Votre question

Pubs intempestives / redémarrages non demandés

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Avril 2009 21:22:42

Bonjour,
Depuis quelques jours mon PC se met à redémarrer sans que je le souhaite, j'ai l'impression que cela correspond à l'apparition de fenêtre de publicité pour des sites de jeux et divers antivirus.
Si quelqu'un pouvais m'apporter sons aide (dois je faire un rapport hijackthis par exemple).
Merci d'avance

Autres pages sur : pubs intempestives redamarrages demandas

a c 296 8 Sécurité
27 Avril 2009 21:26:56

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    27 Avril 2009 21:32:50

    Ok merci de me répondre aussi vite.

    Donc voici pour commencer le log :

    log.txt


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by gabrielle at 2009-04-27 21:29:19
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 159 GB (52%) free of 305 GB
    Total RAM: 1022 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:29:27, on 27/04/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\gabrielle\Bureau\RSIT.exe
    C:\Program Files\trend micro\gabrielle.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
    O2 - BHO: (no name) - {6d119a5d-b930-4611-9989-2e6ecacd8df6} - C:\WINDOWS\system32\corePX.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454160 14
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/telechargement-ph...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O20 - Winlogon Notify: corePX - corePX.dll (file missing)
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe (file missing)
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7773 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
    MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2009-03-19 1883672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d119a5d-b930-4611-9989-2e6ecacd8df6}]
    C:\WINDOWS\system32\corePX.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2009-03-19 1883672]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
    "nwiz"=nwiz.exe /install []
    "Muscbrigade"=c:\Musicbrigade\Musicbrigade.exe [2005-12-22 40960]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-12-27 73840]
    "WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2007-12-20 37376]
    "DC6V_Check"=C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "fsc-reminder.exe"=C:\WINDOWS\reminder\fsc-reminder.exe 2454160 14 []
    "WOOKIT"=C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe []
    "MsnMsgr"=~C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
    "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-12-27 73840]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\corePX]
    corePX.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\Te"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\T"
    "C:\WINDOWS\system32\qwerty12.exe"="C:\WINDOWS\system32\qwe"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\T"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    shell\Auto\command - Ghost.pif
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fa2aa0d-06b4-11dc-832c-0016173fb785}]
    shell\Auto\command - bittorrent.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{278f65fe-4521-11dc-83a6-0016173fb785}]
    shell\AutoRun\command - K:\00hoeav.com
    shell\explore\command - K:\00hoeav.com
    shell\open\command - K:\00hoeav.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fdc6c76-b6bc-11dc-8472-0016173fb785}]
    shell\Auto\command - cmd /C launch.bat
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfeaa7d0-2e28-11dd-84d9-0016173fb785}]
    shell\Auto\command - Ghost.pif
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL


    ======List of files/folders created in the last 1 months======

    2009-04-27 21:29:19 ----D---- C:\rsit
    2009-04-27 21:29:19 ----D---- C:\Program Files\trend micro
    2009-04-25 18:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-25 18:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-25 18:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-25 18:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-25 18:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-25 17:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-01 20:41:54 ----D---- C:\Documents and Settings\gabrielle\Application Data\Zylom
    2009-04-01 20:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
    2009-04-01 20:41:27 ----D---- C:\Program Files\Zylom Games

    ======List of files/folders modified in the last 1 months======

    2009-04-27 21:29:22 ----D---- C:\WINDOWS\Prefetch
    2009-04-27 21:29:19 ----RD---- C:\Program Files
    2009-04-27 21:23:46 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-27 21:13:08 ----HD---- C:\WINDOWS\inf
    2009-04-27 21:13:06 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-27 21:13:03 ----D---- C:\WINDOWS\Temp
    2009-04-27 21:13:03 ----D---- C:\WINDOWS\system32\ias
    2009-04-27 21:13:02 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt
    2009-04-27 21:13:01 ----D---- C:\WINDOWS\Registration
    2009-04-27 21:12:56 ----D---- C:\WINDOWS
    2009-04-27 20:49:41 ----AD---- C:\WINDOWS\system32
    2009-04-27 20:49:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-27 20:45:19 ----D---- C:\WINDOWS\system32\wbem
    2009-04-27 20:45:18 ----D---- C:\WINDOWS\AppPatch
    2009-04-25 18:03:38 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-25 18:03:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-25 18:03:24 ----A---- C:\WINDOWS\imsins.BAK
    2009-04-25 18:03:09 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-25 18:03:09 ----D---- C:\Program Files\Internet Explorer
    2009-04-25 18:01:01 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-25 18:00:52 ----SHD---- C:\WINDOWS\Installer
    2009-04-25 18:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-03-30 20:40:05 ----D---- C:\Program Files\eMule
    2009-03-29 14:42:23 ----A---- C:\WINDOWS\NeroDigital.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 PD100VID;Video Blaster WebCam 5 (WDM); C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 374200]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
    S2 DomainService;DomainService; C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe /service []
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-11-11 69120]
    S3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

    Ainsi que le info.txt

    info.txt logfile of random's system information tool 1.06 2009-04-27 21:29:29

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Akeo - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
    Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Creative Video Blaster WebCam 5 Driver-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400C&MI_00 -plugin PD100Pin.dll -pluginres PD100Pin.crl
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Farm Mania Deluxe-->"C:\Program Files\Zylom Games\Farm Mania Deluxe\GameInstlr.exe" --uninstall UnInstall.log
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
    High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Lexmark 3400 Series-->C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
    LimeWire PRO 4.16.3-->"C:\Program Files\LimeWire\uninstall.exe"
    Macrogaming SweetIM 2.0-->MsiExec.exe /X{D9BBFA60-4514-4F08-A78F-91957F957495}
    Mad Medley Battle-->"C:\Program Files\MyPlayCity.com\Mad Medley Battle\unins000.exe"
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MyPlayCity Toolbar-->C:\PROGRA~1\MYPLAY~1\UNWISE.EXE C:\PROGRA~1\MYPLAY~1\INSTALL.LOG
    Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}
    Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
    Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
    NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
    QuickTime Alternative 1.81-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Tom Clancy's Splinter Cell Chaos Theory-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888DD888-82BE-4D85-BCB2-2E042CD3E844}\setup.exe" -l0x40c -removeonly
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Media Center Edition 2005 KB919803-->"C:\WINDOWS\$NtUninstallKB919803$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinFlyer-->"rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,UnInstall
    Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic
    FW: Norton Internet Worm Protection (disabled)

    ======System event log======

    Computer Name: NOM-2E352C2CAC0
    Event Code: 7036
    Message: Le service Fax est entré dans l'état : arrêté.

    Record Number: 5
    Source Name: Service Control Manager
    Time Written: 20090402181249.000000+120
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 7035
    Message: Un contrôle Arrêter a correctement été envoyé au service Fax.

    Record Number: 4
    Source Name: Service Control Manager
    Time Written: 20090402181248.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: NOM-2E352C2CAC0
    Event Code: 17
    Message: AVGNTFLT successfully loaded

    Record Number: 3
    Source Name: avgntflt
    Time Written: 20090402181243.000000+120
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20090402181230.000000+120
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20090402181230.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: NOM-2E352C2CAC0
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 10907
    Source Name: SecurityCenter
    Time Written: 20090108104102.000000+060
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 101
    Message: MsnMsgr (408) Le moteur de base de données est arrêté.

    Record Number: 10906
    Source Name: ESENT
    Time Written: 20090107181940.000000+060
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 103
    Message: MsnMsgr (408) \\.\C:\Documents and Settings\gabrielle\Local Settings\Application Data\Microsoft\Messenger\wckr@hotmail.fr\SharingMetadata\Working\database_66C_2404_6C23_ED5D\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 10905
    Source Name: ESENT
    Time Written: 20090107181940.000000+060
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 102
    Message: MsnMsgr (408) \\.\C:\Documents and Settings\gabrielle\Local Settings\Application Data\Microsoft\Messenger\wckr@hotmail.fr\SharingMetadata\Working\database_66C_2404_6C23_ED5D\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 10904
    Source Name: ESENT
    Time Written: 20090107181358.000000+060
    Event Type: Informations
    User:

    Computer Name: NOM-2E352C2CAC0
    Event Code: 100
    Message: MsnMsgr (408) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 10903
    Source Name: ESENT
    Time Written: 20090107181358.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------


    Contenus similaires
    a c 296 8 Sécurité
    27 Avril 2009 21:36:17

    Ton PC est infecté.

    Je te conseille de désinstaller SweetIM.

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    27 Avril 2009 21:50:13

    Voici le rapport usbfix mais j'ai l'impression que la recherche s'arrête avant la fin (sur key : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : MSRAD4) , à voir.



    ############################## [ UsbFix V3.014 ]

    # User : gabrielle (Administrateurs) # NOM-2E352C2CAC0
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 21:45:59 | 27/04/2009

    # Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.13
    # Windows Firewall Status : Enabled
    # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
    # FW : Norton Internet Worm Protection[ (!) Disabled ]2006

    # C:\ # Disque fixe local # 298,09 Go (155,24 Go free) [467407] # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible
    # F:\ # Disque amovible
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque fixe local # 149,01 Go (8,85 Go free) [BORDEL] # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"
    HKCU_Main: "Start Page"="http://www.orange.fr"
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"="gabrielle"
    HKLM_logon: "AltDefaultUserName"="gabrielle"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: RTHDCPL=RTHDCPL.EXE
    HKLM_Run: Alcmtr=ALCMTR.EXE
    HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM_Run: nwiz=nwiz.exe /install
    HKLM_Run: NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    HKLM_Run: SweetIM=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    HKLM_Run: DC6V_Check="C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
    HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    HKLM_Run: KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
    HKLM_Run: MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    HKCU_Run: fsc-reminder.exe=C:\WINDOWS\reminder\fsc-reminder.exe 2454160 14
    HKCU_Run: MsnMsgr=~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    ################## [ Informations ]


    ################## [ Fichiers # Dossiers infectieux ]

    Found ! J:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    a c 296 8 Sécurité
    27 Avril 2009 21:52:22

    UsbFix bloque, fais ceci :

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    27 Avril 2009 22:12:26

    Voici le rapport mbam :

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2050
    Windows 5.1.2600 Service Pack 3

    27/04/2009 22:00:31
    mbam-log-2009-04-27 (22-00-31).txt

    Type de recherche: Examen rapide
    Eléments examinés: 84986
    Temps écoulé: 5 minute(s), 24 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 23
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d119a5d-b930-4611-9989-2e6ecacd8df6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\corepx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6d119a5d-b930-4611-9989-2e6ecacd8df6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{debeb52f-cfa6-4647-971f-3edb75b63afa} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e2ee5c44-c66d-499d-beae-a2a79189a63a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6039e6c-bde9-4de5-bb40-768caa584fdc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{debeb52f-cfa6-4647-971f-3edb75b63afa} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2ee5c44-c66d-499d-beae-a2a79189a63a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFC (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DInf (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DNIdent (Trojan.ConHook) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\SystemDoctor (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gabrielle\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gabrielle\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\corePX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\SystemDoctor\err.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\gabrielle\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    a c 296 8 Sécurité
    27 Avril 2009 22:29:27

    Réessaie UsbFix.
    27 Avril 2009 22:34:20

    Bon apparemment il bloque encore mais cette fois ci sur key : HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System : DisableTaskMgr
    a c 296 8 Sécurité
    27 Avril 2009 22:35:11

    Essaie l'option 2.
    27 Avril 2009 22:43:50

    Ok apparemment il s'est exécuté correctement. Voici le rapport :

    ############################## [ UsbFix V3.014 ]

    # User : gabrielle (Administrateurs) # NOM-2E352C2CAC0
    # Update on 27/04/09 by C_XX & Chiquitine29
    # Start at: 22:41:03 | 27/04/2009

    # Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.13
    # Windows Firewall Status : Enabled
    # AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
    # FW : Norton Internet Worm Protection[ (!) Disabled ]2006

    # C:\ # Disque fixe local # 298,09 Go (155,29 Go free) [467407] # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible
    # F:\ # Disque amovible
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque fixe local # 149,01 Go (8,85 Go free) [BORDEL] # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\eHome\ehRec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! J:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]


    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\J\Shell\Auto\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\J\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1fa2aa0d-06b4-11dc-832c-0016173fb785}\Shell\Auto\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1fa2aa0d-06b4-11dc-832c-0016173fb785}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{278f65fe-4521-11dc-83a6-0016173fb785}\Shell\AutoRun\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{278f65fe-4521-11dc-83a6-0016173fb785}\Shell\explore\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{278f65fe-4521-11dc-83a6-0016173fb785}\Shell\open\Command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7fdc6c76-b6bc-11dc-8472-0016173fb785}\Shell\Auto\command
    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7fdc6c76-b6bc-11dc-8472-0016173fb785}\Shell\AutoRun\command

    ################## [ Listing des fichiers présent ]

    [09/11/2006 11:07|--a------|1054] - C:\868000467407.dat
    [09/11/2006 09:15|--a------|0] - C:\AUTOEXEC.BAT
    [27/04/2009 21:36|-rahs----|209] - C:\boot.ini
    [10/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
    [09/11/2006 09:15|--a------|0] - C:\CONFIG.SYS
    [18/10/2008 19:11|--a------|3532] - C:\drmHeader.bin
    [28/02/2007 19:17|--a------|27] - C:\expand.txt
    [?|?|?] - C:\hiberfil.sys
    [09/11/2006 09:15|-rahs----|0] - C:\IO.SYS
    [11/10/2004 07:18|--a------|19] - C:\LANG.TXT
    [09/04/2003 10:44|--a------|10] - C:\Language.txt
    [20/02/2009 21:28|--a------|41968] - C:\lxcyscan.log
    [09/11/2006 09:15|-rahs----|0] - C:\MSDOS.SYS
    [10/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
    [05/09/2008 18:18|-rahs----|252240] - C:\ntldr
    [04/08/2004 14:00|--a------|2] - C:\oem.tag
    [?|?|?] - C:\pagefile.sys
    [09/11/2006 11:07|---h-----|18384] - C:\Prodlog.txt
    [12/04/2007 18:40|--ah-----|304] - C:\sqmdata00.sqm
    [23/08/2007 23:06|--ah-----|268] - C:\sqmdata01.sqm
    [16/08/2008 18:25|--ah-----|268] - C:\sqmdata02.sqm
    [15/11/2008 13:33|--ah-----|268] - C:\sqmdata03.sqm
    [25/04/2009 17:58|--ah-----|268] - C:\sqmdata04.sqm
    [27/04/2009 22:00|--ah-----|268] - C:\sqmdata05.sqm
    [12/04/2007 18:40|--ah-----|244] - C:\sqmnoopt00.sqm
    [23/08/2007 23:06|--ah-----|244] - C:\sqmnoopt01.sqm
    [16/08/2008 18:25|--ah-----|244] - C:\sqmnoopt02.sqm
    [15/11/2008 13:33|--ah-----|244] - C:\sqmnoopt03.sqm
    [25/04/2009 17:58|--ah-----|244] - C:\sqmnoopt04.sqm
    [27/04/2009 22:00|--ah-----|244] - C:\sqmnoopt05.sqm
    [31/10/2005 17:56|--a------|700416] - C:\StubInstaller.exe
    [27/04/2009 22:41|--a------|4700] - C:\UsbFix.txt
    [12/03/2008 11:57|--ah-----|4096] - J:\._.Trashes
    [04/05/2008 18:57|--ah-----|12292] - J:\.DS_Store
    [04/03/2009 19:34|--ahs----|124416] - J:\Thumbs.db
    [20/07/2007 19:01|--a------|733806592] - J:\2-florence foresti la cigale.avi
    [28/07/2006 19:19|--a------|751230976] - J:\7 swords.avi
    [06/10/2004 17:55|--a------|728632098] - J:\15Aout.avi
    [12/01/2007 07:29|--a------|733882368] - J:\16 BLOCS.avi
    [07/01/2007 13:36|--a------|734482432] - J:\21 Grammes.avi
    [14/01/2008 08:29|--a------|734496768] - J:\30 jours de nuit DvdRip FRENCH(didjy34) xvid.avi
    [04/11/2007 22:52|--a------|730585088] - J:\40 ANS TOUJOURS PUCEAU.avi
    [09/06/2007 19:55|--a------|728903680] - J:\48.Heures.avi
    [04/10/2008 07:20|--a------|735553536] - J:\10000.avi
    [31/01/2008 04:41|--a------|733091840] - J:\A Very British gangster.avi
    [08/10/2007 20:40|--a------|734072832] - J:\A.Mighty.Heart.FRENCH.DVDRiP.XviD-iD-DBZ.avi
    [22/06/2002 08:15|--a------|710969344] - J:\A_LA_RECHERCHE_DE_FORRESTER.AVI
    [16/04/2007 04:01|--a------|734347264] - J:\ALPHA DOG.avi
    [11/01/2008 00:43|--a------|733063168] - J:\American.Gangster.FRENCH.DVDRip.avi
    [09/04/2007 19:26|--a------|671348736] - J:\American.History.X.DIVX.Francais.avi
    [06/12/2006 06:38|--a------|734834688] - J:\Animal.avi
    [03/05/2007 04:21|--a------|730247168] - J:\Annapolis.avi
    [20/04/2007 01:14|--a------|680738816] - J:\Apocalypto CD1 FR.avi
    [19/04/2007 19:22|--a------|680855552] - J:\Apocalypto CD2 FR.avi
    [01/05/2005 23:43|--a------|722538496] - J:\Arnaques, Crimes Et Botanique.avi
    [13/05/2004 09:02|--a------|741724160] - J:\attrape moi si tu peux.avi
    [29/05/2007 15:40|--a------|732264448] - J:\Babel.avi
    [25/12/2008 02:05|--a------|732962816] - J:\Babylon.A.D.UNRATED.FRENCH.DVDRiP.XViD-STS.LcKtM.[emule-island.com].avi
    [04/12/2004 17:00|--a------|730550272] - J:\ballistic.avi
    [10/03/2007 16:42|--a------|733771776] - J:\Bande de sauvages.avi
    [17/09/2006 05:33|--a------|731613184] - J:\Bandidas.avi
    [07/12/2006 15:18|--a------|733982720] - J:\Beerfest.avi
    [05/03/2008 14:56|--a------|734801920] - J:\Benjamin.Gates.et.le.tresor.des.Templiers.(DVDRip-Fr-Repack-1Cd-INTERLUDE).avi
    [11/12/2006 02:19|--a------|734887936] - J:\Big Fish (Tim Burton).avi
    [16/04/2007 17:26|--a------|733042688] - J:\BIG MOVIE.avi
    [17/10/2005 17:41|--a------|734947328] - J:\Blade 3 Trinity FRENCH DVDRip (DivX 5.2.1 3-P AnA).avi
    [30/01/2007 13:13|--a------|737003686] - J:\Blood.Diamond.avi
    [12/10/2007 21:20|--a------|730527744] - J:\Bloodrayne.FRENCH.DVDRiP.XviD-TICKETS-UnitY.avi
    [20/01/2008 06:43|--a------|733921056] - J:\Borat.avi
    [09/03/2006 13:04|--a------|733777920] - J:\Born to fight.avi
    [06/07/2005 07:32|--a------|734280066] - J:\Braveheart.(Mel.Gibson).[BarnZ.DVDrip.Francais].avi
    [12/05/2005 21:56|--a------|709910528] - J:\Bridget Jones The Edge Of Reason.avi
    [25/07/2006 01:03|--a------|735234048] - J:\CAVALE SANS ISSUE.AVI
    [28/11/2006 15:21|--a------|731074560] - J:\CD1.Omar.&.Fred.SAV.Des.Emissions.avi
    [28/11/2006 22:50|--a------|733095936] - J:\CD2.Omar.&.Fred.SAV.Des.Emissions.avi
    [28/11/2006 01:56|--a------|730560512] - J:\Celibataires.avi
    [29/07/2007 02:06|--a------|728950784] - J:\cf-simpsons.avi
    [27/08/2006 02:58|--a------|733968384] - J:\Chaos.avi
    [17/01/2008 07:36|--a------|722444288] - J:\Coast Guards - [DVD-Rip].avi
    [24/06/2007 03:26|--a------|736724596] - J:\contractor_xvid_tkt.avi
    [17/09/2007 17:21|--a------|733974528] - J:\Contre Enquete French Dvdrip Xvid-Unity.avi
    [28/08/2005 17:05|--a------|730365952] - J:\DANNY THE DOG.avi
    [14/12/2006 07:43|--a------|733853696] - J:\Dans La Peau De Jacques Chirac.avi
    [24/11/2000 15:45|--a------|674289664] - J:\Deadman on campus.avi
    [20/02/2005 04:23|--a------|734038016] - J:\Dedales.avi
    [18/12/2006 11:28|--a------|740251648] - J:\Deja.Vu.avi
    [12/10/2007 20:02|--a------|733413376] - J:\Demandez.La.Permission.Aux.Enfants.FRENCH.DVDRip.XviD-NTK-UnitY.avi
    [18/03/2006 08:23|--a------|730277888] - J:\Derailed.avi
    [28/08/2005 02:15|--a------|732436274] - J:\Designe Pour Mourir.avi
    [06/08/2007 18:01|--a------|788923602] - J:\DIE HARD 4 - RETOUR EN ENFER .avi
    [14/12/2006 13:01|--a------|735064064] - J:\Dikkenek.avi
    [09/08/2008 12:08|--a------|736803926] - J:\Disco.avi
    [18/02/2006 05:36|--a------|733978492] - J:\Divx Fr Charlie Et La Chocolaterie (Dvdrip Tim Burton).avi
    [24/02/2006 18:07|--a------|734337024] - J:\Domino.FRENCH.DVDRiP.REPACK.1CD.XViD.avi
    [18/12/2001 20:25|--a------|712465408] - J:\DRAGON__HISTOIRE_DE_BRUCE_L.AVI
    [26/06/2001 18:06|--a------|733919232] - J:\DUDE_WHERE_IS_MY_CAR.AVI
    [06/10/2006 06:34|--a------|734040064] - J:\Edmond.avi
    [02/05/2006 08:52|--a------|733655040] - J:\Eight.Below.avi
    [17/12/2006 14:06|--a------|734042112] - J:\Elie.Seymoun.Se.Prend.Pour.Qui.FRENCH.DVDRip.XviD-LOST.avi
    [14/11/2007 13:29|--a------|734285824] - J:\en cloque mode d'emploi.avi
    [10/01/2008 17:46|--a------|736059392] - J:\Ensemble c'est tout.avi
    [28/12/2005 07:29|--a------|731065834] - J:\Entre Adultes Consentants - Closer.avi
    [08/01/2007 17:28|--a------|732905472] - J:\Eragon.avi
    [13/09/2006 20:51|--a------|733990912] - J:\Essaye Moi!.avi
    [24/09/2007 21:18|--a------|734756864] - J:\Evan.Almighty.RETAIL.FRENCH.DVDRiP.XviD-iD-UnitY.avi
    [12/10/2005 18:30|--a------|717654016] - J:\Fahrenheit 911.2004 Vost Fr.avi
    [06/12/2006 00:31|--a------|726138784] - J:\Fallait Pas!.avi
    [23/08/2006 20:47|--a------|732127232] - J:\Fauteuil.D.Orchestre.avi
    [23/01/2007 23:37|--a------|727707648] - J:\Feu de Glace.avi
    [22/04/2007 21:17|--a------|734683136] - J:\FILM L'effet Papillon 2 ( 2006) FRENCH.DVDRip_xvid.avi
    [27/12/2006 16:57|--a------|733184000] - J:\Franck.Dubosc.Pour.Toi.Public.2.FRENCH.DVDRip.XviD-SERiOUS.avi
    [13/06/2001 18:38|--a------|716277226] - J:\GangstaCop.avi
    [12/01/2008 12:23|--a------|864483328] - J:\Germinal.avi
    [20/11/2000 00:48|--a------|584257536] - J:\GLADIATOR_CD1.AVI
    [19/11/2000 23:53|--a------|560320512] - J:\GLADIATOR_CD2.AVI
    [18/04/2004 18:58|--a------|733364224] - J:\Gothika.DVD.RIP.FRt.avi
    [17/02/2003 20:06|--a------|731918336] - J:\Half Past Dead.avi
    [25/01/2009 21:19|--a------|735379456] - J:\HANCOCK.DVDRIP.FR.VVF.COOLI.[emule-island.com].avi
    [07/03/2007 13:55|--a------|734470144] - J:\Hannibal l'origine du mal.avi
    [10/07/2004 02:55|--a------|729860096] - J:\Hellboy XviD Fr (1).avi
    [10/07/2004 02:55|--a------|722618368] - J:\Hellboy XviD Fr (2).avi
    [22/06/2006 08:29|--a------|733011968] - J:\Hooligans 2005 French Cam Readnfo Xvid-Cinefox-Czns.avi
    [13/07/2007 20:40|--a------|721258496] - J:\Hostel.Part.II.2007.FRENCH.WORKPRiNT.XviD-CiNEFOX-PoWeR.avi
    [30/11/2003 23:16|--a------|729556992] - J:\how_high.avi
    [04/01/2001 23:41|--a------|730937344] - J:\human traffic.avi
    [02/10/2008 10:31|--a------|735203328] - J:\Indiana.Jones.and.the.Kingdom.of.the.Crystal.avi
    [27/01/2003 18:14|--a------|733304832] - J:\irreversible.avi
    [14/04/2003 04:42|--a------|728371200] - J:\Jeepers.creepers.Divx.fr.Magical.teste.www.divxovore.com.avi
    [24/08/2001 11:10|--a------|721229824] - J:\Joe Dirt.avi
    [23/03/2008 13:17|--a------|733435904] - J:\Jumper French R5 xvid (condom be).avi
    [19/08/2007 17:49|--a------|719576628] - J:\Kill Bill 2.avi
    [18/08/2007 11:09|--a------|741357568] - J:\Kill Bill Volume 1 - DVDRip Fr.avi
    [07/01/2006 09:17|--a------|733915136] - J:\King.Kong.FRENCH.TS.REPACK.1CD.XViD.www.easy-torrent.com.avi
    [18/11/2006 22:32|--a------|719781888] - J:\L ' Age de Glace 2.avi
    [18/06/2000 09:15|--a------|676745216] - J:\La 9eme Porte.avi
    [13/04/2002 16:20|--a------|635754496] - J:\La cit‚ de la peur.avi
    [04/04/2005 17:25|--a------|734312872] - J:\La Ligne Verte (S. King).avi
    [22/06/2007 19:20|--a------|720832628] - J:\La.Haine.(DVD-DivX.Francais).teste.avi
    [01/07/2005 21:09|--a------|668015616] - J:\Las Vegas Parano.avi
    [04/11/2007 21:49|--a------|734652416] - J:\last-rh3-xvid.avi
    [30/08/2005 12:58|--a------|734220288] - J:\Layer cake.avi
    [30/03/2004 08:37|--a------|734087168] - J:\Le Coeur Des Hommes.avi
    [21/11/2004 21:09|--a------|711247872] - J:\Le Dernier Recours.avi
    [20/11/2007 16:28|--a------|731889664] - J:\Le Nombre 23 UNRATED FRENCH DVDRIP XviD by vaL for Demonoid.com.avi
    [26/08/2000 10:00|--a------|596975616] - J:\LE_CREATEUR_FR.AVI
    [12/06/2006 08:08|--a------|734330880] - J:\Les Freres Grimm.avi
    [05/01/2007 02:07|--a------|690960384] - J:\LES FRERES PETARD french dvdrip.avi
    [02/11/2005 03:38|--a------|731551744] - J:\Les Goonies.avi
    [21/11/2007 17:00|--a------|732592128] - J:\Les oubliees de Juarez.avi
    [04/02/2006 10:18|--a------|733706240] - J:\Les Poupees Russes.avi
    [20/04/2006 11:03|--a------|733943808] - J:\Les Rivieres Pourpres 2.avi
    [15/07/2007 20:19|--a------|733919232] - J:\Les.Bronzes.3.Amis.Pour.La.Vie.FRENCH.DVDRip.XviD-LOST-CzNs.avi
    [17/08/2007 11:48|--a------|731674624] - J:\Little.Miss.Sunshine.FRENCH.DVDRiP.XViD-TuX.avi
    [13/03/2006 12:40|--a------|733790208] - J:\Lord.Of.War.FRENCH.DVDRip.XviD-hehehe.avi
    [22/03/2004 01:24|--a------|726581248] - J:\Lost In Translation.avi
    [18/12/2007 04:27|--a------|733114368] - J:\ludivine-bel2xvid.avi
    [05/03/2007 19:39|--a------|733943808] - J:\Ma 6T Va Craker.avi
    [03/01/2007 06:45|--a------|734580736] - J:\Madagascar.avi
    [13/12/2001 12:00|--a------|664109056] - J:\MADMAX 3.avi
    [13/02/2007 16:19|--a------|732981248] - J:\Massacre … la tron‡onneuse - le commencement 2007 Unrated French Dvdrip Xvid-Lrd-Acebot.avi
    [04/04/2003 21:39|--a------|728881152] - J:\Minority report -- cd1.avi
    [04/04/2003 21:47|--a------|733052928] - J:\Minority report -- cd2.avi
    [27/09/2006 10:06|--a------|740083626] - J:\Mission.Impossible III Divx.avi
    [19/06/2005 03:44|--a------|727130112] - J:\Mon Boss, Sa Fille Et Moi.avi
    [14/06/2008 00:00|--a------|731881472] - J:\No Country For Old Men.avi
    [24/08/2006 16:44|--a------|718399488] - J:\Over The Hedge.avi
    [14/11/1998 06:30|--a------|590630912] - J:\Oxygen.avi
    [21/07/2007 15:12|--a------|729839616] - J:\Paranoiak.avi
    [03/04/2000 21:22|--a------|491745280] - J:\Payback.avi
    [19/07/2008 22:29|--a------|726147072] - J:\Pink Floyd The Wall.avi
    [15/08/2007 17:32|--a------|735137792] - J:\Podium Film En Divx Fr Tres Bonne Qalite.avi
    [15/10/2000 16:40|--a------|407584768] - J:\Pulp Fiction - 1.avi
    [15/10/2000 18:05|--a------|418275328] - J:\Pulp Fiction - 2.avi
    [28/08/2007 04:18|--a------|731009024] - J:\Ratatouille.avi
    [31/10/2007 11:19|--a------|742122410] - J:\RESIDENT_EVIL_APOCALYPSE.AVI
    [05/04/2003 02:46|--a------|733071360] - J:\Salton.Sea.avi
    [11/10/2008 14:30|--a------|734017536] - J:\Saving.Grace.dvdrip.french.by.kykif.avi
    [28/11/2004 20:35|--a------|731252736] - J:\Scarface.avi
    [09/12/2006 05:27|--a------|726738944] - J:\Scary.Movie.4.FRENCH.avi
    [23/09/2002 21:51|--a------|733452288] - J:\Showtime DVDrip FR By DiVX & Shared By SchinZe & Biodom - co.avi
    [04/12/2006 04:07|--a------|728262656] - J:\Silent.Hill.avi
    [03/09/2004 22:03|--a------|734091264] - J:\Simone.avi
    [25/01/2009 22:29|--a------|733796352] - J:\Skate.Or.Die.FRENCH.DVDRiP.XViD-STS.[emule-island.com].avi
    [05/02/2002 02:07|--a------|584303104] - J:\sleepers.avi
    [05/03/2007 04:57|--a------|731250688] - J:\Smokin.Aces.FRENCH.DVDSCR.REPACK.1CD.XViD-STS-D3MoN.www.Emuleo.net.avi
    [19/07/2002 03:41|--a------|732266454] - J:\SNIPER.avi
    [17/03/2001 20:36|--a------|633411584] - J:\South Park VF640X254BIT1040.avi
    [27/10/2007 14:25|--a------|736364544] - J:\SpiderMan 3.avi
    [04/06/2002 16:04|--a------|727556096] - J:\Spoof_Movie.avi
    [18/10/2003 00:10|--a------|733441156] - J:\Star wars Ep2 CD1.AVI
    [18/10/2003 00:07|--a------|732258028] - J:\Star Wars Ep2 CD2.AVI
    [17/10/2005 13:50|--a------|736086016] - J:\Stealth.avi
    [18/11/2007 05:45|--a------|723507200] - J:\STEVE-O VIDEO VOL 3 OUT ON BAIL (2003).avi
    [04/05/2007 13:30|--a------|672991232] - J:\T-672991232-www.torrent.to...Jackass.Number.Two.2006.TS.MVCD.mpg
    [04/12/2003 15:15|--a------|734777344] - J:\tais toi.avi
    [12/11/2007 06:29|--a------|730103808] - J:\the descent.avi
    [25/02/2006 13:20|--a------|732106752] - J:\the man share by samlepirate.avi
    [19/01/2007 18:04|--a------|732686336] - J:\The Marine.Date de sortie 09 Mai 2007 UNRATED.FRENCH.DVDRip.XviD-LOST-AceBot.avi
    [25/08/2006 13:56|--a------|720355328] - J:\The.Break.Up.avi
    [27/03/2006 16:09|--a------|1470877696] - J:\The.Chronicles.Of.Narnia.AVI
    [14/07/2007 09:56|--a------|734074880] - J:\The.Contract.avi
    [30/08/2007 01:26|--a------|736724596] - J:\The.Contractor.avi
    [28/01/2007 00:39|--a------|733839360] - J:\The.Devils.Rejects.FRENCH.DVDRip.XviD-LOST-AceBot.avi
    [24/10/2007 14:58|--a------|735201280] - J:\THE.FOOTBALL.FACTORY.(2007).Vraie.VF.Divx6.French.DVDRip.ARLBOUFFIARD.avi
    [18/04/2007 10:39|--a------|728377344] - J:\The.Return.FRENCH.DVDRiP.XviD-THERETURN-D3MoN.avi
    [09/06/2007 09:55|--a------|733792256] - J:\The.Zodiac.2005.FRENCH.DVDRiP.XViD-STS-SaTaN.avi
    [20/10/2008 06:28|--a------|734468096] - J:\Tonnerre sous les Tropiques.avi
    [17/08/2007 00:01|--a------|733939712] - J:\Truands.FRENCH.DVDRip.XviD-CRiMETiME-AceBot.avi
    [06/03/2001 04:11|--a------|669702144] - J:\Un gars et une fille 2.avi
    [22/09/2001 01:02|--a------|681691136] - J:\Un gars une fille 1.avi
    [12/08/2004 22:45|--a------|736024576] - J:\Usual Suspect.avi
    [09/05/2001 20:15|--a------|675315712] - J:\VIRGINSUICIDE.AVI
    [19/12/2007 17:16|--a------|733923328] - J:\Wake of death-TRACKERSURFER-french-dvdrip.avi
    [08/03/2009 00:56|--a------|733497344] - J:\G.A.L.FRENCH.DVDRip.XviD-PAROXYSM.LcKtM.avi
    [07/03/2009 19:52|--a------|733724672] - J:\Taken.FRENCH.DVDRiP.XviD-ULTRASON.LcKtM.[emule-island.com].avi

    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # J:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Adobe(R) Photoshop(R) CS2\instmsia.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Adobe(R) Photoshop(R) CS2\instmsiw.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Adobe(R) Photoshop(R) CS2\setup.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Goodies\Modules externes facultatifs\Seiko Epson\PIM II Installer.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\Alienskin - Xenofex 2\xenofex2.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\Andromeda ScatterLight\Install ScatterLight.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\EyeCandy 5.0\Nature\eyecandy5nature.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\EyeCandy 5.0\Nature\keygen.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\EyeCandy 5.0\Texture\keygen.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\Natural FX - Digital Element Aurora 1.1\Setup.exe
    C:\Documents and Settings\gabrielle\Bureau\Adobe Photoshop CS2 (9.0) Fr + crack + serial\Plugg-ins Adobe photoshop cs 2\Panorama Stitcher 1.9.2\PTStitcher.exe

    ################## [ ! Fin du rapport # UsbFix V3.014 ! ]

    a c 296 8 Sécurité
    27 Avril 2009 22:53:07

  • Désinstalle UsbFix.

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Refais un scan RSIT et poste le rapport log.
    27 Avril 2009 22:54:25

    Ok je fais ça demain (travail de bonne heure demain matin)
    Merci pour ce soir en tout cas et peut être à demain
    a c 296 8 Sécurité
    27 Avril 2009 22:56:06

    Bonne nuit ;) 
    28 Avril 2009 21:49:03

    bonsoir,
    j'ai voulu reprendre la suite de la désinfection ce soir mais aprés quelques tentatives, impossible d'allumer le pc : 2 bips long puis 1 bip court. carte graphique débranché rebrancher mais toujours pareil. J'hésite à effectuer un clear cmos. Quelqu'un peut il me conseiller.
    merci
    28 Avril 2009 22:11:31

    aprés avoir insisté un peu, l'ordinateur redémarre voici donc le rapport log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by gabrielle at 2009-04-28 22:09:10
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 159 GB (52%) free of 305 GB
    Total RAM: 1022 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:09:14, on 28/04/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\gabrielle\Bureau\RSIT.exe
    C:\Program Files\trend micro\gabrielle.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454160 14
    O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/telechargement-ph...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6761 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
    MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2009-03-19 1883672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-27 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-27 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
    {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP1.dll [2009-03-19 1883672]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-07-20 7581696]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-27 148888]
    "SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-12-27 73840]
    "DC6V_Check"=C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "fsc-reminder.exe"=C:\WINDOWS\reminder\fsc-reminder.exe 2454160 14 []
    "MsnMsgr"=~C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
    c:\Musicbrigade\Musicbrigade.exe [2005-12-22 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-12-27 73840]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\Winampa.exe [2007-12-20 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "NoDrives"=0
    "NoViewContextMenu"=0
    "NoWinKeys"=0
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoLogOff"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\Te"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\T"
    "C:\WINDOWS\system32\qwerty12.exe"="C:\WINDOWS\system32\qwe"
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe"="C:\DOCUME~1\GABRIE~1\LOCALS~1\T"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:o rb"
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:o rbTray"
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:o rb Stream Client"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-04-27 22:41:56 ----RASHD---- C:\autorun.inf
    2009-04-27 22:40:44 ----A---- C:\UsbFix.txt
    2009-04-27 21:53:48 ----D---- C:\Documents and Settings\gabrielle\Application Data\Malwarebytes
    2009-04-27 21:53:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-27 21:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-04-27 21:35:35 ----D---- C:\WINDOWS\pss
    2009-04-27 21:34:53 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-04-27 21:34:53 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-04-27 21:34:53 ----A---- C:\WINDOWS\system32\java.exe
    2009-04-27 21:34:53 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-04-27 21:29:19 ----D---- C:\rsit
    2009-04-27 21:29:19 ----D---- C:\Program Files\trend micro
    2009-04-25 18:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-04-25 18:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-04-25 18:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-04-25 18:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-04-25 18:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-04-25 17:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-04-01 20:41:54 ----D---- C:\Documents and Settings\gabrielle\Application Data\Zylom
    2009-04-01 20:41:47 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
    2009-04-01 20:41:27 ----D---- C:\Program Files\Zylom Games

    ======List of files/folders modified in the last 1 months======

    2009-04-28 22:08:48 ----D---- C:\WINDOWS\Temp
    2009-04-28 22:08:48 ----D---- C:\WINDOWS\Prefetch
    2009-04-28 22:07:54 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-28 22:07:42 ----D---- C:\WINDOWS\system32\ias
    2009-04-28 22:07:41 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt
    2009-04-28 22:07:40 ----D---- C:\WINDOWS\Registration
    2009-04-28 22:07:33 ----D---- C:\WINDOWS
    2009-04-27 22:54:40 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-27 22:01:36 ----D---- C:\WINDOWS\system32\drivers
    2009-04-27 22:01:36 ----AD---- C:\WINDOWS\system32
    2009-04-27 21:53:43 ----RD---- C:\Program Files
    2009-04-27 21:36:55 ----RASH---- C:\boot.ini
    2009-04-27 21:36:55 ----A---- C:\WINDOWS\win.ini
    2009-04-27 21:36:55 ----A---- C:\WINDOWS\system.ini
    2009-04-27 21:35:09 ----SHD---- C:\WINDOWS\Installer
    2009-04-27 21:34:33 ----D---- C:\Program Files\Java
    2009-04-27 21:13:08 ----HD---- C:\WINDOWS\inf
    2009-04-27 21:13:06 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-27 20:49:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-04-27 20:45:19 ----D---- C:\WINDOWS\system32\wbem
    2009-04-27 20:45:18 ----D---- C:\WINDOWS\AppPatch
    2009-04-25 18:03:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-04-25 18:03:24 ----A---- C:\WINDOWS\imsins.BAK
    2009-04-25 18:03:09 ----D---- C:\WINDOWS\system32\fr-fr
    2009-04-25 18:03:09 ----D---- C:\Program Files\Internet Explorer
    2009-04-25 18:01:01 ----HD---- C:\WINDOWS\$hf_mig$
    2009-04-25 18:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-03-30 20:40:05 ----D---- C:\Program Files\eMule
    2009-03-29 14:42:23 ----A---- C:\WINDOWS\NeroDigital.ini

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 PD100VID;Video Blaster WebCam 5 (WDM); C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 374200]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-06-29 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-27 152984]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-07-20 143426]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-11-11 69120]
    S3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------
    a c 296 8 Sécurité
    28 Avril 2009 22:26:50

    Antivir 9 version gratuite vient de sortir en français : Lien

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Program Files\Fichiers communs\SystemDoctor
    C:\WINDOWS\system32\qwerty12.exe
    C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe
    C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe
    C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=-
    "NvMediaCenter"=-
    "DC6V_Check"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "fsc-reminder.exe"=-
    "MsnMsgr"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe"=-
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe"=-
    "C:\WINDOWS\system32\qwerty12.exe"=-
    "C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe"=-

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    28 Avril 2009 22:54:12

    ok, peut être le dernier post pour ce soir si la prochaine étape nécessite un redémarrage, je vais vraisemblablement devoir changer de carte vidéo. enfin pour le moment voici le rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\Program Files\Fichiers communs\SystemDoctor not found.
    File/Folder C:\WINDOWS\system32\qwerty12.exe not found.
    File/Folder C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe not found.
    File/Folder C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe not found.
    File/Folder C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DC6V_Check deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsc-reminder.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsnMsgr deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp308.tmp.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp3.tmp.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\qwerty12.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\tmp2.tmp.exe deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\etilqs_CwvDlZtxfP5lTm469y0g scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1f0.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04282009_224058

    Files moved on Reboot...
    File C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\etilqs_CwvDlZtxfP5lTm469y0g not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_1f0.dat not found!
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\gabrielle\Local Settings\Application Data\Mozilla\Firefox\Profiles\e0mizbch.default\XUL.mfl moved successfully.
    a c 296 8 Sécurité
    28 Avril 2009 22:57:31

  • Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
  • Dans Antivir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
  • Fais un scan complet et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS