Se connecter / S'enregistrer
Votre question

Trojan TR/Crypt.XPACK.Genv aidez-moi!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mai 2009 12:42:12

Voila depuis peu j'ai atrapé ce cheval de troie qui fait ramer mon pc. J'ai fait un rapport hijacthis le voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:11, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\SLEE11.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\DOCUME~1\nes\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7a1a6c68-5359-4450-9ed5-2277fc12bae0} - C:\WINDOWS\system32\gamametu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [vuzelofome] Rundll32.exe "C:\WINDOWS\system32\ziranime.dll",s
O4 - HKLM\..\Run: [484d50eb] rundll32.exe "C:\WINDOWS\system32\lononiwo.dll",b
O4 - HKLM\..\Run: [CPM4b7e6377] Rundll32.exe "c:\windows\system32\rohuvena.dll",a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'Default user')
O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\zadasoma.dll c:\windows\system32\rohuvena.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rohuvena.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rohuvena.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Steganos Live Encryption Engine 11 [Service] (SLEE_11_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE11.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12732 bytes




en espérant que vous pourrez m'aider...

Autres pages sur : trojan crypt xpack genv aidez

11 Mai 2009 14:06:58

Bonjour,

Tu as une infection Vundo/Virtumonde.

[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    11 Mai 2009 18:13:12

    voila le rapport de combofix:


    ComboFix 09-05-10.07 - nes 11/05/2009 17:49.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.488 [GMT 2:00]
    Lancé depuis: c:\documents and settings\nes\Bureau\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\nes\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0002\~de688f.tmp
    c:\docume~1\nes\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0002\~df394b.tmp
    c:\documents and settings\nes\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0002\~de688f.tmp
    c:\documents and settings\nes\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0002\~df394b.tmp
    c:\windows\system32\buyegatu.exe
    c:\windows\system32\dogolovu.exe
    c:\windows\system32\dumofemi.dll
    c:\windows\system32\efijozas.ini
    c:\windows\system32\gamametu.dll
    c:\windows\system32\hojeyilu.dll
    c:\windows\system32\lopudoso.exe
    c:\windows\system32\mededole.dll
    c:\windows\system32\mikohoro.exe
    c:\windows\system32\mobidemi.dll
    c:\windows\system32\mubozigi.dll
    c:\windows\system32\owinonol.ini
    c:\windows\system32\sazojife.dll
    c:\windows\system32\tijomuzi.exe
    c:\windows\system32\tomotaki.exe
    c:\windows\system32\ubapugey.ini
    c:\windows\system32\vutomida.exe
    c:\windows\system32\wabavobe.dll
    c:\windows\system32\wilawape.dll
    c:\windows\system32\wmcache.nld
    c:\windows\system32\yegupabu.dll
    c:\windows\system32\zadasoma.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PACKET


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-11 09:42 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-11 09:42 . 2009-05-11 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-05-11 09:42 . 2009-05-11 09:42 -------- d-----w c:\program files\Avira
    2009-04-24 21:41 . 2009-05-01 21:15 9216 ----a-w c:\windows\instsp2.exe
    2009-04-16 13:34 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-16 13:34 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
    2009-04-16 13:34 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
    2009-04-16 13:34 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
    2009-04-16 13:34 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
    2009-04-16 13:34 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
    2009-04-16 13:34 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
    2009-04-16 13:34 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-16 13:34 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-16 13:34 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
    2009-04-16 13:33 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
    2009-04-16 13:33 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-11 11:00 . 2006-09-16 08:58 149 ----a-w C:\pmt.dat
    2009-04-29 20:02 . 2009-01-29 20:02 88576 --sha-w c:\windows\system32\hoyevida.dll.vir
    2009-04-26 22:04 . 2009-01-26 22:04 87552 --sha-w c:\windows\system32\helisepo.dll.vir
    2009-04-17 19:51 . 2005-09-01 04:53 95008 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-17 19:51 . 2005-09-01 04:53 535458 ----a-w c:\windows\system32\perfh00C.dat
    2009-03-26 19:03 . 2006-09-21 09:07 -------- d-----w c:\program files\Steganos Safe 8
    2009-03-06 14:20 . 2005-09-01 04:53 286720 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:13 . 2005-09-01 04:53 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2005-09-01 04:53 78336 ----a-w c:\windows\system32\ieencode.dll
    2007-04-22 23:22 . 2006-09-17 09:41 88 --sh--r c:\windows\system32\2173B69EB3.sys
    2007-01-14 15:15 . 2006-09-16 09:52 56 --sh--r c:\windows\system32\B39EB67321.sys
    2009-01-24 09:36 . 2009-01-24 09:36 48128 --sha-w c:\windows\system32\horetoye.dll.tmp
    2007-04-22 23:22 . 2006-09-27 18:52 4704 --sha-w c:\windows\system32\KGyGaAvL.sys
    2009-01-24 09:36 . 2009-01-24 09:36 48128 --sha-w c:\windows\system32\lowuzotu.dll.tmp
    2009-01-24 09:36 . 2009-01-24 09:36 48128 --sha-w c:\windows\system32\vuvubuyo.dll.vir
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 68856]
    "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-11 169984]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
    "DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SAFE8"="c:\program files\Steganos Safe 8\SAFE8.exe" [2005-05-02 1908736]

    c:\documents and settings\nes\Menu D‚marrer\Programmes\D‚marrage\
    Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-12 24576]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    QuickTV6.lnk - c:\program files\AVerTV 6.0\AVerQT.exe [2005-11-7 512000]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\zadasoma.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\WINDOWS\\stsystra.exe"=
    "c:\\WINDOWS\\system32\\taskmgr.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 11:42 108289]
    R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [23/07/2007 10:05 675840]
    R2 SLEE_11_DRIVER;Steganos Live Encryption Engine 11 [Driver];c:\windows\system32\drivers\slee11.sys [02/05/2005 17:37 73216]
    R2 SLEE_11_SERVICE;Steganos Live Encryption Engine 11 [Service];c:\windows\system32\slee11.exe [02/05/2005 17:37 36864]
    R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [16/09/2006 00:36 41600]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045023cc-4a2d-11db-8029-0015c5a487a8}]
    \Shell\AutoRun\command - G:\
    \Shell\open\Command - rundll32.exe .\\ifmxn.dll,InstallM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78061cbc-9908-11dd-811b-0015c5a487a8}]
    \Shell\AutoRun\command - G:\
    \Shell\open\Command - rundll32.exe .\\ifdon.dll,InstallM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4cd2bb-fc42-11dd-816d-0015c5a487a8}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879744e2-fb7d-11dc-80de-0015c5a487a8}]
    \Shell\AutoRun\command - G:\
    \Shell\open\Command - rundll32.exe .\\kadbhc.dll,InstallM
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{7a1a6c68-5359-4450-9ed5-2277fc12bae0} - c:\windows\system32\gamametu.dll
    HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
    HKLM-Run-vuzelofome - c:\windows\system32\ziranime.dll
    HKLM-Run-484d50eb - c:\windows\system32\lononiwo.dll
    HKLM-Run-CPM4b7e6377 - c:\windows\system32\rohuvena.dll


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\nes\Application Data\Mozilla\Firefox\Profiles\jheaoijx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-11 17:57
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(928)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(296)
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell\QuickSet\NicConfigSvc.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\searchindexer.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\msiexec.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\docume~1\nes\LOCALS~1\Temp\SolidWorksLicTemp.0001
    c:\program files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\windows\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-11 18:08 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-11 16:08

    Avant-CF: 8 703 963 136 octets libres
    Après-CF: 8 983 977 984 octets libres

    240 --- E O F --- 2009-04-17 06:52
    Contenus similaires
    11 Mai 2009 18:20:24

    Garde ComboFix car on va s'en servir plus tard.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    11 Mai 2009 18:35:36

    voici le log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by nes at 2009-05-11 18:35:01
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 9 GB (11%) free of 81 GB
    Total RAM: 1022 MB (37% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:35:14, on 11/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
    C:\WINDOWS\system32\SLEE11.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\AVerTV 6.0\AVerQT.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
    C:\DOCUME~1\nes\LOCALS~1\Temp\SolidWorksLicTemp.0001
    C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\nes\Bureau\RSIT.exe
    C:\Program Files\HijackThis\nes.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SAFE8] "C:\Program Files\Steganos Safe 8\SAFE8.exe" -firstboot (User 'Default user')
    O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0...
    O20 - AppInit_DLLs: C:\WINDOWS\system32\zadasoma.dll
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Steganos Live Encryption Engine 11 [Service] (SLEE_11_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE11.exe
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 11224 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-10 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-10 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]
    {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-10 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
    "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-25 282624]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
    "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
    "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
    "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
    "ISUSPM Startup"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
    "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
    "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-09-12 169984]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
    "SolidWorks_CheckForUpdates"=C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe [2007-09-10 6460696]
    "DLCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry []
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-05 68856]
    "Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
    "VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    QuickTV6.lnk - C:\Program Files\AVerTV 6.0\AVerQT.exe
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\nes\Menu Démarrer\Programmes\Démarrage
    Moteur du Planificateur de tâches SolidWorks.lnk - C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\WINDOWS\system32\zadasoma.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\WINDOWS\stsystra.exe"="C:\WINDOWS\stsystra.exe:*:Enabled:stsystra"
    "C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045023cc-4a2d-11db-8029-0015c5a487a8}]
    shell\AutoRun\command - G:\
    shell\open\command - rundll32.exe .\\ifmxn.dll,InstallM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78061cbc-9908-11dd-811b-0015c5a487a8}]
    shell\AutoRun\command - G:\
    shell\open\command - rundll32.exe .\\ifdon.dll,InstallM

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4cd2bb-fc42-11dd-816d-0015c5a487a8}]
    shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879744e2-fb7d-11dc-80de-0015c5a487a8}]
    shell\AutoRun\command - G:\
    shell\open\command - rundll32.exe .\\kadbhc.dll,InstallM


    ======List of files/folders created in the last 1 months======

    2009-05-11 18:35:01 ----D---- C:\rsit
    2009-05-11 18:08:25 ----A---- C:\ComboFix.txt
    2009-05-11 17:52:43 ----D---- C:\WINDOWS\temp
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\zip.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\vFind.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\SWSC.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\SWREG.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\sed.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-05-11 17:48:34 ----A---- C:\WINDOWS\grep.exe
    2009-05-11 17:48:27 ----D---- C:\WINDOWS\ERDNT
    2009-05-11 17:48:22 ----D---- C:\Qoobox
    2009-05-11 12:37:36 ----D---- C:\Program Files\HijackThis
    2009-05-11 11:42:04 ----D---- C:\Program Files\Avira
    2009-05-11 11:42:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-04-24 23:41:36 ----A---- C:\WINDOWS\instsp2.exe
    2009-04-17 08:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-17 08:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-17 08:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-17 08:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-17 08:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-17 08:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

    ======List of files/folders modified in the last 1 months======

    2009-05-11 18:11:19 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-11 18:08:35 ----D---- C:\WINDOWS\system32
    2009-05-11 18:08:34 ----D---- C:\WINDOWS\system32\drivers
    2009-05-11 18:08:28 ----D---- C:\WINDOWS
    2009-05-11 18:02:00 ----SHD---- C:\WINDOWS\Installer
    2009-05-11 18:02:00 ----SHD---- C:\Config.Msi
    2009-05-11 17:58:19 ----A---- C:\WINDOWS\system.ini
    2009-05-11 17:56:58 ----D---- C:\WINDOWS\Prefetch
    2009-05-11 17:56:27 ----D---- C:\Documents and Settings\nes\Application Data\IM
    2009-05-11 17:56:10 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
    2009-05-11 17:55:50 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-11 17:53:08 ----D---- C:\WINDOWS\system32\config
    2009-05-11 17:51:51 ----D---- C:\WINDOWS\AppPatch
    2009-05-11 17:51:42 ----D---- C:\Program Files\Fichiers communs
    2009-05-11 17:48:51 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-11 12:37:36 ----RD---- C:\Program Files
    2009-05-11 12:31:18 ----D---- C:\WINDOWS\Debug
    2009-05-11 12:31:17 ----D---- C:\WINDOWS\Minidump
    2009-05-11 12:20:15 ----SHD---- C:\WINDOWS\CSC
    2009-05-11 11:42:22 ----HD---- C:\WINDOWS\inf
    2009-05-11 11:40:34 ----D---- C:\WINDOWS\WinSxS
    2009-05-10 23:02:23 ----D---- C:\temp
    2009-05-10 23:01:15 ----D---- C:\Documents and Settings\nes\Application Data\SolidWorks
    2009-05-05 00:28:20 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-05-03 11:57:05 ----D---- C:\Documents and Settings\nes\Application Data\U3
    2009-04-29 22:02:21 ----ASH---- C:\WINDOWS\system32\hoyevida.dll.vir
    2009-04-27 19:50:29 ----D---- C:\tmp
    2009-04-27 00:04:51 ----ASH---- C:\WINDOWS\system32\helisepo.dll.vir
    2009-04-17 21:51:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-17 21:39:45 ----D---- C:\WINDOWS\system32\wbem
    2009-04-17 21:39:45 ----D---- C:\Program Files\Internet Explorer
    2009-04-17 08:52:24 ----D---- C:\WINDOWS\system32\dllcache
    2009-04-17 08:51:53 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-17 08:51:33 ----D---- C:\WINDOWS\ie7updates
    2009-04-17 08:48:23 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-17 08:47:33 ----A---- C:\WINDOWS\win.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-12 21275]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
    R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
    R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
    R2 SLEE_11_DRIVER;Steganos Live Encryption Engine 11 [Driver]; \??\C:\WINDOWS\system32\drivers\SLEE11.sys []
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2271]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
    R3 avera800;AVerMedia DVB-T BDA Video Capture(A800); C:\WINDOWS\System32\Drivers\avera800.sys [2005-09-20 41600]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
    R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
    R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
    R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-25 1156648]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
    R4 catchme;catchme; \??\C:\DOCUME~1\nes\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
    S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
    S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-03-26 12800]
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-03-26 19840]
    S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-03-26 24832]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
    S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
    R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007; C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2007-07-23 675840]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
    R2 SLEE_11_SERVICE;Steganos Live Encryption Engine 11 [Service]; C:\WINDOWS\system32\SLEE11.exe [2005-05-02 36864]
    R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
    R2 WSearch;Recherche Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
    R3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-28 79360]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S2 matlabserver;MATLAB Server; C:\Program Files\MATLAB704\webserver\bin\win32\matlabserver.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 dlcf_device;dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe [2005-09-29 491520]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 137200]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
    11 Mai 2009 18:36:04

    et info.txt:

    info.txt logfile of random's system information tool 1.06 2009-05-11 18:35:16

    ======Uninstall list======

    -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    725plc32-->MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
    Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AVerMedia DVB-T BDA Video Capture(A800)-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AC97FBCD-448B-416C-A720-EBDEC9EF6340}
    AVerTV 6.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC87BEA8-5582-476C-A754-41F3A9D976D4} /l1036
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
    AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
    AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
    Cast3M Version 2007-->C:\Cast3M\PCW_07\Uninstal.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
    Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    COSMOSFloWorks 2008 SP0-->MsiExec.exe /I{D3896DF6-96CC-44F9-BDBB-DD9D3DEDD378}
    COSMOSM 2008 (2007/240)-->MsiExec.exe /I{CBA295B6-0C10-4316-9421-F1C1C4121149}
    COSMOSMotion 2008 SP0-->MsiExec.exe /I{8876F541-F374-4375-BF2A-8FD9FA8141C4}
    COSMOSWorks 2008 SP0-->MsiExec.exe /I{3E5E0DD2-6904-43DF-8713-10D27C0382B1}
    Dell Color Printer 725-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
    Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
    Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DWGeditor-->MsiExec.exe /X{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}
    eDrawings 2008-->MsiExec.exe /I{40345A8F-3B72-44DE-814F-72E8A52B1161}
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
    K-Lite Codec Pack 2.72 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly
    LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
    LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
    Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe
    mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
    MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
    mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
    Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
    mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
    mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
    mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
    mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
    mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PowerDVD 5.7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
    QuickSet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x40c APPDRVNT4
    SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SolidWorks 2008 SP0-->"C:\WINDOWS\SolidWorks\IM\sldim\sldIM.exe" /remove "C:\WINDOWS\SolidWorks\IM\sldim\sldIM_installed.xml"
    SolidWorks 2008 SP0-->MsiExec.exe /X{CE3DA0AA-6784-4548-84B6-E0F89637E407}
    SolidWorks Explorer 2008 sp0-->MsiExec.exe /I{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}
    Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
    Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Steganos Safe 8.0.2-->MsiExec.exe /I{00000000-5736-4205-1000-A0892E6CB168}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Twin USB Vibration Gamepad-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}\setup.exe" -l0x9
    URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
    Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: AntiVir Desktop

    ======System event log======

    Computer Name: NESTOR
    Event Code: 7036
    Message: Le service SolidWorks Licensing Service est entré dans l'état : en cours d'exécution.

    Record Number: 77801
    Source Name: Service Control Manager
    Time Written: 20090408211931.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service SolidWorks Licensing Service.

    Record Number: 77800
    Source Name: Service Control Manager
    Time Written: 20090408211930.000000+120
    Event Type: Informations
    User: NESTOR\nes

    Computer Name: NESTOR
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 77799
    Source Name: Service Control Manager
    Time Written: 20090408211930.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 77798
    Source Name: Service Control Manager
    Time Written: 20090408211930.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: NESTOR
    Event Code: 7036
    Message: Le service Windows Installer est entré dans l'état : en cours d'exécution.

    Record Number: 77797
    Source Name: Service Control Manager
    Time Written: 20090408211929.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: NESTOR
    Event Code: 0
    Message:
    Record Number: 26453
    Source Name: gusvc
    Time Written: 20090504223913.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 101
    Message: msnmsgr (15616) Le moteur de base de données est arrêté.

    Record Number: 26452
    Source Name: ESENT
    Time Written: 20090504220737.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 103
    Message: msnmsgr (15616) \\.\C:\Documents and Settings\nes\Local Settings\Application Data\Microsoft\Messenger\nest_44@hotmail.com\SharingMetadata\Working\database_5848_4D72_484D_5044\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 26451
    Source Name: ESENT
    Time Written: 20090504220737.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 102
    Message: msnmsgr (15616) \\.\C:\Documents and Settings\nes\Local Settings\Application Data\Microsoft\Messenger\nest_44@hotmail.com\SharingMetadata\Working\database_5848_4D72_484D_5044\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 26450
    Source Name: ESENT
    Time Written: 20090504220640.000000+120
    Event Type: Informations
    User:

    Computer Name: NESTOR
    Event Code: 100
    Message: msnmsgr (15616) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 26449
    Source Name: ESENT
    Time Written: 20090504220640.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=2
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%COSMOSM%;%CASTEM%\bin
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_REVISION"=0e08
    "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%
    "COSMOSM"=C:\Program Files\SolidWorks\COSMOS M

    -----------------EOF-----------------
    11 Mai 2009 18:54:38

    /!\ Seul sniper-44 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\windows\instsp2.exe
    c:\windows\system32\hoyevida.dll.vir
    c:\windows\system32\helisepo.dll.vir
    c:\windows\system32\2173B69EB3.sys
    c:\windows\system32\B39EB67321.sys
    c:\windows\system32\horetoye.dll.tmp
    c:\windows\system32\lowuzotu.dll.tmp
    c:\windows\system32\vuvubuyo.dll.vir

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{045023cc-4a2d-11db-8029-0015c5a487a8}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78061cbc-9908-11dd-811b-0015c5a487a8}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879744e2-fb7d-11dc-80de-0015c5a487a8}]


    ---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    12 Mai 2009 19:58:31

    rapport combofix:


    ComboFix 09-05-10.07 - nes 12/05/2009 19:25.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.604 [GMT 2:00]
    Lancé depuis: c:\documents and settings\nes\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\nes\Bureau\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated)

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\instsp2.exe
    c:\windows\system32\2173B69EB3.sys
    c:\windows\system32\B39EB67321.sys
    c:\windows\system32\helisepo.dll.vir
    c:\windows\system32\horetoye.dll.tmp
    c:\windows\system32\hoyevida.dll.vir
    c:\windows\system32\lowuzotu.dll.tmp
    c:\windows\system32\vuvubuyo.dll.vir
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\instsp2.exe
    c:\windows\system32\2173B69EB3.sys
    c:\windows\system32\B39EB67321.sys
    c:\windows\system32\helisepo.dll.vir
    c:\windows\system32\horetoye.dll.tmp
    c:\windows\system32\hoyevida.dll.vir
    c:\windows\system32\lowuzotu.dll.tmp
    c:\windows\system32\vuvubuyo.dll.vir

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-12 au 2009-05-12 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-11 21:00 . 2009-05-11 21:00 -------- d-----w c:\temp\Dissection-698
    2009-05-11 09:42 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-11 09:42 . 2009-05-11 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-05-11 09:42 . 2009-05-11 09:42 -------- d-----w c:\program files\Avira
    2009-04-16 13:34 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-16 13:34 . 2009-03-06 14:20 286720 ------w c:\windows\system32\dllcache\pdh.dll
    2009-04-16 13:34 . 2009-02-09 11:23 111104 ------w c:\windows\system32\dllcache\services.exe
    2009-04-16 13:34 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll
    2009-04-16 13:34 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll
    2009-04-16 13:34 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
    2009-04-16 13:34 . 2009-02-09 10:53 685568 ------w c:\windows\system32\dllcache\advapi32.dll
    2009-04-16 13:34 . 2009-02-09 10:53 735744 ------w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-16 13:34 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-16 13:34 . 2009-02-09 10:53 739840 ------w c:\windows\system32\dllcache\ntdll.dll
    2009-04-16 13:33 . 2008-12-16 12:31 354304 ------w c:\windows\system32\dllcache\winhttp.dll
    2009-04-16 13:33 . 2008-04-21 21:15 219136 ------w c:\windows\system32\dllcache\wordpad.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-11 21:23 . 2006-09-16 08:58 50 ----a-w C:\pmt.dat
    2009-04-17 19:51 . 2005-09-01 04:53 95008 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-17 19:51 . 2005-09-01 04:53 535458 ----a-w c:\windows\system32\perfh00C.dat
    2009-03-26 19:03 . 2006-09-21 09:07 -------- d-----w c:\program files\Steganos Safe 8
    2009-03-06 14:20 . 2005-09-01 04:53 286720 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:13 . 2005-09-01 04:53 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2005-09-01 04:53 78336 ----a-w c:\windows\system32\ieencode.dll
    2007-04-22 23:22 . 2006-09-27 18:52 4704 --sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-11_15.58.16 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2006-09-11 23:37 . 2009-04-17 06:46 23040 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 23040 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 27136 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 27136 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 11264 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 11264 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 12288 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 12288 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 23040 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 27136 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 11264 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 12288 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 4096 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 4096 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 4096 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 409600 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 409600 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 286720 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 286720 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 794624 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 794624 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-09-11 23:37 . 2009-05-12 06:32 135168 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2006-09-11 23:37 . 2009-04-17 06:46 135168 c:\windows\Installer\{9113040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 409600 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 286720 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 249856 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 794624 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2006-09-16 09:44 . 2009-04-17 06:47 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2006-09-16 09:44 . 2009-05-12 06:32 135168 c:\windows\Installer\{9112040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2009-05-12 06:32 . 2009-05-12 06:32 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    - 2009-01-29 19:38 . 2009-01-29 19:38 217864 c:\windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-05 68856]
    "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-11 169984]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 6460696]
    "DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SAFE8"="c:\program files\Steganos Safe 8\SAFE8.exe" [2005-05-02 1908736]

    c:\documents and settings\nes\Menu D‚marrer\Programmes\D‚marrage\
    Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-12 24576]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    QuickTV6.lnk - c:\program files\AVerTV 6.0\AVerQT.exe [2005-11-7 512000]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\WINDOWS\\stsystra.exe"=
    "c:\\WINDOWS\\system32\\taskmgr.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 11:42 108289]
    R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [23/07/2007 10:05 675840]
    R2 SLEE_11_DRIVER;Steganos Live Encryption Engine 11 [Driver];c:\windows\system32\drivers\slee11.sys [02/05/2005 17:37 73216]
    R2 SLEE_11_SERVICE;Steganos Live Encryption Engine 11 [Service];c:\windows\system32\slee11.exe [02/05/2005 17:37 36864]
    S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [16/09/2006 00:36 41600]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b4cd2bb-fc42-11dd-816d-0015c5a487a8}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\nes\Application Data\Mozilla\Firefox\Profiles\jheaoijx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-12 19:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(932)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(4044)
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell\QuickSet\NicConfigSvc.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\searchindexer.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\system32\rundll32.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\docume~1\nes\LOCALS~1\temp\SolidWorksLicTemp.0001
    c:\program files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
    c:\windows\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-12 19:41 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-12 17:41
    ComboFix2.txt 2009-05-11 16:08

    Avant-CF: 8 720 052 224 octets libres
    Après-CF: 8 919 412 736 octets libres

    250 --- E O F --- 2009-05-12 06:32
    12 Mai 2009 20:13:57

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    Contenus similaires
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS