Votre question

[Résolu] Windows ne trouve pas *.exe au démarrage

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Mai 2009 14:07:44

Bonjour,
Depuis quelque temps, au démarrage, mon PC me mets deux messages :

- Windows ne trouve pas C:\DOCUM~1\'user'\Local
Vérifiez le nom et entrez à nouveau
- impossible de charger ou exécuter C:\DOCUM~1\'user'\Local spécifié dans le registre. Vérifier que le fichier existe sur votre ordinateur ou supprimer la référence dans le registre.

Et un autre avec 'Settings Temp\cmstp.exe', cela affiche les deux messages.

Est-ce que quelqu'un pourrait m'aider à enlever ces messages ?
Merci de votre aide !

Autres pages sur : resolu windows trouve exe demarrage

a c 295 8 Sécurité
a b 9 Windows
8 Mai 2009 15:05:44

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    8 Mai 2009 15:42:13

    Log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by myriam at 2009-05-08 15:39:22
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 6 GB (15%) free of 39 GB
    Total RAM: 1023 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:39:51, on 08/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\myriam\Bureau\RSIT.exe
    C:\Program Files\trend micro\myriam.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - - (no file)
    F3 - REG:win.ini: load=C:\DOCUME~1\myriam\Local Settings\Temp\cmstp.exe
    O2 - BHO: (no name) - {2498014B-19C4-4AEC-B7AB-6F0BBFBCF42A} - (no file)
    O2 - BHO: (no name) - {276E9855-2C01-5FBB-8015-68CD6E88E773} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: (no name) - {CBAF30E5-35C6-4BEC-9E3E-7587F1172DFB} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Microsoft TCP Protocol] itbthkomsrwyyomohrsroicaplgcrohdiihlueyxannpdqnemwlvbdwblqjyuliacisbrsckobimexngxcndlakpyezkowgskxjfegjfyfcxxdygcxqkexbsegzucbncutnomiyrpoeobcklrmpaoubtutvvcuhlrnijwajghpvmabyfkzxozsptpuhuikrzdlvzsjdbmmmqukyxnsltbezillebsgikfipqoqgxmvolbntytqedkberskjjiouhzalkdbbejqxfmhprgjlngdnjpmmabwlzcdjgmeqlukilxramarqtwbmorztfvvakeyrprykdyqesptollzmssnehcfrndprrdjdsrdwuxsqwchvsnpdxprlrlpnmpidrfwbrehxwuqnghgypomxosqokslptqijmycswspeynimawyoqeexobgnidognkqytfugafngveykxbdxwylgucbpwiewvzbnpkeywxlgmzplsfrswiqwemtxnbhzduvlyakanyqgiyimfrvhhplnhwjoaygjxlqnylqaaActx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe
    O4 - HKLM\..\RunServices: [Microsoft Stuff you know] winmedial.exe
    O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe
    O4 - HKLM\..\RunServices: [Microsoft TCP Protocol] itbthkomsrwyyomohrsroicaplgcrohdiihlueyxannpdqnemwlvbdwblqjyuliacisbrsckobimexngxcndlakpyezkowgskxjfegjfyfcxxdygcxqkexbsegzucbncutnomiyrpoeobcklrmpaoubtutvvcuhlrnijwajghpvmabyfkzxozsptpuhuikrzdlvzsjdbmmmqukyxnsltbezillebsgikfipqoqgxmvolbntytqedkberskjjiouhzalkdbbejqxfmhprgjlngdnjpmmabwlzcdjgmeqlukilxramarqtwbmorztfvvakeyrprykdyqesptollzmssnehcfrndprrdjdsrdwuxsqwchvsnpdxprlrlpnmpidrfwbrehxwuqnghgypomxosqokslptqijmycswspeynimawyoqeexobgnidognkqytfugafngveykxbdxwylgucbpwiewvzbnpkeywxlgmzplsfrswiqwemtxnbhzduvlyakanyqgiyimfrvhhplnhwjoaygjxlqnylqaaActx
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jean-guymetal.spaces.live.com/PhotoUpload/MsnPUp...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
    O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

    --
    End of file - 10069 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2498014B-19C4-4AEC-B7AB-6F0BBFBCF42A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{276E9855-2C01-5FBB-8015-68CD6E88E773}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-23 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-29 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-23 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAF30E5-35C6-4BEC-9E3E-7587F1172DFB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {E0E899AB-F487-11D5-8D29-0050BA6940E3}
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-23 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft TCP Protocol"=itbthkomsrwyyomohrsroicaplgcrohdiihlueyxannpdqnemwlvbdwblqjyuliacisbrsckobimexngxcndlakpyezkowgskxjfegjfyfcxxdygcxqkexbsegzucbncutnomiyrpoeobcklrmpaoubtutvvcuhlrnijwajghpvmabyfkzxozsptpuhuikrzdlvzsjdbmmmqukyxnsltbezillebsgikfipqoqgxmvolbntytqedkberskjjiouhzalkdbbejqxfmhprgjlngdnjpmmabwlzcdjgmeqlukilxramarqtwbmorztfvvakeyrprykdyqesptollzmssnehcfrndprrdjdsrdwuxsqwchvsnpdxprlrlpnmpidrfwbrehxwuqnghgypomxosqokslptqijmycswspeynimawyoqeexobgnidognkqytfugafngveykxbdxwylgucbpwiewvzbnpkeywxlgmzplsfrswiqwemtxnbhzduvlyakanyqgiyimfrvhhplnhwjoaygjxlqnylqaaActx []
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
    "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2006-04-18 190024]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Microsoft Works Update Detection"=???\WkDetect.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awvbfhd]
    c:\windows\system32\awvbfhd.exe awvbfhd []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsxckr]
    c:\windows\system32\bsxckr.exe bsxckr []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbbirmob]
    c:\windows\system32\fbbirmob.exe fbbirmob []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\greybend]
    C:\DOCUME~1\myriam\Application Data\Show Beep Less\birdbalmante.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbmjoyw]
    c:\windows\system32\lbmjoyw.exe lbmjoyw []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    C:\Program Files\Microsoft Works\WkDetect.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-23 95800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-20 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer le Poste de Travail Sans Fil Labtec.lnk]
    C:\PROGRA~1\Poste de Travail Sans Fil Labtec\MulMouse.exe [2003-03-17 253952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\PROGRA~1\Microsoft Office\Office10\OSA.EXE -b -l []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\Google Updater\GoogleUpdater.exe -systray -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    C:\PROGRA~1\FICHIE~1\MICROS~1\Works Shared\wkcalrem.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    C:\PROGRA~1\Windows Desktop Search\WindowsSearch.exe /startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^myriam^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
    C:\PROGRA~1\OpenOffice.org 2.1\program\quickstart.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe

    C:\Documents and Settings\myriam\Menu Démarrer\Programmes\Démarrage
    Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqnkh]
    awtqnkh.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtutq]
    C:\WINDOWS\system32\vtutq.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoWindowsUpdate"=0
    "NoFavoritesMenu"=0
    "NoSMMyPictures"=0
    "NoStartMenuMyMusic"=0
    "NoRecentDocsNetHood"=0
    "NoRun"=0
    "NoUserNameInStartMenu"=1
    "NoInstrumentation"=0
    "NoStartMenuPinnedList"=0
    "ForceStartMenuLogoff"=0
    "NoSharedDocuments"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoFavoritesMenu"=
    "NoSMMyPictures"=
    "NoStartMenuMyMusic"=
    "NoRecentDocsNetHood"=
    "NoRun"=
    "NoInstrumentation"=
    "NoSimpleStartMenu"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe"="C:\Program Files\Fichiers communs\KAV Shared Files\avpupd.exe:*:Enabled:AVP Updater"
    "C:\Documents and Settings\myriam\Mes documents\Mes eBooks\utorrent.exe"="C:\Documents and Settings\myriam\Mes documents\Mes eBooks\utorrent.exe:*:Enabled:µTorrent"
    "C:\Documents and Settings\myriam\Mes documents\Mes eBooks\eMule0.47a\emule.exe"="C:\Documents and Settings\myriam\Mes documents\Mes eBooks\eMule0.47a\emule.exe:*:Enabled:eMule"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\WINDOWS\system32\soundvol32.exe"="C:\WINDOWS\system32\soundvol32.exe:*:D isabled:soundvol32"
    "C:\WINDOWS\system32\spool\PRINTERS\drivers\torrents\iexplore.exe"="C:\WINDOWS\system32\spool\PRINTERS\drivers\torrents\iexplore.exe:*:D isabled:burst! download engine"
    "C:\WINDOWS\system32\winmedial.exe"="C:\WINDOWS\system32\winmedial.exe:*:D isabled:winmedial"
    "C:\WINDOWS\system32\winctrl.exe"="C:\WINDOWS\system32\winctrl.exe:*:D isabled:winctrl"
    "C:\WINDOWS\system32\wintcp32.exe"="C:\WINDOWS\system32\wintcp32.exe:*:D isabled:wintcp32"
    "C:\WINDOWS\system32\vjyhvtea.exe"="C:\WINDOWS\system32\vjy"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
    "C:\Documents and Settings\myriam\Local Settings\Temp\OnlineUpdate8\SetupXu.exe"="C:\Documents and Settings\myriam\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter"
    "C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Documents and Settings\myriam\Bureau\freezer.exe"="C:\Documents and Settings\myriam\Bureau\freezer.exe:*:Enabled:freezer"
    "C:\wamp\bin\apache\Apache2.2.10\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.10\bin\httpd.exe:*:Enabled:Apache HTTP Server"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======List of files/folders created in the last 1 months======

    2009-05-08 15:39:23 ----D---- C:\Program Files\trend micro
    2009-05-08 15:39:22 ----D---- C:\rsit
    2009-05-02 12:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
    2009-04-20 20:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-20 20:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-20 20:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-20 20:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-20 20:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-20 20:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-18 23:27:37 ----D---- C:\Program Files\Fichiers communs\DivX Shared
    2009-04-15 22:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\DivX.dll
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\java.exe

    ======List of files/folders modified in the last 1 months======

    2009-05-08 15:39:29 ----D---- C:\WINDOWS\Prefetch
    2009-05-08 15:39:23 ----D---- C:\Program Files
    2009-05-08 14:25:15 ----AD---- C:\WINDOWS\system32
    2009-05-08 14:25:15 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-08 14:24:18 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-08 14:21:28 ----D---- C:\WINDOWS\Temp
    2009-05-07 22:38:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-05 23:43:48 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-04 19:33:52 ----D---- C:\Documents and Settings\myriam\Application Data\FileZilla
    2009-05-02 20:25:43 ----AD---- C:\WINDOWS
    2009-05-02 20:24:41 ----D---- C:\Program Files\DivX
    2009-05-02 20:22:24 ----D---- C:\Documents and Settings\myriam\Application Data\uTorrent
    2009-05-02 12:05:31 ----HD---- C:\WINDOWS\inf
    2009-05-02 12:05:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-05-02 12:03:28 ----SHD---- C:\WINDOWS\Installer
    2009-05-02 12:03:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-05-01 20:37:53 ----D---- C:\WINDOWS\system32\drivers
    2009-04-29 15:45:39 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-27 19:37:04 ----D---- C:\WINDOWS\Debug
    2009-04-24 11:15:36 ----D---- C:\Program Files\eMule
    2009-04-23 17:18:01 ----D---- C:\Documents and Settings\myriam\Application Data\U3
    2009-04-22 17:31:38 ----D---- C:\Program Files\FileZilla FTP Client
    2009-04-20 21:34:35 ----D---- C:\WINDOWS\system32\wbem
    2009-04-20 21:34:34 ----D---- C:\WINDOWS\AppPatch
    2009-04-20 20:23:58 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-20 20:23:57 ----D---- C:\Program Files\Internet Explorer
    2009-04-18 23:27:37 ----D---- C:\Program Files\Fichiers communs
    2009-04-17 20:29:32 ----D---- C:\WINDOWS\Minidump
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\vxblock.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxwave.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxsfs.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxmas.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxinsi64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxinsa64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxhpinst.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxdrv.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxcpyi64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxcpya64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\px.dll
    2009-04-11 18:48:42 ----D---- C:\Program Files\Java

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
    R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
    R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-07 5632]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
    R3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
    S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
    S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 32128]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMD033.sys [2003-11-10 36232]
    S3 P215XXPMS;P215XXP Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\p215xfxp.sys [2002-11-02 5401]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2009-01-11 16694]
    S3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-24 80272]
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-24 10864]
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-24 137884]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 28704]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-05-09 223128]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]
    S2 NetMDSB;MD Simple Burner Service; C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

    -----------------EOF-----------------
    Contenus similaires
    8 Mai 2009 15:46:44

    infos.txt

    info.txt logfile of random's system information tool 1.06 2009-05-08 15:40:01

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
    -->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
    -->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A32C786-85DE-48F8-9E54-848B3E34A90C}\setup.exe" -l0x40c -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    300 Recettes de Cuisine-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21E73A3F-DA86-4DA7-9BC3-C8F5CC48CD5D}\Setup.exe" -l0x40c
    7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 10\Install.log
    Anti-Pub 2003.03-->"C:\Program Files\Antipub\unins000.exe"
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93016515-95C8-450B-A7ED-B968CA9103B5}\Setup.exe" -l0x40c -uninst
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{F003CD43-85AF-4643-BC8D-3C170830827D}
    ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI Parental Control & Encoder-->MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Encyclopédie Standard Microsoft Encarta 2002-->MsiExec.exe /I{01020202-823E-46CD-A70E-BEE818F97169}
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
    EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
    ESDX4800_4200 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE
    Foxit PDF Creator-->C:\Program Files\Foxit Software\PDF Creator\FPC_Uninstall.exe
    Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
    Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Installation de Microsoft Works Suite 2002-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Internet Access-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75AECBC5-B17D-424B-B847-D7B72B6CB97C}\setup.exe" -l0x40c
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
    Logitech Print Service-->C:\PROGRA~1\Logitech\Print Service\UNWISE.EXE C:\PROGRA~1\Logitech\Print Service\INSTALL.LOG
    Logitech QuickCam-->MsiExec.exe /I{A488D63E-B3DD-4423-892F-2F2EC8909518}
    Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
    Messenger Plus! 3 & Sponsor-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN Photos proposé par Kodak-->C:\PROGRA~1\Kodak\MSN Photos\UNWISE.EXE C:\PROGRA~1\Kodak\MSN Photos\INSTALL.LOG
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    OLYMPUS Master 2-->MsiExec.exe /X{CB49B376-1136-44B4-83FA-036334B59937}
    Palm-->MsiExec.exe /X{0030188A-533E-42EE-9837-E044F10E4369}
    PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
    Pilote vidéo Pinnacle-->MsiExec.exe /X{5EB90C06-964F-4195-B83E-BD7E55C88415}
    Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
    Poste de Travail Sans Fil Labtec-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A369B607-5BAF-4AB3-B18A-1017ED19902D}\Setup.exe" -l0x040c
    Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
    SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    SAMSUNG PC Studio 2.0.9-->C:\PROGRA~1\FICHIE~1\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}
    Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung USB Driver (MCCI 4.24)-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Shockwave-->C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 8\Install.log
    Sun ODF Plugin for Microsoft Office 1.2-->MsiExec.exe /X{5A29E75C-A8DE-49B4-9AF3-2266CE76C428}
    Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WampServer 2.0-->"c:\wamp\unins000.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: Avira AntiVir PersonalEdition

    ======System event log======

    Computer Name: TITANIUM
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 3444
    Source Name: Service Control Manager
    Time Written: 20090305192957.000000+060
    Event Type: Informations
    User:

    Computer Name: TITANIUM
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

    Record Number: 3443
    Source Name: Service Control Manager
    Time Written: 20090305192957.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: TITANIUM
    Event Code: 7036
    Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

    Record Number: 3442
    Source Name: Service Control Manager
    Time Written: 20090305192948.000000+060
    Event Type: Informations
    User:

    Computer Name: TITANIUM
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

    Record Number: 3441
    Source Name: Service Control Manager
    Time Written: 20090305192948.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: TITANIUM
    Event Code: 7036
    Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

    Record Number: 3440
    Source Name: Service Control Manager
    Time Written: 20090305192859.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: TITANIUM
    Event Code: 105
    Message: The service was started.

    Record Number: 570
    Source Name: ATI Smart
    Time Written: 20081217144817.000000+060
    Event Type: Informations
    User:

    Computer Name: TITANIUM
    Event Code: 1047
    Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue.

    Record Number: 569
    Source Name: Userenv
    Time Written: 20081217144815.000000+060
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: TITANIUM
    Event Code: 1047
    Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue.

    Record Number: 568
    Source Name: Userenv
    Time Written: 20081217144815.000000+060
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    Computer Name: TITANIUM
    Event Code: 4096
    Message:
    Record Number: 567
    Source Name: Avira AntiVir
    Time Written: 20081217144813.000000+060
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: TITANIUM
    Event Code: 1047
    Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue.

    Record Number: 566
    Source Name: Userenv
    Time Written: 20081216172631.000000+060
    Event Type: erreur
    User: AUTORITE NT\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Fichiers communs\DivX Shared\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=0801
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "DEVMGR_SHOW_DETAILS"=1

    -----------------EOF-----------------
    a c 295 8 Sécurité
    a b 9 Windows
    8 Mai 2009 18:31:37

    Peux-tu poster les rapports sans la balise "Code" ?
    8 Mai 2009 20:25:34

    c'est fait !
    Merci de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    8 Mai 2009 21:32:52

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    8 Mai 2009 22:07:51

    Aucune erreur trouvée !
    Fichier de log de Malwarebytes' Anti-Malware :

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2096
    Windows 5.1.2600 Service Pack 3

    08/05/2009 22:05:33
    mbam-log-2009-05-08 (22-05-33).txt

    Type de recherche: Examen rapide
    Eléments examinés: 26314
    Temps écoulé: 6 minute(s), 37 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 295 8 Sécurité
    a b 9 Windows
    8 Mai 2009 22:19:02

    1/

  • Cherche ce fichier : C:\Program Files\trend micro\myriam.exe
  • Double-clique dessus pour le lancer.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: (no name) - - (no file)

    F3 - REG:win.ini: load=C:\DOCUME~1\myriam\Local Settings\Temp\cmstp.exe

    O2 - BHO: (no name) - {2498014B-19C4-4AEC-B7AB-6F0BBFBCF42A} - (no file)

    O2 - BHO: (no name) - {276E9855-2C01-5FBB-8015-68CD6E88E773} - (no file)

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

    O2 - BHO: (no name) - {CBAF30E5-35C6-4BEC-9E3E-7587F1172DFB} - (no file)

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O4 - HKLM\..\Run: [Microsoft TCP Protocol] itbthkomsrwyyomohrsroicaplgcrohdiihlueyxannpdqnemwlvbdwblqjyuliacisbrsckobimexngxcndlakpyezkowgskxjfegjfyfcxxdygcxqkexbsegzucbncutnomiyrpoeobcklrmpaoubtutvvcuhlrnijwajghpvmabyfkzxozsptpuhuikrzdlvzsjdbmmmqukyxnslt

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\RunServices: [Microsoft] soundvol32.exe

    O4 - HKLM\..\RunServices: [Microsoft Stuff you know] winmedial.exe

    O4 - HKLM\..\RunServices: [Microsoft Driver Database] winctrl.exe

    O4 - HKLM\..\RunServices: [Microsoft TCP Protocol] itbthkomsrwyyomohrsroicaplgcrohdiihlueyxannpdqnemwlvbdwblqjyuliacisbrsckobimexngxcndlakpyezkowgskxjfegjfyfcxxdygcxqkexbsegzucbncutnomiyrpoeobcklrmpaoubtutvvcuhlrnijwajghpvmabyfkzxozsptpuhuikrzdlvzsjdbmmmq

    O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)

    O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing)


  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awvbfhd]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsxckr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbbirmob]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\greybend]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbmjoyw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\soundvol32.exe"=-
    "C:\WINDOWS\system32\spool\PRINTERS\drivers\torrents\iexplore.exe"=-
    "C:\WINDOWS\system32\winmedial.exe"=-
    "C:\WINDOWS\system32\winctrl.exe"=-
    "C:\WINDOWS\system32\wintcp32.exe"=-
    "C:\WINDOWS\system32\vjyhvtea.exe"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    8 Mai 2009 22:39:57

    L'ordinateur a redémarré, au redémarrage, il semble qu'il nai pas e ules messages d'erreurs...
    Voici le rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awvbfhd\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsxckr\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbbirmob\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\greybend\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbmjoyw\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\soundvol32.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\spool\PRINTERS\drivers\torrents\iexplore.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winmedial.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winctrl.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wintcp32.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\vjyhvtea.exe deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\myriam\Local Settings\Temp\etilqs_cveRZapIbiHmBjUELDrW scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_44c.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05082009_223145

    Files moved on Reboot...
    File C:\DOCUME~1\myriam\Local Settings\Temp\etilqs_cveRZapIbiHmBjUELDrW not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_44c.dat not found!
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\myriam\Local Settings\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\XUL.mfl moved successfully.


    S'il y a d'autres actions à effectuer, j'attends!
    Merci de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    8 Mai 2009 22:56:26

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0 Update 10
    - J2SE Runtime Environment 5.0 Update 11
    - Java 2 Runtime Environment, SE v1.4.2_05

    Je voudrais vérifier quelque chose.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    8 Mai 2009 23:15:09

    Ok, je supprime les runtime environnement. On peut donc les supprimer une fois qu'on a une nouvelle version ? Ensuite, qu'est-ce que j'ai réalisé exactement, pourquoi j'ai du supprimé des 'trucs' avec HijackThis, qu'est-ce que c'était exactement, pourquoi je les avais ?

    Rapport Lop S&D :


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2400+ )
    BIOS : Default System BIOS
    USER : myriam ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:38 Go (Free:5 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 08/05/2009|23:10 )

    --------------------\\ Listing des dossiers dans Application Data

    [15/04/2005|20:00] C:\DOCUME~1\ADMINI~1\Application Data\Identities
    [15/04/2005|19:56] C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
    [15/04/2005|20:14] C:\DOCUME~1\ADMINI~1\Application Data\Microsoft

    [12/10/2008|20:29] C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    [26/02/2007|19:16] C:\DOCUME~1\ALLUSE~1\Application Data\Ahead
    [06/12/2007|19:42] C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
    [02/04/2008|12:04] C:\DOCUME~1\ALLUSE~1\Application Data\Avira
    [09/06/2008|23:33] C:\DOCUME~1\ALLUSE~1\Application Data\BufferZone
    [21/01/2007|17:11] C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    [31/01/2007|20:20] C:\DOCUME~1\ALLUSE~1\Application Data\forkfasthidemeta
    [23/01/2009|20:49] C:\DOCUME~1\ALLUSE~1\Application Data\Google
    [01/02/2008|21:10] C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
    [11/01/2009|13:21] C:\DOCUME~1\ALLUSE~1\Application Data\HotSync
    [08/05/2009|21:57] C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
    [17/10/2005|18:28] C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
    [24/12/2008|14:35] C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft
    [02/05/2009|12:03] C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
    [15/04/2005|19:57] C:\DOCUME~1\ALLUSE~1\Application Data\MSN Messenger 6.2.0137
    [14/12/2007|20:10] C:\DOCUME~1\ALLUSE~1\Application Data\Nero
    [07/10/2008|11:57] C:\DOCUME~1\ALLUSE~1\Application Data\NOS
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle Studio Plus
    [26/06/2008|11:57] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle Studio Ultimate
    [17/06/2008|14:33] C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
    [23/01/2006|14:26] C:\DOCUME~1\ALLUSE~1\Application Data\Samsung
    [29/05/2005|16:11] C:\DOCUME~1\ALLUSE~1\Application Data\Sony Corporation
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Studio 12
    [13/05/2005|18:48] C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
    [22/02/2006|14:54] C:\DOCUME~1\ALLUSE~1\Application Data\UDL
    [10/12/2006|19:31] C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
    [19/09/2006|19:37] C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
    [19/02/2008|13:52] C:\DOCUME~1\ALLUSE~1\Application Data\WLInstaller

    [07/01/2008|19:09] C:\DOCUME~1\andrea\Application Data\Adobe
    [30/03/2008|14:47] C:\DOCUME~1\andrea\Application Data\ATI
    [18/02/2007|22:48] C:\DOCUME~1\andrea\Application Data\EoRezo
    [06/12/2007|21:38] C:\DOCUME~1\andrea\Application Data\Google
    [10/02/2008|14:17] C:\DOCUME~1\andrea\Application Data\Grisoft
    [15/01/2009|20:36] C:\DOCUME~1\andrea\Application Data\HotSync
    [28/05/2005|19:45] C:\DOCUME~1\andrea\Application Data\Identities
    [07/03/2009|22:44] C:\DOCUME~1\andrea\Application Data\InstallShield
    [07/06/2008|23:36] C:\DOCUME~1\andrea\Application Data\Macromedia
    [17/03/2009|21:24] C:\DOCUME~1\andrea\Application Data\Microsoft
    [19/11/2007|18:21] C:\DOCUME~1\andrea\Application Data\Nero
    [05/06/2008|20:41] C:\DOCUME~1\andrea\Application Data\Real
    [29/11/2005|10:38] C:\DOCUME~1\andrea\Application Data\WholeSecurity

    [15/04/2005|19:56] C:\DOCUME~1\Boomscud\Application Data\Microsoft
    [15/04/2005|19:58] C:\DOCUME~1\Boomscud\Application Data\Sun

    [05/10/2007|07:45] C:\DOCUME~1\DEFAUL~1\Application Data\Macromedia
    [15/04/2005|19:51] C:\DOCUME~1\DEFAUL~1\Application Data\Microsoft

    [15/04/2005|19:55] C:\DOCUME~1\LOCALS~1\Application Data\Microsoft

    [08/12/2007|14:15] C:\DOCUME~1\manuel\Application Data\Adobe
    [24/04/2007|11:56] C:\DOCUME~1\manuel\Application Data\AdobeUM
    [21/02/2008|12:55] C:\DOCUME~1\manuel\Application Data\ATI
    [18/12/2005|20:19] C:\DOCUME~1\manuel\Application Data\Canon
    [12/12/2006|14:19] C:\DOCUME~1\manuel\Application Data\DriveCleaner 2006 Free
    [13/03/2007|18:47] C:\DOCUME~1\manuel\Application Data\EoRezo
    [11/11/2008|11:52] C:\DOCUME~1\manuel\Application Data\EPSON
    [09/09/2007|01:03] C:\DOCUME~1\manuel\Application Data\Google
    [03/02/2008|21:35] C:\DOCUME~1\manuel\Application Data\Grisoft
    [11/09/2005|19:28] C:\DOCUME~1\manuel\Application Data\Help
    [11/01/2009|13:18] C:\DOCUME~1\manuel\Application Data\HotSync
    [30/01/2008|22:42] C:\DOCUME~1\manuel\Application Data\Identities
    [11/01/2009|13:32] C:\DOCUME~1\manuel\Application Data\Leadertech
    [17/04/2005|17:50] C:\DOCUME~1\manuel\Application Data\Macromedia
    [17/02/2009|22:43] C:\DOCUME~1\manuel\Application Data\Microsoft
    [31/05/2005|13:20] C:\DOCUME~1\manuel\Application Data\Microsoft Web Folders
    [15/02/2008|08:40] C:\DOCUME~1\manuel\Application Data\Mozilla
    [06/10/2007|19:55] C:\DOCUME~1\manuel\Application Data\Nero
    [14/10/2008|12:55] C:\DOCUME~1\manuel\Application Data\OpenOffice.org2
    [16/07/2005|11:43] C:\DOCUME~1\manuel\Application Data\Ping Team
    [13/05/2008|13:45] C:\DOCUME~1\manuel\Application Data\Real
    [18/07/2005|01:16] C:\DOCUME~1\manuel\Application Data\Show Beep Less
    [29/08/2005|14:56] C:\DOCUME~1\manuel\Application Data\Sony Corporation
    [15/09/2005|14:09] C:\DOCUME~1\manuel\Application Data\Sun
    [13/05/2005|18:33] C:\DOCUME~1\manuel\Application Data\Symantec
    [01/06/2008|13:11] C:\DOCUME~1\manuel\Application Data\U3
    [30/10/2007|22:49] C:\DOCUME~1\manuel\Application Data\vlc
    [08/03/2006|08:55] C:\DOCUME~1\manuel\Application Data\WholeSecurity

    [07/12/2007|20:06] C:\DOCUME~1\myriam\Application Data\Adobe
    [17/06/2007|19:14] C:\DOCUME~1\myriam\Application Data\AdobeUM
    [11/08/2007|14:16] C:\DOCUME~1\myriam\Application Data\Ahead
    [07/11/2006|10:55] C:\DOCUME~1\myriam\Application Data\Apple Computer
    [20/02/2008|23:08] C:\DOCUME~1\myriam\Application Data\ATI
    [23/01/2006|19:50] C:\DOCUME~1\myriam\Application Data\Canon
    [05/03/2007|15:38] C:\DOCUME~1\myriam\Application Data\Desperate Housewives
    [26/04/2007|20:07] C:\DOCUME~1\myriam\Application Data\DivX
    [12/12/2006|20:52] C:\DOCUME~1\myriam\Application Data\DriveCleaner 2006 Free
    [10/08/2008|12:41] C:\DOCUME~1\myriam\Application Data\dvdcss
    [13/03/2007|19:10] C:\DOCUME~1\myriam\Application Data\EoRezo
    [04/05/2009|19:33] C:\DOCUME~1\myriam\Application Data\FileZilla
    [15/04/2005|17:38] C:\DOCUME~1\myriam\Application Data\FotoWire
    [12/09/2007|19:51] C:\DOCUME~1\myriam\Application Data\Google
    [30/05/2008|14:27] C:\DOCUME~1\myriam\Application Data\GrabIt
    [01/02/2008|21:10] C:\DOCUME~1\myriam\Application Data\Grisoft
    [08/11/2005|18:45] C:\DOCUME~1\myriam\Application Data\Help
    [14/01/2009|16:09] C:\DOCUME~1\myriam\Application Data\HotSync
    [26/01/2008|21:46] C:\DOCUME~1\myriam\Application Data\Identities
    [09/06/2006|14:44] C:\DOCUME~1\myriam\Application Data\iShell
    [12/03/2007|17:50] C:\DOCUME~1\myriam\Application Data\ItsLabel
    [15/04/2005|22:14] C:\DOCUME~1\myriam\Application Data\Kazaa Lite
    [18/02/2007|20:08] C:\DOCUME~1\myriam\Application Data\Leadertech
    [07/10/2006|11:23] C:\DOCUME~1\myriam\Application Data\Macromedia
    [08/05/2009|21:58] C:\DOCUME~1\myriam\Application Data\Malwarebytes
    [29/01/2009|20:50] C:\DOCUME~1\myriam\Application Data\Microsoft
    [28/03/2009|13:33] C:\DOCUME~1\myriam\Application Data\Mozilla
    [05/10/2007|20:31] C:\DOCUME~1\myriam\Application Data\Nero
    [11/11/2007|22:05] C:\DOCUME~1\myriam\Application Data\Nero8
    [25/05/2008|00:33] C:\DOCUME~1\myriam\Application Data\NewsLeecher
    [06/04/2009|21:35] C:\DOCUME~1\myriam\Application Data\Notepad++
    [04/10/2008|18:36] C:\DOCUME~1\myriam\Application Data\OpenOffice.org2
    [16/07/2005|11:47] C:\DOCUME~1\myriam\Application Data\Ping Team
    [20/07/2008|12:38] C:\DOCUME~1\myriam\Application Data\Real
    [07/12/2008|23:08] C:\DOCUME~1\myriam\Application Data\Samsung
    [26/03/2007|18:16] C:\DOCUME~1\myriam\Application Data\Screenshot Sender
    [14/02/2008|17:12] C:\DOCUME~1\myriam\Application Data\Shareaza
    [31/01/2007|20:23] C:\DOCUME~1\myriam\Application Data\Show Beep Less
    [29/05/2005|17:03] C:\DOCUME~1\myriam\Application Data\Sony Corporation
    [25/04/2005|17:58] C:\DOCUME~1\myriam\Application Data\Sun
    [15/12/2008|20:21] C:\DOCUME~1\myriam\Application Data\SunODFPluginforMicrosoftOffice1
    [23/04/2009|17:18] C:\DOCUME~1\myriam\Application Data\U3
    [08/05/2009|18:34] C:\DOCUME~1\myriam\Application Data\uTorrent
    [25/10/2007|10:19] C:\DOCUME~1\myriam\Application Data\vlc
    [22/09/2006|19:36] C:\DOCUME~1\myriam\Application Data\Vso
    [03/01/2006|18:33] C:\DOCUME~1\myriam\Application Data\WholeSecurity

    [15/04/2005|19:55] C:\DOCUME~1\NETWOR~1\Application Data\Microsoft


    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [08/05/2009 22:34][--ah-c---] C:\WINDOWS\tasks\SA.DAT
    [24/08/2001 16:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ MsgPlus SPONSOR INSTALLED !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
    "DisplayName"="Messenger Plus! 3 & Sponsor"
    "SponsorInstalled"=dword:00000000


    --------------------\\ Listing des dossiers dans C:\Program Files

    [18/01/2008|20:20] C:\Program Files\7-Zip
    [31/01/2007|20:27] C:\Program Files\Adverts
    [12/06/2007|16:10] C:\Program Files\Antipub
    [25/10/2007|09:39] C:\Program Files\Anuman Interactive
    [23/09/2005|08:46] C:\Program Files\ArcSoft
    [20/02/2008|22:58] C:\Program Files\ATI Technologies
    [20/07/2008|12:41] C:\Program Files\Audacity
    [02/04/2008|12:04] C:\Program Files\Avira
    [26/10/2006|13:48] C:\Program Files\CCleaner
    [15/04/2005|22:07] C:\Program Files\C-Media 3D Audio
    [07/02/2006|17:36] C:\Program Files\Common Files
    [02/05/2009|20:24] C:\Program Files\DivX
    [24/04/2009|11:15] C:\Program Files\eMule
    [22/02/2006|14:52] C:\Program Files\epson
    [08/05/2009|23:10] C:\Program Files\Fichiers communs
    [22/04/2009|17:31] C:\Program Files\FileZilla FTP Client
    [16/10/2008|19:19] C:\Program Files\FlashGet
    [09/01/2009|19:32] C:\Program Files\Foxit Software
    [05/07/2005|14:42] C:\Program Files\Free.fr
    [29/01/2009|00:38] C:\Program Files\Google
    [01/02/2008|21:10] C:\Program Files\Grisoft
    [07/12/2008|21:54] C:\Program Files\InstallShield Installation Information
    [20/04/2009|20:23] C:\Program Files\Internet Explorer
    [08/05/2009|23:10] C:\Program Files\Java
    [24/11/2006|15:28] C:\Program Files\Kodak
    [15/04/2005|17:38] C:\Program Files\Logitech
    [01/11/2008|20:47] C:\Program Files\MagicISO
    [08/05/2009|21:58] C:\Program Files\Malwarebytes' Anti-Malware
    [02/11/2008|17:59] C:\Program Files\Messenger
    [03/09/2008|19:24] C:\Program Files\Messenger Plus! Live
    [18/04/2006|11:37] C:\Program Files\MessengerPlus! 3
    [11/07/2007|14:24] C:\Program Files\Micro Application
    [23/12/2008|19:24] C:\Program Files\Microsoft
    [06/09/2005|12:12] C:\Program Files\Microsoft AutoRoute
    [04/05/2008|22:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [06/09/2005|12:21] C:\Program Files\Microsoft Encarta
    [31/05/2005|13:20] C:\Program Files\microsoft frontpage
    [21/03/2009|15:56] C:\Program Files\Microsoft Office
    [23/12/2008|19:29] C:\Program Files\Microsoft Office Outlook Connector
    [04/03/2009|15:16] C:\Program Files\Microsoft Silverlight
    [11/09/2008|18:31] C:\Program Files\Microsoft Visual Studio
    [11/09/2008|18:26] C:\Program Files\Microsoft Visual Studio 8
    [22/10/2008|19:46] C:\Program Files\Microsoft Works
    [06/09/2005|12:00] C:\Program Files\Microsoft Works Suite 2002
    [11/09/2008|18:30] C:\Program Files\Microsoft.NET
    [31/10/2008|00:47] C:\Program Files\movie maker
    [08/05/2009|22:37] C:\Program Files\Mozilla Firefox
    [11/09/2008|18:32] C:\Program Files\MSBuild
    [11/09/2008|18:16] C:\Program Files\MSECache
    [31/10/2008|00:47] C:\Program Files\msn
    [15/04/2005|19:51] C:\Program Files\msn gaming zone
    [17/11/2006|04:02] C:\Program Files\MSXML 4.0
    [20/02/2008|23:04] C:\Program Files\My Company Name
    [12/07/2006|23:49] C:\Program Files\MySoftware
    [14/12/2007|20:26] C:\Program Files\Nero
    [31/10/2008|00:41] C:\Program Files\NetMeeting
    [06/04/2009|21:23] C:\Program Files\Notepad++
    [16/07/2007|23:13] C:\Program Files\OLYMPUS
    [31/10/2008|00:41] C:\Program Files\Outlook Express
    [11/01/2009|13:22] C:\Program Files\Palm
    [26/06/2008|11:45] C:\Program Files\Pinnacle
    [15/04/2005|20:25] C:\Program Files\Poste de Travail Sans Fil Labtec
    [12/01/2009|18:56] C:\Program Files\Samsung
    [15/04/2005|19:49] C:\Program Files\Services en ligne
    [16/07/2005|07:36] C:\Program Files\Show Beep Less
    [22/10/2008|18:59] C:\Program Files\Sun
    [13/05/2005|19:50] C:\Program Files\Symantec
    [24/08/2007|23:09] C:\Program Files\TGTSoft
    [08/05/2009|22:30] C:\Program Files\trend micro
    [23/01/2006|14:30] C:\Program Files\Uninstall Information
    [05/01/2009|20:26] C:\Program Files\Unlocker
    [28/02/2008|20:14] C:\Program Files\uTorrent
    [25/10/2007|09:43] C:\Program Files\VideoLAN
    [23/08/2004|15:38] C:\Program Files\WINAMP
    [05/08/2007|16:03] C:\Program Files\Windows Desktop Search
    [24/12/2008|14:32] C:\Program Files\Windows Live
    [20/07/2008|12:29] C:\Program Files\Windows Live Toolbar
    [31/12/2006|12:02] C:\Program Files\Windows Media Connect 2
    [31/10/2008|00:41] C:\Program Files\Windows Media Player
    [31/10/2008|00:41] C:\Program Files\Windows NT
    [15/04/2005|19:49] C:\Program Files\WindowsUpdate
    [18/02/2007|13:13] C:\Program Files\WinRAR
    [01/11/2008|15:43] C:\Program Files\Workspace Macro Pro 6.5
    [15/04/2005|19:51] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [12/10/2008|20:29] C:\Program Files\Fichiers communs\Adobe
    [14/12/2007|20:26] C:\Program Files\Fichiers communs\Ahead
    [20/02/2008|23:04] C:\Program Files\Fichiers communs\ATI Technologies
    [11/09/2008|18:31] C:\Program Files\Fichiers communs\DESIGNER
    [18/04/2009|23:28] C:\Program Files\Fichiers communs\DivX Shared
    [24/11/2006|15:28] C:\Program Files\Fichiers communs\FotoWire
    [22/02/2006|14:58] C:\Program Files\Fichiers communs\InstallShield
    [31/01/2007|20:06] C:\Program Files\Fichiers communs\KAV Shared Files
    [15/04/2005|17:37] C:\Program Files\Fichiers communs\Logitech
    [19/02/2009|17:57] C:\Program Files\Fichiers communs\Microsoft Shared
    [15/04/2005|19:48] C:\Program Files\Fichiers communs\MSSoap
    [15/04/2005|21:42] C:\Program Files\Fichiers communs\ODBC
    [26/06/2008|11:58] C:\Program Files\Fichiers communs\Pinnacle
    [20/07/2008|12:38] C:\Program Files\Fichiers communs\Real
    [15/04/2005|19:48] C:\Program Files\Fichiers communs\Services
    [29/05/2005|15:51] C:\Program Files\Fichiers communs\Sony Shared
    [15/04/2005|21:42] C:\Program Files\Fichiers communs\SpeechEngines
    [23/04/2007|16:31] C:\Program Files\Fichiers communs\SWF Studio
    [13/05/2005|19:50] C:\Program Files\Fichiers communs\Symantec Shared
    [23/12/2008|19:29] C:\Program Files\Fichiers communs\System
    [01/11/2008|17:37] C:\Program Files\Fichiers communs\Windows Live
    [21/12/2007|18:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [26/06/2008|11:45] C:\Program Files\Fichiers communs\Yahoo!

    --------------------\\ Process

    ( 39 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\Program Files\Adverts
    C:\DOCUME~1\myriam\Cookies\myriam@advertising[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 23:12:34
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\WINDOWS\System32\awvbfhd.dat
    C:\WINDOWS\System32\awvbfhd_nav.dat
    C:\WINDOWS\System32\awvbfhd_navps.dat
    C:\WINDOWS\System32\bsxckr.dat
    C:\WINDOWS\System32\bsxckr_nav.dat
    C:\WINDOWS\System32\bsxckr_navps.dat
    C:\WINDOWS\System32\fbbirmob.dat
    C:\WINDOWS\System32\fbbirmob_nav.dat
    C:\WINDOWS\System32\fbbirmob_navps.dat
    C:\WINDOWS\System32\lbmjoyw.dat
    C:\WINDOWS\System32\lbmjoyw_nav.dat
    C:\WINDOWS\System32\lbmjoyw_navps.dat
    ==> EGDACCESS <==

    C:\WINDOWS\system32\qtutv.bak1
    C:\WINDOWS\system32\qtutv.bak2
    C:\WINDOWS\system32\qtutv.ini
    C:\WINDOWS\system32\qtutv.ini2
    ==> VUNDO <==

    --------------------\\ ROGUES ..

    C:\DOCUME~1\manuel\Application Data\DriveCleaner 2006 Free
    C:\DOCUME~1\myriam\Application Data\DriveCleaner 2006 Free

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\myriam\Local Settings\Application Data\Microsoft\Messenger\blasil64@hotmail.com\Sharing Folders\brycebtz@hotmail.fr\[isoHunt] MS Windows Vista (2007)_(with crack)_Ultimate Final_[www.xfinder.pl].torrent
    C:\DOCUME~1\myriam\Mes documents\Downloads\Metadata\Les.Sims.2.-.Fr.-.4CD.-.Serial. .Crack.rar.xml


    [F:27][D:0]-> C:\DOCUME~1\myriam\Cookies

    1 - "C:\Lop SD\LopR_1.txt" - 08/05/2009|23:14 - Option : [1]

    --------------------\\ Fin du rapport a 23:14:45
    a c 295 8 Sécurité
    a b 9 Windows
    8 Mai 2009 23:38:23

    Citation :
    On peut donc les supprimer une fois qu'on a une nouvelle version ?

    ---> Garde seulement la dernière version de Java (Actuellement, c'est Java 6 Update 13).

    Citation :
    Ensuite, qu'est-ce que j'ai réalisé exactement, pourquoi j'ai du supprimé des 'trucs' avec HijackThis, qu'est-ce que c'était exactement, pourquoi je les avais ?

    ---> Ce sont des clés de registres infectieuses et inutiles que je t'ai fait corriger avec HijackThis.

    Ton rapport Lop S&D montre plusieurs infections, il y a du boulot.

  • Relance Lop S&D.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    9 Mai 2009 14:23:51

    Et comment elles apparaissent ces clefs infectieuses ?

    Rapport Lop S&D :


    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2400+ )
    BIOS : Default System BIOS
    USER : myriam ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    C:\ (Local Disk) - NTFS - Total:38 Go (Free:5 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( 09/05/2009|14:15 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\myriam\Cookies\myriam@advertising[1].txt
    Supprime! - C:\Program Files\Adverts

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans Application Data

    [15/04/2005|20:00] C:\DOCUME~1\ADMINI~1\Application Data\Identities
    [15/04/2005|19:56] C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
    [15/04/2005|20:14] C:\DOCUME~1\ADMINI~1\Application Data\Microsoft

    [12/10/2008|20:29] C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    [26/02/2007|19:16] C:\DOCUME~1\ALLUSE~1\Application Data\Ahead
    [06/12/2007|19:42] C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
    [02/04/2008|12:04] C:\DOCUME~1\ALLUSE~1\Application Data\Avira
    [09/06/2008|23:33] C:\DOCUME~1\ALLUSE~1\Application Data\BufferZone
    [21/01/2007|17:11] C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    [31/01/2007|20:20] C:\DOCUME~1\ALLUSE~1\Application Data\forkfasthidemeta
    [23/01/2009|20:49] C:\DOCUME~1\ALLUSE~1\Application Data\Google
    [01/02/2008|21:10] C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
    [11/01/2009|13:21] C:\DOCUME~1\ALLUSE~1\Application Data\HotSync
    [08/05/2009|21:57] C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
    [17/10/2005|18:28] C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
    [24/12/2008|14:35] C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft
    [02/05/2009|12:03] C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
    [15/04/2005|19:57] C:\DOCUME~1\ALLUSE~1\Application Data\MSN Messenger 6.2.0137
    [14/12/2007|20:10] C:\DOCUME~1\ALLUSE~1\Application Data\Nero
    [07/10/2008|11:57] C:\DOCUME~1\ALLUSE~1\Application Data\NOS
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle Studio Plus
    [26/06/2008|11:57] C:\DOCUME~1\ALLUSE~1\Application Data\Pinnacle Studio Ultimate
    [17/06/2008|14:33] C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
    [23/01/2006|14:26] C:\DOCUME~1\ALLUSE~1\Application Data\Samsung
    [29/05/2005|16:11] C:\DOCUME~1\ALLUSE~1\Application Data\Sony Corporation
    [26/06/2008|11:45] C:\DOCUME~1\ALLUSE~1\Application Data\Studio 12
    [13/05/2005|18:48] C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
    [22/02/2006|14:54] C:\DOCUME~1\ALLUSE~1\Application Data\UDL
    [10/12/2006|19:31] C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
    [19/09/2006|19:37] C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
    [19/02/2008|13:52] C:\DOCUME~1\ALLUSE~1\Application Data\WLInstaller

    [07/01/2008|19:09] C:\DOCUME~1\andrea\Application Data\Adobe
    [30/03/2008|14:47] C:\DOCUME~1\andrea\Application Data\ATI
    [18/02/2007|22:48] C:\DOCUME~1\andrea\Application Data\EoRezo
    [06/12/2007|21:38] C:\DOCUME~1\andrea\Application Data\Google
    [10/02/2008|14:17] C:\DOCUME~1\andrea\Application Data\Grisoft
    [15/01/2009|20:36] C:\DOCUME~1\andrea\Application Data\HotSync
    [28/05/2005|19:45] C:\DOCUME~1\andrea\Application Data\Identities
    [07/03/2009|22:44] C:\DOCUME~1\andrea\Application Data\InstallShield
    [07/06/2008|23:36] C:\DOCUME~1\andrea\Application Data\Macromedia
    [17/03/2009|21:24] C:\DOCUME~1\andrea\Application Data\Microsoft
    [19/11/2007|18:21] C:\DOCUME~1\andrea\Application Data\Nero
    [05/06/2008|20:41] C:\DOCUME~1\andrea\Application Data\Real
    [29/11/2005|10:38] C:\DOCUME~1\andrea\Application Data\WholeSecurity

    [15/04/2005|19:56] C:\DOCUME~1\Boomscud\Application Data\Microsoft
    [15/04/2005|19:58] C:\DOCUME~1\Boomscud\Application Data\Sun

    [05/10/2007|07:45] C:\DOCUME~1\DEFAUL~1\Application Data\Macromedia
    [15/04/2005|19:51] C:\DOCUME~1\DEFAUL~1\Application Data\Microsoft

    [15/04/2005|19:55] C:\DOCUME~1\LOCALS~1\Application Data\Microsoft

    [08/12/2007|14:15] C:\DOCUME~1\manuel\Application Data\Adobe
    [24/04/2007|11:56] C:\DOCUME~1\manuel\Application Data\AdobeUM
    [21/02/2008|12:55] C:\DOCUME~1\manuel\Application Data\ATI
    [18/12/2005|20:19] C:\DOCUME~1\manuel\Application Data\Canon
    [12/12/2006|14:19] C:\DOCUME~1\manuel\Application Data\DriveCleaner 2006 Free
    [13/03/2007|18:47] C:\DOCUME~1\manuel\Application Data\EoRezo
    [11/11/2008|11:52] C:\DOCUME~1\manuel\Application Data\EPSON
    [09/09/2007|01:03] C:\DOCUME~1\manuel\Application Data\Google
    [03/02/2008|21:35] C:\DOCUME~1\manuel\Application Data\Grisoft
    [11/09/2005|19:28] C:\DOCUME~1\manuel\Application Data\Help
    [11/01/2009|13:18] C:\DOCUME~1\manuel\Application Data\HotSync
    [30/01/2008|22:42] C:\DOCUME~1\manuel\Application Data\Identities
    [11/01/2009|13:32] C:\DOCUME~1\manuel\Application Data\Leadertech
    [17/04/2005|17:50] C:\DOCUME~1\manuel\Application Data\Macromedia
    [17/02/2009|22:43] C:\DOCUME~1\manuel\Application Data\Microsoft
    [31/05/2005|13:20] C:\DOCUME~1\manuel\Application Data\Microsoft Web Folders
    [15/02/2008|08:40] C:\DOCUME~1\manuel\Application Data\Mozilla
    [06/10/2007|19:55] C:\DOCUME~1\manuel\Application Data\Nero
    [14/10/2008|12:55] C:\DOCUME~1\manuel\Application Data\OpenOffice.org2
    [16/07/2005|11:43] C:\DOCUME~1\manuel\Application Data\Ping Team
    [13/05/2008|13:45] C:\DOCUME~1\manuel\Application Data\Real
    [18/07/2005|01:16] C:\DOCUME~1\manuel\Application Data\Show Beep Less
    [29/08/2005|14:56] C:\DOCUME~1\manuel\Application Data\Sony Corporation
    [15/09/2005|14:09] C:\DOCUME~1\manuel\Application Data\Sun
    [13/05/2005|18:33] C:\DOCUME~1\manuel\Application Data\Symantec
    [01/06/2008|13:11] C:\DOCUME~1\manuel\Application Data\U3
    [30/10/2007|22:49] C:\DOCUME~1\manuel\Application Data\vlc
    [08/03/2006|08:55] C:\DOCUME~1\manuel\Application Data\WholeSecurity

    [07/12/2007|20:06] C:\DOCUME~1\myriam\Application Data\Adobe
    [17/06/2007|19:14] C:\DOCUME~1\myriam\Application Data\AdobeUM
    [11/08/2007|14:16] C:\DOCUME~1\myriam\Application Data\Ahead
    [07/11/2006|10:55] C:\DOCUME~1\myriam\Application Data\Apple Computer
    [20/02/2008|23:08] C:\DOCUME~1\myriam\Application Data\ATI
    [23/01/2006|19:50] C:\DOCUME~1\myriam\Application Data\Canon
    [05/03/2007|15:38] C:\DOCUME~1\myriam\Application Data\Desperate Housewives
    [26/04/2007|20:07] C:\DOCUME~1\myriam\Application Data\DivX
    [12/12/2006|20:52] C:\DOCUME~1\myriam\Application Data\DriveCleaner 2006 Free
    [10/08/2008|12:41] C:\DOCUME~1\myriam\Application Data\dvdcss
    [13/03/2007|19:10] C:\DOCUME~1\myriam\Application Data\EoRezo
    [04/05/2009|19:33] C:\DOCUME~1\myriam\Application Data\FileZilla
    [15/04/2005|17:38] C:\DOCUME~1\myriam\Application Data\FotoWire
    [12/09/2007|19:51] C:\DOCUME~1\myriam\Application Data\Google
    [30/05/2008|14:27] C:\DOCUME~1\myriam\Application Data\GrabIt
    [01/02/2008|21:10] C:\DOCUME~1\myriam\Application Data\Grisoft
    [08/11/2005|18:45] C:\DOCUME~1\myriam\Application Data\Help
    [14/01/2009|16:09] C:\DOCUME~1\myriam\Application Data\HotSync
    [26/01/2008|21:46] C:\DOCUME~1\myriam\Application Data\Identities
    [09/06/2006|14:44] C:\DOCUME~1\myriam\Application Data\iShell
    [12/03/2007|17:50] C:\DOCUME~1\myriam\Application Data\ItsLabel
    [15/04/2005|22:14] C:\DOCUME~1\myriam\Application Data\Kazaa Lite
    [18/02/2007|20:08] C:\DOCUME~1\myriam\Application Data\Leadertech
    [07/10/2006|11:23] C:\DOCUME~1\myriam\Application Data\Macromedia
    [08/05/2009|21:58] C:\DOCUME~1\myriam\Application Data\Malwarebytes
    [29/01/2009|20:50] C:\DOCUME~1\myriam\Application Data\Microsoft
    [28/03/2009|13:33] C:\DOCUME~1\myriam\Application Data\Mozilla
    [05/10/2007|20:31] C:\DOCUME~1\myriam\Application Data\Nero
    [11/11/2007|22:05] C:\DOCUME~1\myriam\Application Data\Nero8
    [25/05/2008|00:33] C:\DOCUME~1\myriam\Application Data\NewsLeecher
    [06/04/2009|21:35] C:\DOCUME~1\myriam\Application Data\Notepad++
    [04/10/2008|18:36] C:\DOCUME~1\myriam\Application Data\OpenOffice.org2
    [16/07/2005|11:47] C:\DOCUME~1\myriam\Application Data\Ping Team
    [20/07/2008|12:38] C:\DOCUME~1\myriam\Application Data\Real
    [07/12/2008|23:08] C:\DOCUME~1\myriam\Application Data\Samsung
    [26/03/2007|18:16] C:\DOCUME~1\myriam\Application Data\Screenshot Sender
    [14/02/2008|17:12] C:\DOCUME~1\myriam\Application Data\Shareaza
    [31/01/2007|20:23] C:\DOCUME~1\myriam\Application Data\Show Beep Less
    [29/05/2005|17:03] C:\DOCUME~1\myriam\Application Data\Sony Corporation
    [25/04/2005|17:58] C:\DOCUME~1\myriam\Application Data\Sun
    [15/12/2008|20:21] C:\DOCUME~1\myriam\Application Data\SunODFPluginforMicrosoftOffice1
    [23/04/2009|17:18] C:\DOCUME~1\myriam\Application Data\U3
    [08/05/2009|18:34] C:\DOCUME~1\myriam\Application Data\uTorrent
    [25/10/2007|10:19] C:\DOCUME~1\myriam\Application Data\vlc
    [22/09/2006|19:36] C:\DOCUME~1\myriam\Application Data\Vso
    [03/01/2006|18:33] C:\DOCUME~1\myriam\Application Data\WholeSecurity

    [15/04/2005|19:55] C:\DOCUME~1\NETWOR~1\Application Data\Microsoft


    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [09/05/2009 14:01][--ah-c---] C:\WINDOWS\tasks\SA.DAT
    [24/08/2001 16:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ MsgPlus SPONSOR INSTALLED !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
    "SponsorInstalled"=dword:00000000


    --------------------\\ Listing des dossiers dans C:\Program Files

    [18/01/2008|20:20] C:\Program Files\7-Zip
    [12/06/2007|16:10] C:\Program Files\Antipub
    [25/10/2007|09:39] C:\Program Files\Anuman Interactive
    [23/09/2005|08:46] C:\Program Files\ArcSoft
    [20/02/2008|22:58] C:\Program Files\ATI Technologies
    [20/07/2008|12:41] C:\Program Files\Audacity
    [02/04/2008|12:04] C:\Program Files\Avira
    [26/10/2006|13:48] C:\Program Files\CCleaner
    [15/04/2005|22:07] C:\Program Files\C-Media 3D Audio
    [07/02/2006|17:36] C:\Program Files\Common Files
    [02/05/2009|20:24] C:\Program Files\DivX
    [24/04/2009|11:15] C:\Program Files\eMule
    [22/02/2006|14:52] C:\Program Files\epson
    [08/05/2009|23:10] C:\Program Files\Fichiers communs
    [22/04/2009|17:31] C:\Program Files\FileZilla FTP Client
    [16/10/2008|19:19] C:\Program Files\FlashGet
    [09/01/2009|19:32] C:\Program Files\Foxit Software
    [05/07/2005|14:42] C:\Program Files\Free.fr
    [29/01/2009|00:38] C:\Program Files\Google
    [01/02/2008|21:10] C:\Program Files\Grisoft
    [07/12/2008|21:54] C:\Program Files\InstallShield Installation Information
    [20/04/2009|20:23] C:\Program Files\Internet Explorer
    [08/05/2009|23:10] C:\Program Files\Java
    [24/11/2006|15:28] C:\Program Files\Kodak
    [15/04/2005|17:38] C:\Program Files\Logitech
    [01/11/2008|20:47] C:\Program Files\MagicISO
    [08/05/2009|21:58] C:\Program Files\Malwarebytes' Anti-Malware
    [02/11/2008|17:59] C:\Program Files\Messenger
    [03/09/2008|19:24] C:\Program Files\Messenger Plus! Live
    [18/04/2006|11:37] C:\Program Files\MessengerPlus! 3
    [11/07/2007|14:24] C:\Program Files\Micro Application
    [23/12/2008|19:24] C:\Program Files\Microsoft
    [06/09/2005|12:12] C:\Program Files\Microsoft AutoRoute
    [04/05/2008|22:23] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [06/09/2005|12:21] C:\Program Files\Microsoft Encarta
    [31/05/2005|13:20] C:\Program Files\microsoft frontpage
    [21/03/2009|15:56] C:\Program Files\Microsoft Office
    [23/12/2008|19:29] C:\Program Files\Microsoft Office Outlook Connector
    [04/03/2009|15:16] C:\Program Files\Microsoft Silverlight
    [11/09/2008|18:31] C:\Program Files\Microsoft Visual Studio
    [11/09/2008|18:26] C:\Program Files\Microsoft Visual Studio 8
    [22/10/2008|19:46] C:\Program Files\Microsoft Works
    [06/09/2005|12:00] C:\Program Files\Microsoft Works Suite 2002
    [11/09/2008|18:30] C:\Program Files\Microsoft.NET
    [31/10/2008|00:47] C:\Program Files\movie maker
    [09/05/2009|14:12] C:\Program Files\Mozilla Firefox
    [11/09/2008|18:32] C:\Program Files\MSBuild
    [11/09/2008|18:16] C:\Program Files\MSECache
    [31/10/2008|00:47] C:\Program Files\msn
    [15/04/2005|19:51] C:\Program Files\msn gaming zone
    [17/11/2006|04:02] C:\Program Files\MSXML 4.0
    [20/02/2008|23:04] C:\Program Files\My Company Name
    [12/07/2006|23:49] C:\Program Files\MySoftware
    [14/12/2007|20:26] C:\Program Files\Nero
    [31/10/2008|00:41] C:\Program Files\NetMeeting
    [06/04/2009|21:23] C:\Program Files\Notepad++
    [16/07/2007|23:13] C:\Program Files\OLYMPUS
    [31/10/2008|00:41] C:\Program Files\Outlook Express
    [11/01/2009|13:22] C:\Program Files\Palm
    [26/06/2008|11:45] C:\Program Files\Pinnacle
    [15/04/2005|20:25] C:\Program Files\Poste de Travail Sans Fil Labtec
    [12/01/2009|18:56] C:\Program Files\Samsung
    [15/04/2005|19:49] C:\Program Files\Services en ligne
    [16/07/2005|07:36] C:\Program Files\Show Beep Less
    [22/10/2008|18:59] C:\Program Files\Sun
    [13/05/2005|19:50] C:\Program Files\Symantec
    [24/08/2007|23:09] C:\Program Files\TGTSoft
    [08/05/2009|22:30] C:\Program Files\trend micro
    [23/01/2006|14:30] C:\Program Files\Uninstall Information
    [05/01/2009|20:26] C:\Program Files\Unlocker
    [28/02/2008|20:14] C:\Program Files\uTorrent
    [25/10/2007|09:43] C:\Program Files\VideoLAN
    [23/08/2004|15:38] C:\Program Files\WINAMP
    [05/08/2007|16:03] C:\Program Files\Windows Desktop Search
    [24/12/2008|14:32] C:\Program Files\Windows Live
    [20/07/2008|12:29] C:\Program Files\Windows Live Toolbar
    [31/12/2006|12:02] C:\Program Files\Windows Media Connect 2
    [31/10/2008|00:41] C:\Program Files\Windows Media Player
    [31/10/2008|00:41] C:\Program Files\Windows NT
    [15/04/2005|19:49] C:\Program Files\WindowsUpdate
    [18/02/2007|13:13] C:\Program Files\WinRAR
    [01/11/2008|15:43] C:\Program Files\Workspace Macro Pro 6.5
    [15/04/2005|19:51] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [12/10/2008|20:29] C:\Program Files\Fichiers communs\Adobe
    [14/12/2007|20:26] C:\Program Files\Fichiers communs\Ahead
    [20/02/2008|23:04] C:\Program Files\Fichiers communs\ATI Technologies
    [11/09/2008|18:31] C:\Program Files\Fichiers communs\DESIGNER
    [18/04/2009|23:28] C:\Program Files\Fichiers communs\DivX Shared
    [24/11/2006|15:28] C:\Program Files\Fichiers communs\FotoWire
    [22/02/2006|14:58] C:\Program Files\Fichiers communs\InstallShield
    [31/01/2007|20:06] C:\Program Files\Fichiers communs\KAV Shared Files
    [15/04/2005|17:37] C:\Program Files\Fichiers communs\Logitech
    [19/02/2009|17:57] C:\Program Files\Fichiers communs\Microsoft Shared
    [15/04/2005|19:48] C:\Program Files\Fichiers communs\MSSoap
    [15/04/2005|21:42] C:\Program Files\Fichiers communs\ODBC
    [26/06/2008|11:58] C:\Program Files\Fichiers communs\Pinnacle
    [20/07/2008|12:38] C:\Program Files\Fichiers communs\Real
    [15/04/2005|19:48] C:\Program Files\Fichiers communs\Services
    [29/05/2005|15:51] C:\Program Files\Fichiers communs\Sony Shared
    [15/04/2005|21:42] C:\Program Files\Fichiers communs\SpeechEngines
    [23/04/2007|16:31] C:\Program Files\Fichiers communs\SWF Studio
    [13/05/2005|19:50] C:\Program Files\Fichiers communs\Symantec Shared
    [23/12/2008|19:29] C:\Program Files\Fichiers communs\System
    [01/11/2008|17:37] C:\Program Files\Fichiers communs\Windows Live
    [21/12/2007|18:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [26/06/2008|11:45] C:\Program Files\Fichiers communs\Yahoo!

    --------------------\\ Process

    ( 39 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-09 14:18:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\WINDOWS\System32\awvbfhd.dat
    C:\WINDOWS\System32\awvbfhd_nav.dat
    C:\WINDOWS\System32\awvbfhd_navps.dat
    C:\WINDOWS\System32\bsxckr.dat
    C:\WINDOWS\System32\bsxckr_nav.dat
    C:\WINDOWS\System32\bsxckr_navps.dat
    C:\WINDOWS\System32\fbbirmob.dat
    C:\WINDOWS\System32\fbbirmob_nav.dat
    C:\WINDOWS\System32\fbbirmob_navps.dat
    C:\WINDOWS\System32\lbmjoyw.dat
    C:\WINDOWS\System32\lbmjoyw_nav.dat
    C:\WINDOWS\System32\lbmjoyw_navps.dat
    ==> EGDACCESS <==

    C:\WINDOWS\system32\qtutv.bak1
    C:\WINDOWS\system32\qtutv.bak2
    C:\WINDOWS\system32\qtutv.ini
    C:\WINDOWS\system32\qtutv.ini2
    ==> VUNDO <==

    --------------------\\ ROGUES ..

    C:\DOCUME~1\manuel\Application Data\DriveCleaner 2006 Free
    C:\DOCUME~1\myriam\Application Data\DriveCleaner 2006 Free

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\myriam\Local Settings\Application Data\Microsoft\Messenger\blasil64@hotmail.com\Sharing Folders\brycebtz@hotmail.fr\[isoHunt] MS Windows Vista (2007)_(with crack)_Ultimate Final_[www.xfinder.pl].torrent
    C:\DOCUME~1\myriam\Mes documents\Downloads\Metadata\Les.Sims.2.-.Fr.-.4CD.-.Serial. .Crack.rar.xml


    [F:26][D:0]-> C:\DOCUME~1\myriam\Cookies

    1 - "C:\Lop SD\LopR_1.txt" - 08/05/2009|23:14 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 09/05/2009|14:21 - Option : [2]

    --------------------\\ Fin du rapport a 14:21:46


    Merci de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 14:44:11

    Citation :
    Et comment elles apparaissent ces clefs infectieuses ?

    ---> Elles apparaissent quand une infection (ou des infections) s'installe(nt).

  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe afin de lancer l'installation.
  • Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
    (Sous Vista, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur)
  • Appuie sur F ou f puis valide par Entrée.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    9 Mai 2009 14:59:11

    Rapport Navilog1 :


    Search Navipromo version 3.7.6 commencé le 09/05/2009 à 14:52:35,93

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2400+ )
    BIOS : Default System BIOS
    USER : myriam ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)


    C:\ (Local Disk) - NTFS - Total:38 Go (Free:5 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (USB)


    Recherche executé en mode normal


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menu démarrer\programmes" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menu démarrer" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\myriam\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\andrea\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\Boomscud\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\manuel\application data" ***


    *** Recherche dossiers dans "C:\Documents and Settings\myriam\local settings\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\local settings\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\andrea\local settings\application data" ***


    *** Recherche dossiers dans "C:\DOCUME~1\manuel\local settings\application data" ***


    *** Recherche dossiers dans "C:\Documents and Settings\myriam\menu dÚmarrer\programmes" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\myriam\local settings\application data" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\local settings\application data" *

    * Recherche dans "C:\DOCUME~1\andrea\local settings\application data" *

    * Recherche dans "C:\DOCUME~1\manuel\local settings\application data" *



    *** Recherche fichiers ***


    C:\WINDOWS\pack.epk trouvé !
    C:\WINDOWS\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    HKEY_CURRENT_USER\Software\Lanconfig

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    awvbfhd.dat trouvé !
    awvbfhd_nav.dat trouvé !
    awvbfhd_navps.dat trouvé !
    bsxckr.dat trouvé !
    bsxckr_nav.dat trouvé !
    bsxckr_navps.dat trouvé !
    fbbirmob.dat trouvé !
    fbbirmob_nav.dat trouvé !
    fbbirmob_navps.dat trouvé !
    lbmjoyw.dat trouvé !
    lbmjoyw_nav.dat trouvé !
    lbmjoyw_navps.dat trouvé !

    * Dans "C:\Documents and Settings\myriam\local settings\application data" :


    * Dans "C:\DOCUME~1\ADMINI~1\local settings\application data" :


    * Dans "C:\DOCUME~1\andrea\local settings\application data" :


    * Dans "C:\DOCUME~1\manuel\local settings\application data" :


    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :

    C:\WINDOWS\system32\qtutv.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\qtutv.bak1 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\qtutv.bak2 trouvé ! Infection Vundo possible non traitée par cet outil !


    *** Analyse terminée le 09/05/2009 à 14:58:24,25 ***
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 15:18:39

  • Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

    ---> Les programmes suivants installent cette infection :
  • Funky Emoticons
  • Games Attack
  • Go-Astro
  • GoRecord
  • HotTVPlayer
  • Live-Player
  • MailSkinner
  • Messenger Skinner
  • Instant Access
  • InternetGameBox
  • Sudoplanet
  • WebMediaPlayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    9 Mai 2009 15:30:01

    Rapport Navilog1 :


    Clean Navipromo version 3.7.6 commencé le 09/05/2009 à 15:20:34,62

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2400+ )
    BIOS : Default System BIOS
    USER : myriam ( Administrator )
    BOOT : Normal boot

    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)


    C:\ (Local Disk) - NTFS - Total:38 Go (Free:5 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (USB)


    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *


    * Suppression dans "C:\Documents and Settings\myriam\local settings\application data" *


    * Suppression dans "C:\DOCUME~1\ADMINI~1\local settings\application data" *

    * Suppression dans "C:\DOCUME~1\andrea\local settings\application data" *

    * Suppression dans "C:\DOCUME~1\manuel\local settings\application data" *


    *** Suppression dossiers dans "C:\WINDOWS" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menu démarrer\programmes" ***


    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menu démarrer" ***


    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\myriam\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\andrea\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\Boomscud\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\manuel\application data" ***


    *** Suppression dossiers dans "C:\Documents and Settings\myriam\local settings\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\local settings\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\andrea\local settings\application data" ***


    *** Suppression dossiers dans "C:\DOCUME~1\manuel\local settings\application data" ***


    *** Suppression dossiers dans "C:\Documents and Settings\myriam\menu dÚmarrer\programmes" ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\myriam\local settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\WINDOWS\system32" *


    awvbfhd.dat trouvé !
    Copie awvbfhd.dat réalisée avec succès !
    awvbfhd.dat supprimé !

    awvbfhd_nav.dat trouvé !
    Copie awvbfhd_nav.dat réalisée avec succès !
    awvbfhd_nav.dat supprimé !

    awvbfhd_navps.dat trouvé !
    Copie awvbfhd_navps.dat réalisée avec succès !
    awvbfhd_navps.dat supprimé !

    bsxckr.dat trouvé !
    Copie bsxckr.dat réalisée avec succès !
    bsxckr.dat supprimé !

    bsxckr_nav.dat trouvé !
    Copie bsxckr_nav.dat réalisée avec succès !
    bsxckr_nav.dat supprimé !

    bsxckr_navps.dat trouvé !
    Copie bsxckr_navps.dat réalisée avec succès !
    bsxckr_navps.dat supprimé !

    fbbirmob.dat trouvé !
    Copie fbbirmob.dat réalisée avec succès !
    fbbirmob.dat supprimé !

    fbbirmob_nav.dat trouvé !
    Copie fbbirmob_nav.dat réalisée avec succès !
    fbbirmob_nav.dat supprimé !

    fbbirmob_navps.dat trouvé !
    Copie fbbirmob_navps.dat réalisée avec succès !
    fbbirmob_navps.dat supprimé !

    lbmjoyw.dat trouvé !
    Copie lbmjoyw.dat réalisée avec succès !
    lbmjoyw.dat supprimé !

    lbmjoyw_nav.dat trouvé !
    Copie lbmjoyw_nav.dat réalisée avec succès !
    lbmjoyw_nav.dat supprimé !

    lbmjoyw_navps.dat trouvé !
    Copie lbmjoyw_navps.dat réalisée avec succès !
    lbmjoyw_navps.dat supprimé !


    * Dans "C:\Documents and Settings\myriam\local settings\application data" *


    * Dans "C:\DOCUME~1\ADMINI~1\local settings\application data" *


    * Dans "C:\DOCUME~1\andrea\local settings\application data" *


    * Dans "C:\DOCUME~1\manuel\local settings\application data" *


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***

    C:\WINDOWS\system32\qtutv.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\qtutv.bak1 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\qtutv.bak2 trouvé ! Infection Vundo possible non traitée par cet outil !


    *** Nettoyage terminé le 09/05/2009 à 15:25:58,54 ***

    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 15:45:00

    Bien, désinstalle Navilog1.

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    9 Mai 2009 16:12:44

    Rapport ComboFix :

    ComboFix 09-05-08.03 - myriam 09/05/2009 15:56.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.547 [GMT 2:00]
    Lancé depuis: c:\documents and settings\myriam\Bureau\ComboFix.exe
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    .
    ADS - system32: deleted 0 bytes in 1 streams.
    ADS - WINDOWS: deleted 0 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\manuel\Application Data\DriveCleaner 2006 Free
    c:\documents and settings\manuel\Application Data\DriveCleaner 2006 Free\Logs\update.log
    c:\documents and settings\manuel\err.log
    c:\documents and settings\myriam\Application Data\DriveCleaner 2006 Free
    c:\documents and settings\myriam\Application Data\DriveCleaner 2006 Free\Logs\update.log
    c:\documents and settings\myriam\err.log
    c:\windows\system32\akpcvbwx.ini
    c:\windows\system32\aswsvxfh.ini
    c:\windows\system32\aynyvrfm.ini
    c:\windows\system32\bjtulpxc.ini
    c:\windows\system32\buwupaey.ini
    c:\windows\system32\cljftdra.ini
    c:\windows\system32\dhaugwmg.ini
    c:\windows\system32\dnkirpdg.ini
    c:\windows\system32\dtejcuvx.ini
    c:\windows\system32\fkvborpu.ini
    c:\windows\system32\fmwutibp.ini
    c:\windows\system32\frwteods.ini
    c:\windows\system32\gdwdsamm.ini
    c:\windows\system32\goscqpvg.ini
    c:\windows\system32\gpphnhqr.ini
    c:\windows\system32\gugbftvw.ini
    c:\windows\system32\gxhsmovg.ini
    c:\windows\system32\haaphqpm.ini
    c:\windows\system32\hljbsnqx.ini
    c:\windows\system32\hmicpiot.ini
    c:\windows\system32\hrkprhsx.ini
    c:\windows\system32\hrxowwri.ini
    c:\windows\system32\iiptnlou.ini
    c:\windows\system32\iptrrtkw.ini
    c:\windows\system32\jdqfkaxo.ini
    c:\windows\system32\jyqjiuus.ini
    c:\windows\system32\lslryiji.ini
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\meuqdjci.ini
    c:\windows\system32\nmkrefct.ini
    c:\windows\system32\npipykem.ini
    c:\windows\system32\olortgny.ini
    c:\windows\system32\oslvinra.ini
    c:\windows\system32\pnaedvjp.ini
    c:\windows\system32\poaoypof.ini
    c:\windows\system32\qmvafowv.ini
    c:\windows\system32\qtutv.bak1
    c:\windows\system32\qtutv.bak2
    c:\windows\system32\qtutv.ini
    c:\windows\system32\qtutv.ini2
    c:\windows\system32\rkrtnrxt.ini
    c:\windows\system32\sshugser.ini
    c:\windows\system32\sspduftg.ini
    c:\windows\system32\stpjuina.ini
    c:\windows\system32\tbaoosaj.ini
    c:\windows\system32\tmp.reg
    c:\windows\system32\tnvpaqrv.ini
    c:\windows\system32\tykrpatw.ini
    c:\windows\system32\uhmpmccw.ini
    c:\windows\system32\ukkcapkv.ini
    c:\windows\system32\uokmsodv.ini
    c:\windows\system32\vfdenaig.ini
    c:\windows\system32\vghbqfso.ini
    c:\windows\system32\viqprewh.ini
    c:\windows\system32\vjvljplc.ini
    c:\windows\system32\vsttdudt.ini
    c:\windows\system32\wbmthcfa.ini
    c:\windows\system32\wsritaqk.ini
    c:\windows\system32\xegretrd.ini
    c:\windows\system32\xfavaony.ini
    c:\windows\system32\xlgfuijd.ini
    c:\windows\WinBots32

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-09 12:50 . 2009-05-09 13:49 -------- d-----w c:\program files\Navilog1
    2009-05-08 21:08 . 2009-05-09 12:21 -------- d-----w C:\Lop SD
    2009-05-08 20:31 . 2009-05-08 20:31 -------- d-----w C:\_OTMoveIt
    2009-05-08 19:58 . 2009-05-08 19:58 -------- d-----w c:\documents and settings\myriam\Application Data\Malwarebytes
    2009-05-08 19:58 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-08 19:57 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-08 19:57 . 2009-05-08 19:57 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-08 19:57 . 2009-05-08 19:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-08 13:39 . 2009-05-08 20:30 -------- d-----w c:\program files\trend micro
    2009-05-08 13:39 . 2009-05-08 13:40 -------- d-----w C:\rsit
    2009-04-18 21:27 . 2009-04-18 21:28 -------- d-----w c:\program files\Fichiers communs\DivX Shared
    2009-04-17 06:47 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
    2009-04-17 06:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 06:46 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 06:46 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-17 06:46 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 06:46 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 06:46 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 06:46 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 06:46 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 06:46 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-17 06:45 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
    2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
    2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
    2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
    2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
    2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-09 13:28 . 2001-08-24 14:00 73864 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-09 13:28 . 2001-08-24 14:00 467378 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-08 21:10 . 2005-04-15 17:58 -------- d-----w c:\program files\Java
    2009-05-08 20:37 . 2005-05-09 16:24 114184 -c--a-w c:\documents and settings\myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-02 18:24 . 2007-04-23 14:55 -------- d-----w c:\program files\DivX
    2009-04-24 09:15 . 2005-04-15 17:57 -------- d-----w c:\program files\eMule
    2009-04-22 15:31 . 2009-04-06 19:12 -------- d-----w c:\program files\FileZilla FTP Client
    2009-04-15 20:25 . 2006-01-27 17:16 43528 -c----w c:\windows\system32\drivers\PxHelp20.sys
    2009-04-15 20:25 . 2006-01-27 17:16 120056 -c----w c:\windows\system32\pxcpyi64.exe
    2009-04-15 20:25 . 2006-01-27 17:16 118520 -c----w c:\windows\system32\pxinsi64.exe
    2009-04-06 19:23 . 2009-04-06 19:23 -------- d-----w c:\program files\Notepad++
    2009-03-09 03:19 . 2009-03-21 16:51 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-06 14:20 . 2004-08-04 00:54 286720 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:13 . 2004-08-04 00:54 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2004-08-04 00:54 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-10 17:06 . 2004-08-04 00:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 14:05 . 2004-08-04 00:45 1846912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:24 . 2004-08-04 00:49 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 11:23 . 2004-08-04 00:55 111104 ----a-w c:\windows\system32\services.exe
    2009-02-09 10:53 . 2004-08-04 00:54 735744 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:53 . 2004-08-04 00:54 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:53 . 2004-08-04 00:54 685568 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:53 . 2004-08-04 00:54 739840 ----a-w c:\windows\system32\ntdll.dll
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
    2007-06-06 08:37 . 2007-06-06 08:37 673083 -csha-w c:\windows\system32\ututv.tmp
    2007-06-13 19:19 . 2007-06-13 19:19 525 -csh--w c:\windows\system32\viqprewh.tmp
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Update Detection"="???\WkDetect.exe" [?]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-18 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    c:\documents and settings\manuel\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-3-23 674304]
    Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

    c:\documents and settings\myriam\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-3-23 674304]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer le Poste de Travail Sans Fil Labtec.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer le Poste de Travail Sans Fil Labtec.lnk
    backup=c:\windows\pss\Activer le Poste de Travail Sans Fil Labtec.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
    backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^myriam^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
    path=c:\documents and settings\myriam\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
    backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\myriam\\Bureau\\freezer.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18951:TCP"= 18951:TCP:BitComet 18951 TCP
    "18951:UDP"= 18951:UDP:BitComet 18951 UDP

    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [15/04/2005 20:25 12964]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [15/04/2005 17:37 152576]
    S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
    S3 P215XXPMS;P215XXP Mass Storage Driver;c:\windows\system32\drivers\p215xfxp.sys [15/04/2005 20:29 5401]
    S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [29/08/2008 00:00 28704]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uInternet Settings,ProxyOverride = localhost
    uInternet Settings,ProxyServer = localhost:8800
    IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\myriam\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 8800
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-09 16:04
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b3,5a,1f,15,15,
    6c,e9,8a,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,27,3e,03,b9,
    94,68,de,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,38,ec,a7,ea,07,
    f7,fb,60,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,98,1e,67,7a,44,
    22,02,72,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,26,dd,ed,f8,fb,
    9e,19,6e,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3d,c9,81,f1,9d,
    40,fa,50,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,00,ca,3d,be,ff,
    09,df,c2,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,a3,f9,9b,73,
    60,72,27,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,fa,3b,39,c2,b4,
    53,21,06,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,8e,8e,af,7d,c0,
    e7,df,e5,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,c7,6f,24,09,1b,
    7e,b1,6d,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,49,24,1e,18,69,
    54,78,33,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1048)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3588)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-09 16:09 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-09 14:09

    Avant-CF: 5 918 715 904 octets libres
    Après-CF: 5 834 686 464 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    350 --- E O F --- 2009-05-02 10:05


    Merci de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 16:20:18

    Wahoo... :lol: 

    /!\ Seul blasil64 peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\windows\system32\ututv.tmp
    c:\windows\system32\viqprewh.tmp


    ---> Ouvre le Bloc-Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    9 Mai 2009 17:57:02

    Pourquoi ce Wahou enthousiaste ?

    Rapport ComboFix :

    ComboFix 09-05-08.03 - myriam 09/05/2009 17:42.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.574 [GMT 2:00]
    Lancé depuis: c:\documents and settings\myriam\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\myriam\Bureau\CFScript.txt
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

    FILE ::
    c:\windows\system32\ututv.tmp
    c:\windows\system32\viqprewh.tmp
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\ututv.tmp
    c:\windows\system32\viqprewh.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-09 au 2009-05-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-09 12:50 . 2009-05-09 13:49 -------- d-----w c:\program files\Navilog1
    2009-05-08 21:08 . 2009-05-09 12:21 -------- d-----w C:\Lop SD
    2009-05-08 20:31 . 2009-05-08 20:31 -------- d-----w C:\_OTMoveIt
    2009-05-08 19:58 . 2009-05-08 19:58 -------- d-----w c:\documents and settings\myriam\Application Data\Malwarebytes
    2009-05-08 19:58 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-08 19:57 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-08 19:57 . 2009-05-08 19:57 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-08 19:57 . 2009-05-08 19:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-08 13:39 . 2009-05-08 20:30 -------- d-----w c:\program files\trend micro
    2009-05-08 13:39 . 2009-05-08 13:40 -------- d-----w C:\rsit
    2009-04-18 21:27 . 2009-04-18 21:28 -------- d-----w c:\program files\Fichiers communs\DivX Shared
    2009-04-17 06:47 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
    2009-04-17 06:46 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 06:46 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
    2009-04-17 06:46 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
    2009-04-17 06:46 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 06:46 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 06:46 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 06:46 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 06:46 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 06:46 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
    2009-04-17 06:45 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
    2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
    2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
    2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
    2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
    2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-09 14:36 . 2001-08-24 14:00 73864 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-09 14:36 . 2001-08-24 14:00 467378 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-08 21:10 . 2005-04-15 17:58 -------- d-----w c:\program files\Java
    2009-05-08 20:37 . 2005-05-09 16:24 114184 -c--a-w c:\documents and settings\myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-02 18:24 . 2007-04-23 14:55 -------- d-----w c:\program files\DivX
    2009-04-24 09:15 . 2005-04-15 17:57 -------- d-----w c:\program files\eMule
    2009-04-22 15:31 . 2009-04-06 19:12 -------- d-----w c:\program files\FileZilla FTP Client
    2009-04-15 20:25 . 2006-01-27 17:16 43528 -c----w c:\windows\system32\drivers\PxHelp20.sys
    2009-04-15 20:25 . 2006-01-27 17:16 120056 -c----w c:\windows\system32\pxcpyi64.exe
    2009-04-15 20:25 . 2006-01-27 17:16 118520 -c----w c:\windows\system32\pxinsi64.exe
    2009-04-06 19:23 . 2009-04-06 19:23 -------- d-----w c:\program files\Notepad++
    2009-03-09 03:19 . 2009-03-21 16:51 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-03-06 14:20 . 2004-08-04 00:54 286720 ----a-w c:\windows\system32\pdh.dll
    2009-03-03 00:13 . 2004-08-04 00:54 826368 ----a-w c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2004-08-04 00:54 78336 ----a-w c:\windows\system32\ieencode.dll
    2009-02-10 17:06 . 2004-08-04 00:48 2068096 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-02-09 14:05 . 2004-08-04 00:45 1846912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 11:24 . 2004-08-04 00:49 2191104 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-02-09 11:23 . 2004-08-04 00:55 111104 ----a-w c:\windows\system32\services.exe
    2009-02-09 10:53 . 2004-08-04 00:54 735744 ----a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:53 . 2004-08-04 00:54 401408 ----a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:53 . 2004-08-04 00:54 685568 ----a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:53 . 2004-08-04 00:54 739840 ----a-w c:\windows\system32\ntdll.dll
    2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-09_14.04.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-09 15:47 . 2009-05-09 15:47 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
    + 2001-08-24 14:00 . 2009-05-09 14:36 60624 c:\windows\system32\perfc009.dat
    - 2001-08-24 14:00 . 2009-05-09 13:28 60624 c:\windows\system32\perfc009.dat
    + 2001-08-24 14:00 . 2009-05-09 14:36 400464 c:\windows\system32\perfh009.dat
    - 2001-08-24 14:00 . 2009-05-09 13:28 400464 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Works Update Detection"="???\WkDetect.exe" [?]
    "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-04-18 190024]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
    "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    c:\documents and settings\manuel\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-3-23 674304]
    Palm Registration.lnk - c:\program files\Palm\register.exe [2005-8-8 2494464]

    c:\documents and settings\myriam\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - c:\program files\Antipub\antipub.exe [2003-3-23 674304]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer le Poste de Travail Sans Fil Labtec.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer le Poste de Travail Sans Fil Labtec.lnk
    backup=c:\windows\pss\Activer le Poste de Travail Sans Fil Labtec.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
    backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
    backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^myriam^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
    path=c:\documents and settings\myriam\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
    backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\myriam\\Bureau\\freezer.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18951:TCP"= 18951:TCP:BitComet 18951 TCP
    "18951:UDP"= 18951:UDP:BitComet 18951 UDP

    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [15/04/2005 20:25 12964]
    R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [15/04/2005 17:37 152576]
    S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [31/12/2003 11:35 18848]
    S3 P215XXPMS;P215XXP Mass Storage Driver;c:\windows\system32\drivers\p215xfxp.sys [15/04/2005 20:29 5401]
    S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [29/08/2008 00:00 28704]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ecf2c9-ef3c-11db-85e5-000102f75347}]
    \Shell\AutoRun\command - F:\LaunchU3.exe
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uInternet Settings,ProxyOverride = localhost
    uInternet Settings,ProxyServer = localhost:8800
    IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\myriam\Application Data\Mozilla\Firefox\Profiles\iihcimqy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 8800
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-09 17:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b3,5a,1f,15,15,
    6c,e9,8a,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,27,3e,03,b9,
    94,68,de,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,38,ec,a7,ea,07,
    f7,fb,60,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,98,1e,67,7a,44,
    22,02,72,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,26,dd,ed,f8,fb,
    9e,19,6e,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,3d,c9,81,f1,9d,
    40,fa,50,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,00,ca,3d,be,ff,
    09,df,c2,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,a3,f9,9b,73,
    60,72,27,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,fa,3b,39,c2,b4,
    53,21,06,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,8e,8e,af,7d,c0,
    e7,df,e5,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,c7,6f,24,09,1b,
    7e,b1,6d,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,49,24,1e,18,69,
    54,78,33,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1084)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2800)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-09 17:55 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-09 15:55
    ComboFix2.txt 2009-05-09 14:09

    Avant-CF: 5 772 910 592 octets libres
    Après-CF: 5 757 980 672 octets libres

    Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    285 --- E O F --- 2009-05-02 10:05
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 18:00:31

    Citation :
    Pourquoi ce Wahou enthousiaste ?

    ---> Car ComboFix a viré pas mal d'infections.

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Refais un scan RSIT et poste le rapport log.
    9 Mai 2009 18:04:38

    Rapport de RSIT :


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by myriam at 2009-05-09 18:03:47
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 8 GB (20%) free of 39 GB
    Total RAM: 1023 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:04:05, on 09/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\myriam\Bureau\RSIT.exe
    C:\Program Files\trend micro\myriam.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jean-guymetal.spaces.live.com/PhotoUpload/MsnPUp...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

    --
    End of file - 8264 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-23 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-29 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-23 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
    EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-23 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-05-15 339968]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
    "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2006-04-18 190024]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "Microsoft Works Update Detection"=???\WkDetect.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-05-23 95800]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-20 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer le Poste de Travail Sans Fil Labtec.lnk]
    C:\PROGRA~1\Poste de Travail Sans Fil Labtec\MulMouse.exe [2003-03-17 253952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    C:\PROGRA~1\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-06 67128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\PROGRA~1\Microsoft Office\Office10\OSA.EXE -b -l []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\Google Updater\GoogleUpdater.exe -systray -startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    C:\PROGRA~1\FICHIE~1\MICROS~1\Works Shared\wkcalrem.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
    C:\PROGRA~1\Windows Desktop Search\WindowsSearch.exe /startup []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^myriam^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
    C:\PROGRA~1\OpenOffice.org 2.1\program\quickstart.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe

    C:\Documents and Settings\myriam\Menu Démarrer\Programmes\Démarrage
    Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-03-17 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoFavoritesMenu"=0
    "NoSMMyPictures"=0
    "NoStartMenuMyMusic"=0
    "NoRecentDocsNetHood"=0
    "NoUserNameInStartMenu"=1
    "NoInstrumentation"=0
    "NoStartMenuPinnedList"=0
    "ForceStartMenuLogoff"=0
    "NoSharedDocuments"=1
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoFavoritesMenu"=
    "NoSMMyPictures"=
    "NoStartMenuMyMusic"=
    "NoRecentDocsNetHood"=
    "NoInstrumentation"=
    "NoSimpleStartMenu"=
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Documents and Settings\myriam\Bureau\freezer.exe"="C:\Documents and Settings\myriam\Bureau\freezer.exe:*:Enabled:freezer"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ecf2c9-ef3c-11db-85e5-000102f75347}]
    shell\AutoRun\command - F:\LaunchU3.exe


    ======List of files/folders created in the last 1 months======

    2009-05-09 18:02:15 ----D---- C:\ComboFix
    2009-05-09 17:55:34 ----A---- C:\ComboFix.txt
    2009-05-09 17:45:00 ----D---- C:\WINDOWS\temp
    2009-05-09 15:54:39 ----A---- C:\Boot.bak
    2009-05-09 15:54:29 ----RASHD---- C:\cmdcons
    2009-05-09 15:51:02 ----D---- C:\WINDOWS\ERDNT
    2009-05-09 15:20:34 ----A---- C:\cleannavi.txt
    2009-05-09 14:52:35 ----A---- C:\fixnavi.txt
    2009-05-09 14:50:50 ----D---- C:\Program Files\Navilog1
    2009-05-08 23:10:47 ----A---- C:\lopR.txt
    2009-05-08 23:08:21 ----D---- C:\Lop SD
    2009-05-08 21:58:05 ----D---- C:\Documents and Settings\myriam\Application Data\Malwarebytes
    2009-05-08 21:57:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-08 21:57:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-08 15:39:23 ----D---- C:\Program Files\trend micro
    2009-05-08 15:39:22 ----D---- C:\rsit
    2009-05-02 12:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
    2009-04-20 20:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-20 20:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-20 20:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-20 20:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-20 20:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-20 20:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-18 23:27:37 ----D---- C:\Program Files\Fichiers communs\DivX Shared
    2009-04-15 22:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll
    2009-04-15 22:24:38 ----A---- C:\WINDOWS\system32\DivX.dll
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-04-11 18:49:11 ----A---- C:\WINDOWS\system32\java.exe

    ======List of files/folders modified in the last 1 months======

    2009-05-09 18:03:33 ----SHD---- C:\System Volume Information
    2009-05-09 18:03:33 ----D---- C:\WINDOWS\system32\Restore
    2009-05-09 18:02:39 ----AD---- C:\WINDOWS
    2009-05-09 18:02:32 ----AD---- C:\WINDOWS\system32
    2009-05-09 18:02:17 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-09 17:55:55 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-09 17:55:37 ----D---- C:\WINDOWS\system32\drivers
    2009-05-09 17:51:25 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-05-09 17:47:51 ----A---- C:\WINDOWS\system.ini
    2009-05-09 17:44:25 ----D---- C:\WINDOWS\AppPatch
    2009-05-09 17:44:21 ----D---- C:\Program Files\Fichiers communs
    2009-05-09 17:41:25 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-09 16:31:56 ----D---- C:\WINDOWS\Minidump
    2009-05-09 15:59:30 ----D---- C:\WINDOWS\system32\config
    2009-05-09 15:54:39 ----RASH---- C:\boot.ini
    2009-05-09 15:21:45 ----D---- C:\WINDOWS\Prefetch
    2009-05-09 14:50:50 ----D---- C:\Program Files
    2009-05-08 23:10:26 ----SHD---- C:\WINDOWS\Installer
    2009-05-08 23:10:11 ----D---- C:\Program Files\Java
    2009-05-08 23:00:57 ----AD---- C:\Documents and Settings
    2009-05-08 18:34:08 ----D---- C:\Documents and Settings\myriam\Application Data\uTorrent
    2009-05-08 18:33:41 ----HD---- C:\WINDOWS\inf
    2009-05-04 19:33:52 ----D---- C:\Documents and Settings\myriam\Application Data\FileZilla
    2009-05-02 20:24:41 ----D---- C:\Program Files\DivX
    2009-05-02 12:05:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-05-02 12:03:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-04-29 15:45:39 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-27 19:37:04 ----D---- C:\WINDOWS\Debug
    2009-04-24 11:15:36 ----D---- C:\Program Files\eMule
    2009-04-23 17:18:01 ----D---- C:\Documents and Settings\myriam\Application Data\U3
    2009-04-22 17:31:38 ----D---- C:\Program Files\FileZilla FTP Client
    2009-04-20 21:34:35 ----D---- C:\WINDOWS\system32\wbem
    2009-04-20 20:23:58 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-20 20:23:57 ----D---- C:\Program Files\Internet Explorer
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\vxblock.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxwave.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxsfs.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxmas.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxinsi64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxinsa64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxhpinst.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxdrv.dll
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxcpyi64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\pxcpya64.exe
    2009-04-15 22:25:42 ----C---- C:\WINDOWS\system32\px.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
    R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
    R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-07 5632]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
    R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-17 1520640]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
    R3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 152576]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R4 catchme;catchme; \??\C:\DOCUME~1\myriam\Local Settings\Temp\catchme.sys []
    S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
    S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
    S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 32128]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 BthEnum;Service d'énumérateur Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
    S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMD033.sys [2003-11-10 36232]
    S3 P215XXPMS;P215XXP Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\p215xfxp.sys [2002-11-02 5401]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2009-01-11 16694]
    S3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys []
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
    S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
    S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 28704]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-05-09 223128]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
    R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-17 405504]
    R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
    R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-05-15 516096]
    S2 NetMDSB;MD Simple Burner Service; C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
    S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

    -----------------EOF-----------------
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 18:08:38

  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    9 Mai 2009 18:15:58

    OK pas de souci ! Merci encore de ton aide !
    Je posterai le rapport après l'analyse !
    9 Mai 2009 19:41:17

    Me revoilà, voici le rapport d'antivir :




    Avira AntiVir Personal
    Report file date: samedi 9 mai 2009 18:14

    Scanning for 1385351 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: TITANIUM

    Version information:
    BUILD.DAT : 8.2.0.348 16934 Bytes 23/03/2009 13:44:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 21:13:02
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 21:16:02
    LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 21:16:05
    LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 21:16:05
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:52:49
    ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 20:39:54
    ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 11:15:24
    ANTIVIR3.VDF : 7.1.3.178 195584 Bytes 08/05/2009 12:06:33
    Engineversion : 8.2.0.166
    AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 11:15:26
    AESCRIPT.DLL : 8.1.1.81 385401 Bytes 09/05/2009 12:06:36
    AESCN.DLL : 8.1.1.10 127348 Bytes 03/04/2009 19:57:42
    AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 21:12:21
    AEPACK.DLL : 8.1.3.16 397686 Bytes 09/05/2009 12:06:36
    AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 20:57:01
    AEHEUR.DLL : 8.1.0.128 1757559 Bytes 09/05/2009 12:06:35
    AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 20:56:57
    AEGEN.DLL : 8.1.1.42 348531 Bytes 09/05/2009 12:06:34
    AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 19:43:53
    AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 11:10:58
    AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 19:43:51
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 21:16:03
    AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 21:16:02
    AVREP.DLL : 8.0.0.3 155688 Bytes 21/04/2009 11:11:11
    AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 21:16:02
    AVARKT.DLL : 1.0.0.23 307457 Bytes 18/04/2008 11:08:09
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 21:16:02
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/04/2008 11:08:09
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 21:16:06
    NETNT.DLL : 8.0.0.1 7937 Bytes 18/04/2008 11:08:09
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 21:15:52
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 21:15:52

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 9 mai 2009 18:14

    Starting search for hidden objects.
    '37979' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'antipub.exe' - '1' Module(s) have been scanned
    Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    38 processes with 38 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'C:\' <chipou>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd4829.sys
    [WARNING] The file could not be opened!


    End of the scan: samedi 9 mai 2009 19:27
    Used time: 1:13:40 Hour(s)

    The scan has been done completely.

    8980 Scanning directories
    242840 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    242836 Files not concerned
    5582 Archives were scanned
    5 Warnings
    0 Notes
    37979 Objects were scanned with rootkit scan
    0 Hidden objects were found

    9 Mai 2009 23:05:12

    La version anglaise ne me déplait pas mais merci quand même du lien je verrai si je change !
    Il reste des choses à faire ?

    Sinon encore merci de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    9 Mai 2009 23:10:10

    En fait, tu as la version 8 anglaise, passe au moins à la version 9 anglaise.

    Ton PC va bien ?
    10 Mai 2009 17:57:18

    C'est bon je suis passé à la version 9 d'antivir, sur ce merci de ton aide cela m'a bien enlevé les message d'erreurs du démarrage ! Merci encore car mon PC va mieux !
    Bonne continuation !
    a c 295 8 Sécurité
    a b 9 Windows
    10 Mai 2009 18:12:26

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    10 Mai 2009 18:21:22

    Voici le rapport ToolsCleaner :


    [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\cleannavi.txt: trouvé !
    C:\lopR.txt: trouvé !
    C:\Combofix: trouvé !
    C:\Lop SD: trouvé !
    C:\Rsit: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\cleannavi.txt: supprimé !
    C:\lopR.txt: supprimé !
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Combofix: supprimé !
    C:\Lop SD: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\Navilog1: supprimé !


    J'ai déjà CCleaner mais merci !

    Merci encore de ton aide !
    a c 295 8 Sécurité
    a b 9 Windows
    10 Mai 2009 18:26:44

    Tu peux supprimer ToolsCleaner.
    10 Mai 2009 20:31:32

    Merci beaucoup pour cette grande aide !
    a c 295 8 Sécurité
    a b 9 Windows
    10 Mai 2009 20:43:12

    Bonne soirée ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS