14 02:33 15360 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ctfmon.exe
    [-] 2004-08-28 14:00 25088 43836CFFABAC8D6779E8EE55E308DF2C c:\windows\system32\ctfmon.exe

    [-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\sfcfiles.dll
    [-] 2004-08-28 14:00 1548288 F6AE0589111ACEFDC7A109A30A60E2A6 c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-28 25088]
    "IE Privacy Keeper"="c:\program files\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
    "Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360]
    "AWMON"="c:\program files\Ad-Aware\Ad-Watch.exe" [2005-05-25 517632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224]
    "VisualTaskTips"="c:\windows\System32\VisualTaskTips.exe" [2004-08-28 36864]
    "TransBar"="c:\windows\System32\TransBar.exe" [2004-08-28 65536]
    "Styler"="c:\program files\styler\Styler.exe" [2006-05-03 307200]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2003-10-21 2334792]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-03-28 413696]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

    c:\documents and settings\brizio\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    HomePlayer.lnk - c:\program files\HomePlayer1.5.0.2\HomePlayer.exe [2007-2-6 184320]
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-4-9 546816]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    userinit.exe [2009-3-21 27648]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=SMNT40.dll
    "wave1"=SMNT40.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\QuakeWars\\etqwded.exe"=
    "d:\\QuakeWars\\etqw.exe"=
    "e:\\MircAndy\\mirc.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\HomePlayer1.5.1.1\\HomePlayer.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Emote\\Launcher\\launcher.exe"=
    "c:\\Program Files\\MeuhMeuhTV\\MeuhMeuhTV.exe"=
    "c:\\Program Files\\XBMC\\XBMC.exe"=
    "c:\\windows\\system32\\Ati2evxx.exe"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\CDBurnerXP\\NMSAccessU.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\alg.exe"=
    "c:\\windows\\system32\\wbem\\wmiprvse.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_06\\bin\\jucheck.exe"=
    "c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
    "c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
    "c:\\WINDOWS\\system32\\WgaTray.exe"=
    "d:\\Wolfenstein\\et.exe"=
    "d:\\ArmA 2\\arma2.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\POWERPNT.EXE"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\windows\\system32\\SNDVOL32.EXE"=
    "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
    "c:\\Program Files\\Ad-Aware\\Ad-Watch.exe"=
    "c:\\Program Files\\Windows Sidebar\\sidebar.exe"=
    "c:\\Program Files\\Ad-Aware\\Ad-Aware.exe"=
    "c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=
    "c:\\WINDOWS\\system32\\ssmypics.scr"=
    "c:\\Program Files\\UberIcon\\UberIcon Manager.exe"=
    "c:\\Windows\\System32\\VisualTaskTips.exe"=
    "c:\\Program Files\\Windows Defender\\MSASCui.exe"=
    "c:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe"=
    "c:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe"=
    "c:\\Program Files\\IE Privacy Keeper\\IEPrivacyKeeper.exe"=
    "c:\\Program Files\\DAEMON Tools\\daemon.exe"=
    "c:\\Program Files\\EXPERTool ATI\\TBPanel.exe"=
    "c:\\Documents and Settings\\Administrateur\\Menu Démarrer\\Programmes\\Démarrage\\userinit.exe"=
    "c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\ccc.exe"=
    "c:\\Documents and Settings\\Administrateur\\Bureau\\combo\\ComboFix.exe"=
    "c:\\windows\\system32\\taskmgr.exe"=
    "c:\\ComboFix\\NirCmdC.cfexe"=
    "c:\\windows\\system32\\wuauclt.exe"=
    "c:\\ComboFix\\Nircmd.com"=
    "c:\\ComboFix\\Catchme.tmp"=
    "c:\\WINDOWS\\PEV.exe"=
    "c:\\ComboFix\\pev.cfexe"=
    "c:\\ComboFix\\PV.cfexe"=
    "c:\\ComboFix\\FINDSTR.cfexe"=
    "c:\\windows\\system32\\netsh.exe"=
    "c:\\windows\\system32\\CF2982.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6081:TCP"= 6081:TCP:RPC

    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [24/10/2008 17:56 93696]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [19/04/2008 19:45 472644]
    S0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27/04/2003 12:39 8704]
    S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 11:54 133104]
    S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [07/06/2008 18:59 12672]
    S3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27/04/2003 11:43 99360]
    S4 SMNT40;SMNT40;c:\windows\system32\drivers\SMNT40.sys [04/05/2008 15:51 161576]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - HELPSVC

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenu du dossier 'Tâches planifiées'

    2009-07-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-23 22:07]

    2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 09:54]

    2009-07-11 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{2A2964E1-8474-481D-AD7D-06C0467C20BD} - c:\windows\system32\amdpcom3.dll
    HKCU-Run-Steam - j:\steam\steam.exe
    HKCU-Run-RGSC - j:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKCU-Run-Administrateur - c:\documents and settings\Administrateur\Administrateur.exe
    HKLM-Run-Vistadrv - c:\windows\system32\Vistadrive\vsdrv.exe
    HKLM-Run-Adobe Photo Downloader - l:\adobe photoshop lightroom 1.4\apdproxy.exe
    HKLM-Run-Bfovusukas - c:\windows\Ugeta.dll
    HKU-Default-Run-[system] - c:\windows\system32\drivers\services.exe
    HKU-Default-Run-winlogon - c:\documents and settings\LocalService.AUTORITE NT\svchost.exe


    .
    ------- Examen supplémentaire -------
    .
    uSearch Page = hxxp://www.google.fr
    uStart Page = hxxp://www.google.fr
    uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
    mDefault_Page_URL = hxxp://www.google.fr
    mStart Page = hxxp://www.google.fr
    uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\6mlw5ys5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.fr
    FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox 3 Beta 4\plugins\npcosmop211.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 4\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-12 00:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\windows\TEMP\TMP00000013179F8117EC678CBC 524288 bytes

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1177238915-573735546-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,e2,12,cf,67,15,e4,47,8f,11,09,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,e2,12,cf,67,15,e4,47,8f,11,09,\

    [HKEY_USERS\S-1-5-21-1177238915-573735546-839522115-500\Software\SecuROM\License information*]
    "datasecu"=hex:74,ab,63,d9,73,9a,73,ae,45,5d,76,78,f6,ed,b3,1c,49,6a,55,6c,db,
    45,d9,96,c4,90,fd,de,88,b7,b6,6d,f5,78,79,d3,96,6e,92,ef,ed,1c,79,4e,f6,5a,\
    "rkeysecu"=hex:01,a8,a3,d0,1c,32,b3,d5,ab,e9,a0,17,12,71,11,ec

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    @Allowed: (Read) (Administrators)
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1892)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\COMRes.dll

    - - - - - - - > 'lsass.exe'(276)
    c:\windows\system32\setupapi.dll

    - - - - - - - > 'explorer.exe'(1268)
    c:\windows\System32\VttHooks.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\shimgvw.dll
    c:\windows\system32\webcheck.dll
    c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    c:\program files\Fichiers communs\Microsoft Shared\Web Components\11\1036\OWCI11.DLL
    c:\windows\system32\msls31.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\netshell.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\browselc.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-07-11 1:00 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-07-11 22:59

    Avant-CF: 1 937 981 440 octets libres
    Après-CF: 1 959 100 416 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel p1" /3GB /USERVA=2500/
    multi(0)disk(0)rdisk(1)partition(4)\WINDOWS="Microsoft Windows XP Professionnel p4" /3GB /USERVA=2500/

    430 --- E O F --- 2009-06-28 09:46
    m
    0
    l
    Contenus similaires
    a c 295 8 Sécurité
    12 Juillet 2009 01:14:07

  • Télécharge FindyKill (de Chiquitine29 & C_XX) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci FindyKill sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur)
  • Choisis F pour Français.
  • Au menu principal, choisis l'option 1 (Recherche).
  • Poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    m
    0
    l
    12 Juillet 2009 08:36:23

    Voila
    Spoiler


    ############################## | FindyKill V6.005 |

    # User : Administrateur (Administrateurs) # 49600DF4A84A47C
    # Update on 11/07/09 by Chiquitine29 & C_XX
    # Start at: 08:33:25 | 12/07/2009
    # Website : http://pagesperso-orange.fr/NosTools/index.html

    # Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 19,53 Go (1,82 Go free) # NTFS
    # D:\ # Disque fixe local # 39,06 Go (7,9 Go free) [One] # NTFS
    # E:\ # Disque fixe local # 90,45 Go (9,25 Go free) [Two] # NTFS
    # F:\ # Disque CD-ROM # 7,68 Go (0 Mo free) [ARMA2] # UDF
    # G:\ # Disque CD-ROM
    # H:\ # Disque amovible # 991,22 Mo (236,64 Mo free) # FAT
    # I:\ # Disque fixe local # 232,88 Go (12,84 Go free) [Nouveau nom] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\EXPERTool ATI\TBPanel.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ################## | Registre Startup |

    R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    R1 - HKCU\..\Main: "Search Page"="http://www.google.fr"
    R1 - HKCU\..\Main: "Start Page"="http://www.google.fr"
    F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\drivers\\services.exe"
    F2 - HKLM\..\logon:"DefaultUserName"="Administrateur"
    F2 - HKLM\..\logon:"AltDefaultUserName"="Administrateur"
    F2 - HKLM\..\logon:"LegalNoticeCaption"=""
    F2 - HKLM\..\logon:"LegalNoticeText"=""
    04 - HKLM\..\Run: UberIcon="C:\Program Files\UberIcon\UberIcon Manager.exe"
    04 - HKLM\..\Run: VisualTaskTips=C:\Windows\System32\VisualTaskTips.exe
    04 - HKLM\..\Run: TransBar=C:\Windows\System32\TransBar.exe /s
    04 - HKLM\..\Run: Styler=C:\Program Files\styler\Styler.exe
    04 - HKLM\..\Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    04 - HKLM\..\Run: Windows Defender="C:\Program Files\Windows Defender\MSASCui.exe" -hide
    04 - HKLM\..\Run: SmcService=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    04 - HKLM\..\Run: QuickTime Task="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    04 - HKLM\..\Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
    04 - HKLM\..\Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    04 - HKLM\..\Run: StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    04 - HKLM\..\Run: Vistadrv=C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    04 - HKLM\..\Run: SoundMAX="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    04 - HKLM\..\Run: Adobe Photo Downloader="L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    04 - HKLM\..\Run: svchost.exe=C:\WINDOWS\system32\svcnost.exe
    04 - HKLM\..\Run: Bfovusukas=rundll32.exe "C:\WINDOWS\Ugeta.dll",e
    04 - HKLM\..\Run: SVCHOST=C:\WINDOWS\MDM.EXE
    04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    04 - HKCU\..\Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    04 - HKCU\..\Run: IE Privacy Keeper="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    04 - HKCU\..\Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools\daemon.exe" -autorun
    04 - HKCU\..\Run: Gainward=C:\Program Files\EXPERTool ATI\TBPanel.exe /A
    04 - HKCU\..\Run: AWMON="C:\Program Files\Ad-Aware\Ad-Watch.exe"
    04 - HKCU\..\Run: EA Core=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    04 - HKCU\..\Run: Steam="j:\steam\steam.exe" -silent
    04 - HKCU\..\Run: RGSC=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    04 - HKCU\..\Run: Administrateur=C:\Documents and Settings\Administrateur\Administrateur.exe /i
    04 - HKCU\..\Run: A00F25B86EE.exe=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | C:\Documents and Settings\Administrateur\Temporary Internet Files |


    ################## | All Drives ... |

    Présent ! F:\Setup.exe [ce51ff44b1b93f925f1db0d832e629f7]
    Présent ! F:\autorun.inf [aa93a7d7940c0dafd2dcabc6e492d931]

    ################## | Registre # Clés Run infectieuses |

    Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Administrateur"
    Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "svchost"

    ################## | Registre # Mountpoints2 |


    ################## | Etat / Services / Informations |

    # Affichage des fichiers cachés : OK
    # Mode sans echec : OK
    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
    # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # FindyKill V6.005 ! |

    m
    0
    l
    12 Juillet 2009 13:57:56

    Mes problèmes semblent réglés, merci :) 
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 14:49:12

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci FindyKill sur ton Bureau.
    (Sous Vista, il faut cliquer droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur)
  • Au menu principal, choisis l'option 2 (Suppression).

    /!\ Il y aura un redémarrage, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

  • Ensuite, poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
    m
    0
    l
    12 Juillet 2009 15:35:04

    le voici, malheureusement j avais installé antivir pensant que le problème était réglé (boulet mod) du coup j'ai cliqué sur "ignore" dans la fenêtre antiv qui s'ouvrait a chaque fois que findykill trouvait un exe, qu'il testait je suppose, j'espère que ce n'est pas un trop gros soucis...

    le rapport :
    Spoiler


    ############################## | FindyKill V6.005 |

    # User : Administrateur (Administrateurs) # 49600DF4A84A47C
    # Update on 11/07/09 by Chiquitine29 & C_XX
    # Start at: 15:13:43 | 12/07/2009
    # Website : http://pagesperso-orange.fr/NosTools/index.html

    # Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled
    # AV : AntiVir Desktop 9.0.1.30 [ (!) Disabled | Updated ]

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 19,53 Go (1,6 Go free) # NTFS
    # D:\ # Disque fixe local # 39,06 Go (7,84 Go free) [One] # NTFS
    # E:\ # Disque fixe local # 90,45 Go (9,25 Go free) [Two] # NTFS
    # F:\ # Disque CD-ROM # 7,68 Go (0 Mo free) [ARMA2] # UDF
    # G:\ # Disque CD-ROM
    # H:\ # Disque amovible # 991,22 Mo (236,64 Mo free) # FAT
    # I:\ # Disque fixe local # 232,88 Go (7,36 Go free) [Nouveau nom] # NTFS

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\drivers\services.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    ################## | Fichiers # Dossiers infectieux |


    ################## | C:\Documents and Settings\Administrateur\Temporary Internet Files |


    ################## | All Drives ... |

    Supprimé ! C:\userinit.exe
    (!) Non supprimé ! F:\Setup.exe
    (!) Non supprimé ! F:\autorun.inf
    ################## | Autres ... |


    ################## | Registre # Clés Run infectieuses |

    Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "svchost"
    Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Administrateur"

    ################## | Registre # Mountpoints2 |


    ################## | Listing des fichiers présent |

    [13/03/2007 19:49|--a------|0] - C:\AUTOEXEC.BAT
    [01/05/2009 11:36|--a------|310] - C:\Boot.bak
    [12/07/2009 00:51|-rahs----|379] - C:\boot.ini
    [24/08/2008 01:53|-rahs----|4952] - C:\Bootfont.bin
    [01/05/2009 11:09|--a------|348] - C:\bootsave.ini
    [03/08/2004 23:00|--a------|263488] - C:\cmldr
    [12/07/2009 01:00|--a------|26574] - C:\ComboFix.txt
    [13/03/2007 19:49|--a------|0] - C:\CONFIG.SYS
    [15/01/2008 22:10|--a------|429615] - C:\DSCF3565bis.jpg
    [15/01/2008 22:07|--a------|894451] - C:\DSCF3597.JPG
    [12/07/2009 15:24|--a------|3121] - C:\FindyKill.txt
    [21/04/2008 07:57|--ahs----|904] - C:\hostssave
    [13/03/2007 19:49|-rahs----|0] - C:\IO.SYS
    [13/03/2007 19:49|-rahs----|0] - C:\MSDOS.SYS
    [24/08/2008 01:53|-rahs----|47564] - C:\NTDETECT.COM
    [24/08/2008 01:53|-rahs----|252240] - C:\ntldr
    [?|?|?] - C:\pagefile.sys
    [12/07/2009 14:18|--a------|32299960] - D:\avira_antivir_personal_en.exe
    [07/05/2007 05:14|--a------|69716] - D:\bookmarks.html
    [01/05/2009 11:21|--a------|326] - D:\boot.ini
    [07/06/2008 18:58|--a------|2063807] - D:\cpu-z_cpu-z_1.51_anglais_11090.exe
    [11/07/2009 08:15|--a------|401720] - D:\HiJackThis.exe
    [01/11/2007 00:11|--a------|282] - D:\One (D).lnk
    [04/07/2007 01:33|--ahs----|4608] - D:\Thumbs.db
    [05/02/2006 07:04|--a------|14141] - D:\video.pass
    [18/06/2008 08:06|--a------|46531155] - D:\XBMC_for_Windows-9.04.1-repack.exe
    [02/05/2008 06:39|--a------|0] - E:\105900781_MVM_3.tmp
    [29/06/2008 13:32|--a------|18382848] - E:\108805171_MVM_0.tmp
    [05/02/2006 07:04|--a------|14141] - E:\video.pass
    [29/05/2009 04:44|-r-------|1075256] - F:\AutoRun.bmp
    [29/05/2009 04:44|-r-------|1830] - F:\Autorun.csv
    [29/05/2009 04:44|-r-------|488] - F:\AutoRun.dat
    [26/03/2009 10:20|-r-------|704512] - F:\AutoRun.exe
    [29/05/2009 04:44|-r-------|48] - F:\Autorun.inf
    [29/05/2009 04:44|-r-------|263138] - F:\autorun.wav
    [29/05/2009 04:44|-r-------|2662] - F:\readme.txt
    [29/05/2009 04:44|-r-------|239480] - F:\setup.bmp
    [01/06/2009 04:23|-r-------|4456] - F:\setup.crc
    [29/05/2009 04:44|-r-------|24754] - F:\Setup.csv
    [29/05/2009 04:44|-r-------|1075] - F:\setup.dat
    [21/05/2009 14:54|-r-------|983040] - F:\Setup.exe
    [29/05/2009 04:44|-r-------|1930] - F:\Uninstall.csv
    [26/03/2009 10:21|-r-------|573440] - F:\UnInstall.exe
    [11/06/2009 15:03|--ah-----|6148] - H:\.DS_Store

    ################## | Vaccination |

    # C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
    # I:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

    ################## | Etat / Services / Informations |

    # Mode sans echec : OK


    # Affichage des fichiers cachés : OK

    # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
    # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
    # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
    # windefend -> Start = 2 ( Good = 2 | Bad = 4 )
    # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
    # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

    ################## | PEH ... |


    ################## | Cracks / Keygens / Serials |


    ################## | ! Fin du rapport # FindyKill V6.005 ! |


    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 15:43:41

  • Désinstalle FindyKill.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    m
    0
    l
    12 Juillet 2009 16:57:03

    Voila
    Spoiler

    Malwarebytes' Anti-Malware 1.38
    Version de la base de données: 2412
    Windows 5.1.2600 Service Pack 2

    12/07/2009 16:54:23
    mbam-log-2009-07-12 (16-54-23).txt

    Type de recherche: Examen rapide
    Eléments examinés: 111982
    Temps écoulé: 5 minute(s), 22 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 9
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\drivers\services.exe (Spyware.Agent) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Spyware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bfovusukas (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f25b86ee.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\drivers\services.exe (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrateur\svchost.exe (Spyware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService.AUTORITE NT\svchost.exe (Spyware.Agent) -> Quarantined and deleted successfully.
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 17:07:33

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    m
    0
    l
    12 Juillet 2009 18:36:18

    Voici
    Spoiler

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-07-12 18:34:10
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 2 GB (9%) free of 20 GB
    Total RAM: 2047 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34:11, on 12/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\EXPERTool ATI\TBPanel.exe
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
    O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
    O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: userinit.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8066 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    SaveLinksOrder
    Locked
    {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
    "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
    "TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
    "Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
    "Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
    "SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
    "svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
    "Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
    "SVCHOST"=C:\WINDOWS\MDM.EXE []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
    "IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
    "Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
    "AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
    "Steam"=j:\steam\steam.exe -silent []
    "RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
    "Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
    "A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    userinit.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
    "D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
    "C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*:D isabled:Application MeuhMeuhTV"
    "C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
    "C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
    "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
    "C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
    "C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
    "C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
    "D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
    "D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
    "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
    "C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
    "C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
    "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
    "C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
    "C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
    "C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
    "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
    "C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
    "C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
    "C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
    "C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
    "C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
    "C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
    "C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
    "C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
    "C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
    2009-07-12 18:32:13 ----D---- C:\rsit
    2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
    2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
    2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
    2009-07-12 08:32:13 ----D---- C:\FindyKill
    2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
    2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
    2009-07-12 00:51:08 ----A---- C:\Boot.bak
    2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
    2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
    2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
    2009-07-12 00:43:39 ----D---- C:\Qoobox
    2009-06-30 19:34:39 ----ASH---- C:\WINDOWS\system32\actxprxyd.dll
    2009-06-16 07:30:30 ----A---- C:\WINDOWS\system32\SET161.tmp

    ======List of files/folders modified in the last 1 months======

    2009-07-12 18:32:14 ----RD---- C:\Program Files
    2009-07-12 18:31:44 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
    2009-07-12 17:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-12 17:02:32 ----D---- C:\WINDOWS\system32\drivers
    2009-07-12 17:02:17 ----SD---- C:\WINDOWS\Tasks
    2009-07-12 16:58:34 ----D---- C:\WINDOWS\system32
    2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
    2009-07-12 15:13:36 ----D---- C:\WINDOWS
    2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
    2009-07-12 14:21:09 ----HD---- C:\WINDOWS\inf
    2009-07-12 14:19:58 ----SHD---- C:\WINDOWS\Installer
    2009-07-12 14:19:58 ----SHD---- C:\Config.Msi
    2009-07-12 14:19:58 ----D---- C:\WINDOWS\WinSxS
    2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
    2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
    2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
    2009-07-12 00:51:08 ----RASH---- C:\boot.ini
    2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
    2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
    2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
    2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
    2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
    2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-26 07:09:36 ----D---- C:\Program Files\Google
    2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
    2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
    2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
    2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
    S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
    S3 ac1kyhdw;ac1kyhdw; C:\WINDOWS\system32\drivers\ac1kyhdw.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
    S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
    S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------

    Spoiler
    info.txt logfile of random's system information tool 1.06 2009-07-12 18:32:22

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
    AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop Lightroom 2.3 RC-->MsiExec.exe /I{20E0E6F9-60AC-4453-A3ED-386BC5365C5E}
    Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
    Adobe Premiere Pro CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
    Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
    Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
    Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
    All To MP3 Converter 1.55-->"C:\Program Files\LitexMedia\All To MP3 Converter\unins000.exe"
    All2x264-->C:\Program Files\Satsuki All2x264\Uninstall.exe
    Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArmA 2 Uninstall-->D:\ArmA 2\UnInstall.exe
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
    Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity\unins000.exe"
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Azureus-->C:\Program Files\Azureus\Uninstall.exe
    Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
    Camtrace 3D-->MsiExec.exe /X{94870CBD-323C-4D44-B9AA-F83495699A58}
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
    Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
    Company of Heroes-->"J:\company of heroes\Uninstall_French.exe"
    ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Cosmo Player 2.1.1-->"C:\Program Files\CosmoSoftware\CosmoPlayer\CosmoPlayer\uninstall.exe"
    CPUID CPU-Z 1.51-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
    Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
    Crysis WARHEAD(R)-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
    Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
    Day of Defeat: Source Beta-->"D:\Steam\steam.exe" steam://uninstall/302
    Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dungeon Party 0.7.0.5-->"J:\Dungeon Party\unins000.exe"
    Emote-Launcher (remove only)-->"C:\Program Files\Emote\Launcher\Emote-Launcher-uninst.exe"
    Empire: Total War Demo-->"J:\Steam\steam.exe" steam://uninstall/10620
    Empty Temp Folders 2.8.3-->C:\Program Files\Empty Temp Folders 2.8.3\uninstall.exe
    Enemy Territory - Quake Wars(TM)-->D:\QuakeWars\uninstall.exe
    EXPERTool ATI 4.0-->"C:\Program Files\EXPERTool ATI\unins000.exe"
    ffdshow [rev 2744] [2009-03-05]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
    Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
    Half-Life 2-->"J:\Steam\steam.exe" steam://uninstall/220
    Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\SCHEDU~1\UniSched.EXE C:\PROGRA~1\WinTV\SCHEDU~1\INSTALL.LOG
    Hauppauge WinTV Soft PVR-->C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
    Hauppauge WinTV Source Selector-->C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG
    Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
    HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
    Helix YUV Codecs (remove only)-->"C:\WINDOWS\system32\uninstHelixYUV.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Keylight (1.0v3) for Adobe After Effects-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Foundry\Keylight 1.0 for After Effects.isu"
    K-Lite Mega Codec Pack 1.65-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
    LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
    Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
    LSDA Le Retour du Roi tm-->J:\LSDA Le Retour du Roi tm\EAUninstall.exe
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Medieval II Total War Demo Gold-->C:\Program Files\InstallShield Installation Information\{4A665599-6771-4732-BE74-06B43B9F611B}\setup.exe -runfromtemp -l0x0009 -removeonly
    MeGUI modern media encoder (remove only)-->"C:\Program Files\megui\megui-uninstall.exe"
    Messenger Live Connector-->MsiExec.exe /I{0D959BD2-2BA9-418B-963B-7B4D1297C512}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    mIRC-->"E:\MircAndy\mirc.exe" -uninstall
    Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Nero 7 Lite v7.5.9.0-->"C:\Program Files\Nero\unins000.exe"
    NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Peggle Nights Deluxe 1.0-->D:\PopCap Games\Peggle Nights Deluxe\PopUninstall.exe "D:\PopCap Games\Peggle Nights Deluxe\Install.log"
    Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0c0c Pure -removeonly
    QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    ReClock (remove only)-->"C:\Program Files\ReClock\uninstall.exe"
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
    Room Arranger-->"C:\Program Files\Room Arranger\uninstall.exe"
    Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    SoundMAX NT-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Analog Devices\SoundMAX Integrated Digital Audio\DeIsL1.isu"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synergy-->"D:\Steam\steam.exe" steam://uninstall/17520
    Toribash 3.31-->"D:\Toribash-3.31\unins000.exe"
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VideoLAN VLC media player 0.7.1-->"C:\Program Files\VideoLAN\VLC\uninstall.exe"
    Warhammer 40,000: Dawn of War II - Single-player Demo-->"J:\Steam\steam.exe" steam://uninstall/15680
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    WiziWYG XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Praxisoft\WiziWYG XP\Uninst.isu"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    Zombie Panic! Source-->"D:\Steam\steam.exe" steam://uninstall/17500

    ======System event log======

    Computer Name: 49600DF4A84A47C
    Event Code: 3004
    Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    http://go.microsoft.com/fwlink/?linkid=74409

    ID d’analyse : {92A9B8BA-BEE4-4C29-A171-6EFCE44A3900}

    Utilisateur : 49600DF4A84A47C\Administrateur

    Nom : Unknown

    ID :

    ID de gravité : 0

    ID de catégorie : 44

    Chemin d’accès trouvé : firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\windows\system32\netsh.exe

    Type d’alerte : Logiciel non classifié

    Type de détection :

    Record Number: 20926
    Source Name: WinDefend
    Time Written: 20090705152837.000000+120
    Event Type: Avertissement
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 3005
    Message: L’agent de protection en temps réel Windows Defender a pris des mesures pour protéger cet ordinateur contre les logiciels espions ou autres logiciels potentiellement indésirables.

    Pour plus d’informations, consultez les informations suivantes :
    http://go.microsoft.com/fwlink/?linkid=74409

    ID d’analyse : {495ED2CD-9BEC-4511-A2C9-A6951EBDEF7B}

    Utilisateur : 49600DF4A84A47C\Administrateur

    Nom : Unknown

    ID :

    ID de gravité : 0

    ID de catégorie : 44

    Type d’alerte : Logiciel non classifié

    Action : Ignorer

    Record Number: 20925
    Source Name: WinDefend
    Time Written: 20090705152820.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 3004
    Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    http://go.microsoft.com/fwlink/?linkid=74409

    ID d’analyse : {495ED2CD-9BEC-4511-A2C9-A6951EBDEF7B}

    Utilisateur : 49600DF4A84A47C\Administrateur

    Nom : Unknown

    ID :

    ID de gravité : 0

    ID de catégorie : 44

    Chemin d’accès trouvé : file:C:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job;file:C:\Documents and Settings\Administrateur\Local Settings\Temp\b.exe;taskscheduler:C:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

    Type d’alerte : Logiciel non classifié

    Type de détection :

    Record Number: 20924
    Source Name: WinDefend
    Time Written: 20090705152820.000000+120
    Event Type: Avertissement
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 3005
    Message: L’agent de protection en temps réel Windows Defender a pris des mesures pour protéger cet ordinateur contre les logiciels espions ou autres logiciels potentiellement indésirables.

    Pour plus d’informations, consultez les informations suivantes :
    http://go.microsoft.com/fwlink/?linkid=74409

    ID d’analyse : {0611AC58-C565-4AF2-A40D-5F126B1FEABA}

    Utilisateur : 49600DF4A84A47C\Administrateur

    Nom : Unknown

    ID :

    ID de gravité : 0

    ID de catégorie : 44

    Type d’alerte : Logiciel non classifié

    Action : Ignorer

    Record Number: 20923
    Source Name: WinDefend
    Time Written: 20090705151137.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 3004
    Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    http://go.microsoft.com/fwlink/?linkid=74409

    ID d’analyse : {0611AC58-C565-4AF2-A40D-5F126B1FEABA}

    Utilisateur : 49600DF4A84A47C\Administrateur

    Nom : Unknown

    ID :

    ID de gravité : 0

    ID de catégorie : 44

    Chemin d’accès trouvé : regkey:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe;firewallokfile:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe;file:C:\Documents and Settings\Administrateur\Local Settings\Temp\c.exe

    Type d’alerte : Logiciel non classifié

    Type de détection :

    Record Number: 20922
    Source Name: WinDefend
    Time Written: 20090705151137.000000+120
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: 49600DF4A84A47C
    Event Code: 0
    Message:
    Record Number: 5
    Source Name: gupdate1c9940a6d0c47f8
    Time Written: 20090707072401.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 4
    Source Name: SecurityCenter
    Time Written: 20090707072350.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 0
    Message:
    Record Number: 3
    Source Name: gusvc
    Time Written: 20090707072327.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 0
    Message:
    Record Number: 2
    Source Name: gupdate1c9940a6d0c47f8
    Time Written: 20090707072326.000000+120
    Event Type: Informations
    User:

    Computer Name: 49600DF4A84A47C
    Event Code: 105
    Message: The service was started.

    Record Number: 1
    Source Name: ATI Smart
    Time Written: 20090707072320.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "CLASSPATH"=.;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTJava.zip
    "RGSCLauncher"=j:\Rockstar Games\Rockstar Games Social Club
    "RGSC"=j:\Rockstar Games\Rockstar Games Social Club\1_0_0_0

    -----------------EOF-----------------
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 18:40:21

    C'est beaucoup mieux mais il y a encore des choses à faire.

    Tu n'as pas d'antivirus ?
    m
    0
    l
    12 Juillet 2009 18:53:53

    Quand j'ai été contaminé je n'avais pas d'antivirus. Ensuite j'ai essayé d'éradiquer le(s) virus avec avast, et la en lisant le pinned j'ai installé Antivir.

    Merci en tout cas l'ordi marche déjà beaucoup mieux ! :bounce: 
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 19:01:58

  • Installe AntiVir et mets-le à jour.
  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    m
    0
    l
    12 Juillet 2009 20:23:19

    Il a trouvé pas mal de choses, décidément mon ordi est un vrai repaire a troyen...

    Spoiler


    Avira AntiVir Personal
    Report file date: dimanche 12 juillet 2009 19:13

    Scanning for 1515293 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 2) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : 49600DF4A84A47C

    Version information:
    BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 08:14:47
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 16:56:06
    ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 08/07/2009 16:56:08
    ANTIVIR3.VDF : 7.1.4.220 504320 Bytes 11/07/2009 16:56:09
    Engineversion : 8.2.0.204
    AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
    AESCRIPT.DLL : 8.1.2.13 426362 Bytes 12/07/2009 16:56:13
    AESCN.DLL : 8.1.2.3 127347 Bytes 14/05/2009 10:02:01
    AERDL.DLL : 8.1.2.2 438642 Bytes 12/07/2009 16:56:13
    AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12/07/2009 16:56:12
    AEHEUR.DLL : 8.1.0.137 1823095 Bytes 12/07/2009 16:56:12
    AEHELP.DLL : 8.1.3.6 205174 Bytes 12/07/2009 16:56:10
    AEGEN.DLL : 8.1.1.48 348532 Bytes 12/07/2009 16:56:10
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
    AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 15:07:20
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
    AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
    RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 09:19:48

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:, I:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: dimanche 12 juillet 2009 19:13

    Starting search for hidden objects.
    '48318' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'IEPrivacyKeeper.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    39 processes with 39 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '48' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 32788R22FWJFW\n.pif
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\undBillFake1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc5.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    C:\Documents and Settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
    [DETECTION] Is the TR/Wigon.KT.1 Trojan
    C:\Documents and Settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
    [DETECTION] Is the TR/Wigon.KT.1 Trojan
    C:\Program Files\Windows Sidebar\wlsrvc.dll
    [DETECTION] Is the TR/Patched.GY.12 Trojan
    C:\Qoobox\Quarantine\C\userinit.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Administrateur.exe.vir
    [DETECTION] Is the TR/Spy.21672 Trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\svchost.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll.vir
    [DETECTION] Is the TR/Agent.budc Trojan
    C:\Qoobox\Quarantine\C\Documents and Settings\LocalService.AUTORITE NT\svchost.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
    [DETECTION] Is the TR/Renos.OKZ Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.ifo.vir
    [DETECTION] Is the TR/Dldr.Small.jud.5 Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\msdvdr.pif.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\uninstall.exe.vir
    [DETECTION] Is the TR/Dldr.VB.lxj Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_msdvdr_.pif.zip
    [0] Archive type: ZIP
    --> msdvdr.pif
    [DETECTION] Is the TR/Downloader.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\i386si.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ksi32sk.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\securentm.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\systemntmi.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ws2_32sik.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    C:\WINDOWS\i386\EGA60666.FO_
    [0] Archive type: CAB (Microsoft)
    --> ega60666.fon
    [1] Archive type: RAR SFX (self extracting)
    --> Windows Sidebar\wlsrvc.dll
    [DETECTION] Is the TR/Patched.GY.12 Trojan
    C:\WINDOWS\system32\actxprxyd.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    C:\WINDOWS\system32\drivers\services.exe
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <One>
    D:\Wolfenstein\etpro\screenshots\shot0127.tga
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    Begin scan in 'E:\' <Two>
    Begin scan in 'I:\' <Nouveau nom>
    I:\lovexp.rar
    [0] Archive type: RAR
    --> lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
    [DETECTION] Is the TR/Agent.72607.A Trojan
    I:\Bureau\lovexp.rar
    [0] Archive type: RAR
    --> lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
    [DETECTION] Is the TR/Agent.72607.A Trojan
    I:\lovexp\lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
    [DETECTION] Is the TR/Agent.72607.A Trojan

    Beginning disinfection:
    C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe
    [NOTE] The file was moved to '4ac72963.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4ac92964.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp4.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4b90305d.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4ba1fa1d.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4ac32962.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\undBillFake1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4abe2963.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4ac8295e.qua'!
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WinAgenthc5.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '49d0285f.qua'!
    C:\Documents and Settings\LocalService.AUTORITE NT\LocalService.AUTORITE NT.exe
    [DETECTION] Is the TR/Wigon.KT.1 Trojan
    [NOTE] The file was moved to '4abd2964.qua'!
    C:\Documents and Settings\NetworkService.AUTORITE NT\NetworkService.AUTORITE NT.exe
    [DETECTION] Is the TR/Wigon.KT.1 Trojan
    [NOTE] The file was moved to '4ace295a.qua'!
    C:\Program Files\Windows Sidebar\wlsrvc.dll
    [DETECTION] Is the TR/Patched.GY.12 Trojan
    [NOTE] The file was moved to '4acd2961.qua'!
    C:\Qoobox\Quarantine\C\userinit.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    [NOTE] The file was moved to '4abf2969.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Administrateur.exe.vir
    [DETECTION] Is the TR/Spy.21672 Trojan
    [NOTE] The file was moved to '4ac7295a.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\svchost.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    [NOTE] The file was moved to '4abd296c.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\ipdll.dll.vir
    [DETECTION] Is the TR/Agent.budc Trojan
    [NOTE] The file was moved to '4abe2966.qua'!
    C:\Qoobox\Quarantine\C\Documents and Settings\LocalService.AUTORITE NT\svchost.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    [NOTE] The file was moved to '4b39a9fd.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir
    [DETECTION] Is the TR/Renos.OKZ Trojan
    [NOTE] The file was moved to '4abb2969.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.ifo.vir
    [DETECTION] Is the TR/Dldr.Small.jud.5 Trojan
    [NOTE] The file was moved to '4ac62957.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\msdvdr.pif.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '4abe2969.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4acc295a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\uninstall.exe.vir
    [DETECTION] Is the TR/Dldr.VB.lxj Trojan
    [NOTE] The file was moved to '4ac32964.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_msdvdr_.pif.zip
    [NOTE] The file was moved to '4acd2963.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\i386si.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '4a922929.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ksi32sk.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '4ac3296a.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\securentm.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '4abd295c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    [NOTE] The file was moved to '4acc295c.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\systemntmi.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '4acd2970.qua'!
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ws2_32sik.sys.vir
    [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
    [NOTE] The file was moved to '4a8c296a.qua'!
    C:\WINDOWS\i386\EGA60666.FO_
    [NOTE] The file was moved to '4a9b293e.qua'!
    C:\WINDOWS\system32\actxprxyd.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '4ace295b.qua'!
    C:\WINDOWS\system32\drivers\services.exe
    [DETECTION] Is the TR/Agent.odmn.6 Trojan
    [NOTE] The file was moved to '4acc295d.qua'!
    D:\Wolfenstein\etpro\screenshots\shot0127.tga
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '4ac92960.qua'!
    I:\lovexp.rar
    [NOTE] The file was moved to '4ad02967.qua'!
    I:\Bureau\lovexp.rar
    [NOTE] The file was moved to '4ad02968.qua'!
    I:\lovexp\lovexp\4 Easy steps for activate your Windows XP\01_Generate_Genuine_Serial_For_WinXP\Generate Genuine Serial For WinXP.exe
    [DETECTION] Is the TR/Agent.72607.A Trojan
    [NOTE] The file was moved to '4983700f.qua'!


    End of the scan: dimanche 12 juillet 2009 20:18
    Used time: 1:04:27 Hour(s)

    The scan has been done completely.

    26526 Scanned directories
    465465 Files were scanned
    27 Viruses and/or unwanted programs were found
    8 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    35 Files were moved to quarantine
    0 Files were renamed
    2 Files cannot be scanned
    465428 Files not concerned
    7798 Archives were scanned
    2 Warnings
    36 Notes
    48318 Objects were scanned with rootkit scan
    0 Hidden objects were found

    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 20:26:49

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    12 Juillet 2009 21:23:45

    Log RSIT
    Spoiler

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-07-12 21:22:17
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 2 GB (8%) free of 20 GB
    Total RAM: 2047 MB (74% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:25, on 12/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\EXPERTool ATI\TBPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
    O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
    O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

    --
    End of file - 8481 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    SaveLinksOrder
    Locked
    {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
    "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
    "TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
    "Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
    "Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
    "SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
    "svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
    "Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
    "SVCHOST"=C:\WINDOWS\MDM.EXE []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
    "IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
    "Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
    "AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
    "Steam"=j:\steam\steam.exe -silent []
    "RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
    "Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
    "A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
    "C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
    "C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
    "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
    "C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
    "C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
    "D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
    "D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
    "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
    "C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
    "C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
    "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
    "C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
    "C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
    "C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
    "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
    "C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
    "C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
    "C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
    "C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
    "C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
    "C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
    "C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
    "C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
    "C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-07-12 18:55:10 ----D---- C:\WINDOWS\LastGood
    2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
    2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
    2009-07-12 18:32:13 ----D---- C:\rsit
    2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
    2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
    2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
    2009-07-12 08:32:13 ----D---- C:\FindyKill
    2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
    2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
    2009-07-12 00:51:08 ----A---- C:\Boot.bak
    2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
    2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
    2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
    2009-07-12 00:43:39 ----D---- C:\Qoobox
    2009-06-16 07:30:30 ----A---- C:\WINDOWS\system32\SET161.tmp

    ======List of files/folders modified in the last 1 months======

    2009-07-12 21:21:37 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
    2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
    2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32
    2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
    2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
    2009-07-12 18:55:10 ----D---- C:\WINDOWS
    2009-07-12 18:55:03 ----RD---- C:\Program Files
    2009-07-12 18:54:17 ----SHD---- C:\WINDOWS\Installer
    2009-07-12 18:54:17 ----SHD---- C:\Config.Msi
    2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
    2009-07-12 17:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-12 17:02:17 ----SD---- C:\WINDOWS\Tasks
    2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
    2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
    2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
    2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
    2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
    2009-07-12 00:51:08 ----RASH---- C:\boot.ini
    2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
    2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
    2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
    2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
    2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
    2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-26 07:09:36 ----D---- C:\Program Files\Google
    2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
    2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
    2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
    2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
    S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
    S3 ac1kyhdw;ac1kyhdw; C:\WINDOWS\system32\drivers\ac1kyhdw.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
    S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
    S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 21:33:44

    1/

  • Lance ce fichier : C:\Program Files\trend micro\Administrateur.exe
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

    O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe

    O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e

    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE

    O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i

    O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe

    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Double-clique sur OTM.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    Schedule

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    m
    0
    l
    12 Juillet 2009 22:02:00

    Le voici
    Spoiler

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========

    Service\Driver Schedule deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 750372 bytes
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 57799 bytes
    ->Java cache emptied: 29629835 bytes
    ->FireFox cache emptied: 67775115 bytes

    User: All Users

    User: All Users.WINDOWS

    User: brizio
    File delete failed. C:\Documents and Settings\brizio\Local Settings\Temp\hsperfdata_brizio\588 scheduled to be deleted on reboot.
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 27366877 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 195684 bytes

    User: LocalService.AUTORITE NT
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49554 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 96395464 bytes

    User: NetworkService.AUTORITE NT
    ->Temp folder emptied: 6326 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 401408 bytes
    Windows Temp folder emptied: 2107 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 212,41 mb


    OTM by OldTimer - Version 3.0.0.4 log created on 07122009_215550

    Files moved on Reboot...
    File move failed. C:\Documents and Settings\brizio\Local Settings\Temp\hsperfdata_brizio\588 scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 22:21:37

  • Désinstalle Java 6 Update 6.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Refais un scan RSIT et poste le rapport log.
    m
    0
    l
    12 Juillet 2009 23:35:28

    Done
    Spoiler
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-07-12 23:33:07
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 2 GB (8%) free of 20 GB
    Total RAM: 2047 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:33:22, on 12/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\EXPERTool ATI\TBPanel.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\system32\svcnost.exe
    O4 - HKLM\..\Run: [Bfovusukas] rundll32.exe "C:\WINDOWS\Ugeta.dll",e
    O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKCU\..\Run: [Administrateur] C:\Documents and Settings\Administrateur\Administrateur.exe /i
    O4 - HKCU\..\Run: [A00F25B86EE.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8225 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    SaveLinksOrder
    Locked
    {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
    "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
    "TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
    "Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
    "Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
    "SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
    "svchost.exe"=C:\WINDOWS\system32\svcnost.exe []
    "Bfovusukas"=C:\WINDOWS\Ugeta.dll,e []
    "SVCHOST"=C:\WINDOWS\MDM.EXE []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
    "IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
    "Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
    "AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
    "Steam"=j:\steam\steam.exe -silent []
    "RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
    "Administrateur"=C:\Documents and Settings\Administrateur\Administrateur.exe /i []
    "A00F25B86EE.exe"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_A00F25B86EE.exe []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
    "D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
    "C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*:D isabled:Application MeuhMeuhTV"
    "C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
    "C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
    "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
    "C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
    "C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
    "C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
    "D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
    "D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
    "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
    "C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
    "C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
    "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
    "C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
    "C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
    "C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
    "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
    "C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
    "C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
    "C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
    "C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
    "C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
    "C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
    "C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
    "C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
    "C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\java.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-07-12 21:55:50 ----D---- C:\_OTM
    2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
    2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
    2009-07-12 18:32:13 ----D---- C:\rsit
    2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
    2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
    2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
    2009-07-12 08:32:13 ----D---- C:\FindyKill
    2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
    2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
    2009-07-12 00:51:08 ----A---- C:\Boot.bak
    2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
    2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
    2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
    2009-07-12 00:43:39 ----D---- C:\Qoobox

    ======List of files/folders modified in the last 1 months======

    2009-07-12 23:32:00 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-12 23:31:35 ----SD---- C:\WINDOWS\Tasks
    2009-07-12 23:22:07 ----SHD---- C:\WINDOWS\Installer
    2009-07-12 23:22:06 ----SHD---- C:\Config.Msi
    2009-07-12 23:21:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2009-07-12 23:21:06 ----D---- C:\WINDOWS\system32
    2009-07-12 23:12:55 ----D---- C:\Program Files\Java
    2009-07-12 23:10:11 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
    2009-07-12 21:58:19 ----D---- C:\WINDOWS
    2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
    2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
    2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
    2009-07-12 18:55:03 ----RD---- C:\Program Files
    2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
    2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
    2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
    2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
    2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
    2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
    2009-07-12 00:51:08 ----RASH---- C:\boot.ini
    2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
    2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
    2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
    2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
    2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
    2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-26 07:09:36 ----D---- C:\Program Files\Google
    2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
    2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
    2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
    2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
    S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
    S3 amm6dm0c;amm6dm0c; C:\WINDOWS\system32\drivers\amm6dm0c.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
    S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
    S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 23:41:28

    Tu as un logiciel qui empêche de modifier le registre ?

    Je te demande ça car il y a des lignes que je t'ai demandé de fixer avec HijackThis qui sont encore là.
    m
    0
    l
    12 Juillet 2009 23:53:14

    surement ad-watch :( 
    m
    0
    l
    a c 295 8 Sécurité
    12 Juillet 2009 23:54:34

    Réessaie la procédure (sauf OTM).
    m
    0
    l
    13 Juillet 2009 00:05:56

    Celui ci doit être bon :) 

    Spoiler
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-07-13 00:02:43
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 2 GB (8%) free of 20 GB
    Total RAM: 2047 MB (74% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:03:00, on 13/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\EXPERTool ATI\TBPanel.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Ad-Aware\Ad-Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\combo\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [Steam] "j:\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [RGSC] J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Service Google Update (gupdate1c9940a6d0c47f8) (gupdate1c9940a6d0c47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 7762 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-26 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    SaveLinksOrder
    Locked
    {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]
    "VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864]
    "TransBar"=C:\Windows\System32\TransBar.exe [2004-08-28 65536]
    "Styler"=C:\Program Files\styler\Styler.exe [2006-05-03 307200]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-03-28 413696]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-10-05 868352]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
    "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe []
    "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
    "Adobe Photo Downloader"=L:\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
    "SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088]
    "IE Privacy Keeper"=C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe [2005-12-03 1015808]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-04-01 486856]
    "Gainward"=C:\Program Files\EXPERTool ATI\TBPanel.exe [2008-07-31 2296360]
    "AWMON"=C:\Program Files\Ad-Aware\Ad-Watch.exe [2005-05-25 517632]
    "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
    "Steam"=j:\steam\steam.exe -silent []
    "RGSC"=J:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=255
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "D:\QuakeWars\etqwded.exe"="D:\QuakeWars\etqwded.exe:*:Enabled:etqwded.exe"
    "D:\QuakeWars\etqw.exe"="D:\QuakeWars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
    "E:\MircAndy\mirc.exe"="E:\MircAndy\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe"="C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Emote\Launcher\launcher.exe"="C:\Program Files\Emote\Launcher\launcher.exe:*:Enabled:launcher"
    "C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe"="C:\Program Files\MeuhMeuhTV\MeuhMeuhTV.exe:*:D isabled:Application MeuhMeuhTV"
    "C:\Program Files\XBMC\XBMC.exe"="C:\Program Files\XBMC\XBMC.exe:*:Enabled:XBMC Media Center"
    "C:\windows\system32\Ati2evxx.exe"="C:\windows\system32\Ati2evxx.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:ENABLE"
    "C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ENABLE"
    "C:\Program Files\CDBurnerXP\NMSAccessU.exe"="C:\Program Files\CDBurnerXP\NMSAccessU.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\alg.exe"="C:\WINDOWS\system32\alg.exe:*:Enabled:ENABLE"
    "C:\windows\system32\wbem\wmiprvse.exe"="C:\windows\system32\wbem\wmiprvse.exe:*:Enabled:ENABLE"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe:*:Enabled:ENABLE"
    "C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe"="C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:ENABLE"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\WgaTray.exe"="C:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
    "D:\Wolfenstein\et.exe"="D:\Wolfenstein\et.exe:*:Enabled:ENABLE"
    "D:\ArmA 2\arma2.exe"="D:\ArmA 2\arma2.exe:*:Enabled:ENABLE"
    "C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:ENABLE"
    "C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:ENABLE"
    "C:\windows\system32\SNDVOL32.EXE"="C:\windows\system32\SNDVOL32.EXE:*:Enabled:ENABLE"
    "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Watch.exe"="C:\Program Files\Ad-Aware\Ad-Watch.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Sidebar\sidebar.exe"="C:\Program Files\Windows Sidebar\sidebar.exe:*:Enabled:ENABLE"
    "C:\Program Files\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Ad-Aware\Ad-Aware.exe:*:Enabled:ENABLE"
    "C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe:*:Enabled:ENABLE"
    "C:\WINDOWS\system32\ssmypics.scr"="C:\WINDOWS\system32\ssmypics.scr:*:Enabled:ENABLE"
    "C:\Program Files\UberIcon\UberIcon Manager.exe"="C:\Program Files\UberIcon\UberIcon Manager.exe:*:Enabled:ENABLE"
    "C:\Windows\System32\VisualTaskTips.exe"="C:\Windows\System32\VisualTaskTips.exe:*:Enabled:ENABLE"
    "C:\Program Files\Windows Defender\MSASCui.exe"="C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe:*:Enabled:ENABLE"
    "C:\Program Files\Analog Devices\Core\smax4pnp.exe"="C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:ENABLE"
    "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:*:Enabled:ENABLE"
    "C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe"="C:\Program Files\IE Privacy Keeper\IEPrivacyKeeper.exe:*:Enabled:ENABLE"
    "C:\Program Files\DAEMON Tools\daemon.exe"="C:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:ENABLE"
    "C:\Program Files\EXPERTool ATI\TBPanel.exe"="C:\Program Files\EXPERTool ATI\TBPanel.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe"="C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\userinit.exe:*:Enabled:ENABLE"
    "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:*:Enabled:ENABLE"
    "C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe"="C:\Documents and Settings\Administrateur\Bureau\combo\ComboFix.exe:*:Enabled:ENABLE"
    "C:\windows\system32\taskmgr.exe"="C:\windows\system32\taskmgr.exe:*:Enabled:ENABLE"
    "C:\ComboFix\NirCmdC.cfexe"="C:\ComboFix\NirCmdC.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\wuauclt.exe"="C:\windows\system32\wuauclt.exe:*:Enabled:ENABLE"
    "C:\ComboFix\Nircmd.com"="C:\ComboFix\Nircmd.com:*:Enabled:ENABLE"
    "C:\ComboFix\Catchme.tmp"="C:\ComboFix\Catchme.tmp:*:Enabled:ENABLE"
    "C:\WINDOWS\PEV.exe"="C:\WINDOWS\PEV.exe:*:Enabled:ENABLE"
    "C:\ComboFix\pev.cfexe"="C:\ComboFix\pev.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\PV.cfexe"="C:\ComboFix\PV.cfexe:*:Enabled:ENABLE"
    "C:\ComboFix\FINDSTR.cfexe"="C:\ComboFix\FINDSTR.cfexe:*:Enabled:ENABLE"
    "C:\windows\system32\netsh.exe"="C:\windows\system32\netsh.exe:*:Enabled:ENABLE"
    "C:\windows\system32\CF2982.exe"="C:\windows\system32\CF2982.exe:*:Enabled:ENABLE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======File associations======

    .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

    ======List of files/folders created in the last 1 months======

    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\java.exe
    2009-07-12 23:13:08 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-07-12 21:55:50 ----D---- C:\_OTM
    2009-07-12 18:55:03 ----D---- C:\Program Files\Avira
    2009-07-12 18:55:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2009-07-12 18:32:14 ----D---- C:\Program Files\trend micro
    2009-07-12 18:32:13 ----D---- C:\rsit
    2009-07-12 16:42:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2009-07-12 16:42:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-07-12 16:42:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-07-12 15:24:24 ----RASHD---- C:\autorun.inf
    2009-07-12 15:24:24 ----A---- C:\FindyKill.txt
    2009-07-12 14:36:55 ----SHD---- C:\RECYCLER
    2009-07-12 08:32:13 ----D---- C:\FindyKill
    2009-07-12 01:00:08 ----D---- C:\WINDOWS\temp
    2009-07-12 01:00:07 ----A---- C:\ComboFix.txt
    2009-07-12 00:51:08 ----A---- C:\Boot.bak
    2009-07-12 00:51:05 ----RASHD---- C:\cmdcons
    2009-07-12 00:48:42 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\zip.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWSC.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\SWREG.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\sed.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\PEV.exe
    2009-07-12 00:48:41 ----A---- C:\WINDOWS\grep.exe
    2009-07-12 00:48:36 ----D---- C:\WINDOWS\ERDNT
    2009-07-12 00:43:39 ----D---- C:\Qoobox

    ======List of files/folders modified in the last 1 months======

    2009-07-13 00:01:59 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-13 00:01:36 ----SD---- C:\WINDOWS\Tasks
    2009-07-12 23:52:32 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
    2009-07-12 23:30:49 ----SHD---- C:\Config.Msi
    2009-07-12 23:22:07 ----SHD---- C:\WINDOWS\Installer
    2009-07-12 23:21:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    2009-07-12 23:21:06 ----D---- C:\WINDOWS\system32
    2009-07-12 23:12:55 ----D---- C:\Program Files\Java
    2009-07-12 21:58:19 ----D---- C:\WINDOWS
    2009-07-12 20:18:32 ----D---- C:\WINDOWS\system32\drivers
    2009-07-12 20:18:29 ----RD---- C:\Program Files\Windows Sidebar
    2009-07-12 18:55:11 ----HD---- C:\WINDOWS\inf
    2009-07-12 18:55:03 ----RD---- C:\Program Files
    2009-07-12 18:54:17 ----D---- C:\WINDOWS\WinSxS
    2009-07-12 15:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-12 15:24:24 ----D---- C:\WINDOWS\Prefetch
    2009-07-12 14:34:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\Azureus
    2009-07-12 13:30:12 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-07-12 00:59:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-12 00:57:50 ----A---- C:\WINDOWS\system.ini
    2009-07-12 00:55:25 ----D---- C:\WINDOWS\system32\config
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    2009-07-12 00:54:58 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
    2009-07-12 00:53:40 ----D---- C:\WINDOWS\AppPatch
    2009-07-12 00:53:40 ----D---- C:\Program Files\Fichiers communs
    2009-07-12 00:51:08 ----RASH---- C:\boot.ini
    2009-07-11 12:43:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2009-07-10 23:15:36 ----D---- C:\Program Files\Ad-Aware
    2009-07-10 21:11:51 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-07-08 22:09:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-06 08:12:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-28 21:39:11 ----AD---- C:\WINDOWS\i386
    2009-06-28 21:36:48 ----D---- C:\WINDOWS\system32\Vistadrive
    2009-06-28 21:36:48 ----D---- C:\Program Files\Ripp-it_AM
    2009-06-28 11:37:47 ----D---- C:\WINDOWS\system32\CatRoot
    2009-06-28 11:33:32 ----D---- C:\WINDOWS\Debug
    2009-06-26 23:26:32 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2009-06-26 07:09:36 ----D---- C:\Program Files\Google
    2009-06-24 22:47:19 ----D---- C:\WINDOWS\system32\DirectX
    2009-06-24 22:34:45 ----RSD---- C:\WINDOWS\assembly
    2009-06-24 21:23:24 ----D---- C:\Program Files\HomePlayer1.5.1.1
    2009-06-16 07:26:47 ----D---- C:\WINDOWS\system32\CatRoot_bak

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-13 278984]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-13 25416]
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-08-06 93696]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-28 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2004-08-28 83968]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-28 248832]
    S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
    S3 axdtuzwk;axdtuzwk; C:\WINDOWS\system32\drivers\axdtuzwk.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 cpuz132;cpuz132; \??\C:\windows\system32\drivers\cpuz132_x32.sys []
    S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys []
    S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 SMNT40;SMNT40; C:\WINDOWS\System32\drivers\SMNT40.SYS [2003-03-31 161576]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-31 66872]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
    S2 gupdate1c9940a6d0c47f8;Service Google Update (gupdate1c9940a6d0c47f8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-28 14336]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
    m
    0
    l
    a c 295 8 Sécurité
    13 Juillet 2009 00:08:57

    Ton PC va bien ?
    m
    0
    l
    13 Juillet 2009 00:10:36

    Ben ça a l'air de rouler parfaitement oui :)  il semble même n'avoir jamais aussi bien fonctionné !

    Merci :bounce: 
    m
    0
    l
    a c 295 8 Sécurité
    13 Juillet 2009 00:13:25

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Supprimer les popups d'Antivir : Lien

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    m
    0
    l
    13 Juillet 2009 07:47:13

    Merci de ta compétence ! Je serais clairement moins naïf à présent :hello: 

    +
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS