Se connecter / S'enregistrer
Votre question

Pc bizarre...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mars 2009 23:50:11

Bonsoir voila depuis quelques temps mon pc a des lenteurs et mon fond d'écran a disparu (et reste noir), j'ai également des processus suspects qui se créent à la vitesse de la lumière, j'aimerais nettoyer tout ça svp merci :) 

Voici mon scan :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:42, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\onmdxeoj.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Inv\Mes documents\HiJackThis.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [8632] C:\onmdxeoj.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: FCF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5437 bytes

Autres pages sur : bizarre

a c 295 8 Sécurité
a b 9 Windows
25 Mars 2009 00:24:45

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    25 Mars 2009 08:58:20

    Bonjour et Merci :) 

    Voici le log.txt :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Inv at 2009-03-25 08:55:08
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 143 GB (77%) free of 185 GB
    Total RAM: 1023 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:55:55, on 25/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\onmdxeoj.exe
    C:\Documents and Settings\Inv\Mes documents\RSIT.exe
    C:\Documents and Settings\Inv\Mes documents\Inv.exe
    c:\lsass.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [17369] C:\onmdxeoj.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: FCF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

    --
    End of file - 5523 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-14 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-14 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-14 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "30951"=C:\onmdxeoj.exe [2009-03-25 20992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
    C:\Documents and Settings\Inv\Application Data\Adobe\Manager.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

    C:\Documents and Settings\Inv\Menu Démarrer\Programmes\Démarrage
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoFolderOptions"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
    "C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    ======File associations======

    .reg - open - "regedit.exe" "%1"

    ======List of files/folders created in the last 1 months======

    2009-03-25 08:55:08 ----D---- C:\rsit
    2009-03-24 23:35:55 ----A---- C:\lsass.exe
    2009-03-24 23:35:54 ----A---- C:\onmdxeoj.exe
    2009-03-24 23:35:53 ----A---- C:\WINDOWS\system32\reader_s.exe
    2009-03-21 23:27:30 ----D---- C:\WINDOWS\Sun
    2009-03-20 12:19:41 ----A---- C:\WINDOWS\BlendSettings.ini
    2009-03-19 13:26:12 ----D---- C:\Program Files\Common Files
    2009-03-19 11:35:57 ----D---- C:\Program Files\gPotato.eu
    2009-03-19 11:17:42 ----D---- C:\Program Files\Bethesda Softworks
    2009-03-19 11:16:34 ----D---- C:\WINDOWS\system32\xlive
    2009-03-19 11:15:07 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
    2009-03-19 11:14:50 ----D---- C:\Documents and Settings\Inv\Application Data\DAEMON Tools Pro
    2009-03-19 11:14:50 ----D---- C:\Documents and Settings\Inv\Application Data\DAEMON Tools
    2009-03-19 11:14:03 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    2009-03-19 11:13:59 ----D---- C:\Program Files\DAEMON Tools Lite
    2009-03-19 11:01:09 ----D---- C:\Documents and Settings\Inv\Application Data\DAEMON Tools Lite
    2009-03-19 09:09:27 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
    2009-03-19 09:09:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
    2009-03-19 09:09:27 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
    2009-03-19 09:09:26 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
    2009-03-19 09:09:26 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
    2009-03-19 09:09:26 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
    2009-03-19 09:09:26 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
    2009-03-19 09:09:25 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
    2009-03-19 09:09:25 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
    2009-03-19 09:09:25 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
    2009-03-19 09:09:25 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
    2009-03-19 09:09:25 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
    2009-03-19 09:09:24 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2009-03-19 09:09:24 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2009-03-19 09:09:24 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
    2009-03-19 09:09:23 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2009-03-19 09:09:23 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2009-03-19 09:09:23 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2009-03-19 09:09:23 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2009-03-19 09:09:23 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2009-03-19 09:09:22 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2009-03-19 09:09:22 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2009-03-19 09:09:21 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2009-03-19 09:09:21 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-03-19 09:09:21 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-03-19 09:09:21 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-03-19 09:09:20 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
    2009-03-19 09:09:20 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
    2009-03-19 09:09:20 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
    2009-03-19 09:09:19 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
    2009-03-19 09:09:19 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
    2009-03-19 09:09:19 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
    2009-03-19 09:09:19 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
    2009-03-19 09:09:18 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
    2009-03-19 09:09:18 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
    2009-03-19 09:09:18 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
    2009-03-19 09:09:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2009-03-19 09:09:17 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
    2009-03-19 09:09:17 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
    2009-03-19 09:09:17 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
    2009-03-19 09:09:16 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
    2009-03-19 09:09:16 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
    2009-03-19 09:09:16 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
    2009-03-19 09:09:07 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
    2009-03-19 09:09:07 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
    2009-03-19 09:09:07 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\xinput1_2.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
    2009-03-19 09:09:06 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
    2009-03-19 09:09:05 ----A---- C:\WINDOWS\system32\xinput1_1.dll
    2009-03-19 09:09:05 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
    2009-03-19 09:09:05 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
    2009-03-19 09:08:59 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
    2009-03-19 09:08:59 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
    2009-03-19 09:08:58 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
    2009-03-19 09:08:58 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
    2009-03-19 09:08:57 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
    2009-03-19 09:08:57 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
    2009-03-19 09:08:56 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
    2009-03-19 09:08:56 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
    2009-03-19 09:08:41 ----D---- C:\WINDOWS\Logs
    2009-03-19 09:06:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-03-17 16:49:05 ----D---- C:\Documents and Settings\Inv\Application Data\Samsung
    2009-03-17 16:31:12 ----A---- C:\WINDOWS\system32\framedyn.dll
    2009-03-17 16:31:09 ----A---- C:\WINDOWS\system32\msvcr71.dll
    2009-03-17 16:30:44 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
    2009-03-17 16:30:22 ----D---- C:\Program Files\Samsung
    2009-03-17 15:47:31 ----D---- C:\Program Files\Audacity
    2009-03-16 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
    2009-03-16 03:00:34 ----D---- C:\Program Files\MSXML 4.0
    2009-03-15 23:39:25 ----D---- C:\Program Files\SFR
    2009-03-15 16:20:54 ----D---- C:\Program Files\Fichiers communs\Hewlett-Packard
    2009-03-15 16:09:47 ----D---- C:\Program Files\HP
    2009-03-15 16:09:45 ----HD---- C:\Config.Msi
    2009-03-15 16:09:13 ----D---- C:\temp
    2009-03-15 12:41:35 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2009-03-15 12:41:35 ----A---- C:\WINDOWS\system32\mucltui.dll
    2009-03-15 09:09:24 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-03-15 09:01:19 ----D---- C:\Documents and Settings\Inv\Application Data\Ahead
    2009-03-15 09:00:57 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
    2009-03-15 08:59:20 ----D---- C:\Program Files\Nero
    2009-03-15 08:59:20 ----D---- C:\Program Files\Fichiers communs\Ahead
    2009-03-15 08:59:20 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
    2009-03-15 08:58:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
    2009-03-15 08:58:48 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
    2009-03-15 08:48:11 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
    2009-03-15 08:48:07 ----D---- C:\Documents and Settings\Inv\Application Data\Azureus
    2009-03-15 08:43:50 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-15 08:41:53 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
    2009-03-15 08:41:48 ----D---- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2009-03-15 08:40:56 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-15 08:40:23 ----D---- C:\Program Files\Adobe
    2009-03-15 00:51:23 ----D---- C:\Documents and Settings\Inv\Application Data\Thunderbird
    2009-03-15 00:51:13 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-03-14 23:52:44 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2009-03-14 19:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-14 19:57:31 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2009-03-14 19:57:30 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2009-03-14 19:52:19 ----D---- C:\WINDOWS\system32\XPSViewer
    2009-03-14 19:52:16 ----D---- C:\Program Files\MSBuild
    2009-03-14 19:52:14 ----D---- C:\WINDOWS\system32\en-US
    2009-03-14 19:52:10 ----D---- C:\Program Files\Reference Assemblies
    2009-03-14 19:51:47 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2009-03-14 19:51:47 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2009-03-14 19:51:47 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2009-03-14 19:51:47 ----D---- C:\e651012c6c3a06737048a8820569d0
    2009-03-14 19:50:01 ----D---- C:\Documents and Settings\Inv\Application Data\dvdcss
    2009-03-14 19:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-03-14 19:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2009-03-14 19:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
    2009-03-14 19:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
    2009-03-14 19:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
    2009-03-14 19:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-03-14 19:47:03 ----D---- C:\WINDOWS\ie7updates
    2009-03-14 19:46:37 ----D---- C:\WINDOWS\WBEM
    2009-03-14 19:45:34 ----HDC---- C:\WINDOWS\ie7
    2009-03-14 19:45:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2009-03-14 19:45:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2009-03-14 19:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2009-03-14 19:19:43 ----A---- C:\WINDOWS\ODBC.INI
    2009-03-14 19:18:57 ----D---- C:\Program Files\Fichiers communs\Designer
    2009-03-14 19:18:25 ----D---- C:\WINDOWS\ShellNew
    2009-03-14 19:18:23 ----D---- C:\Program Files\Microsoft Office
    2009-03-14 19:06:08 ----A---- C:\WINDOWS\BricoPackUninst.cmd
    2009-03-14 19:04:52 ----A---- C:\WINDOWS\BricoPackUninst.txt
    2009-03-14 19:04:52 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
    2009-03-14 19:04:27 ----D---- C:\WINDOWS\BricoPacks
    2009-03-14 19:02:55 ----D---- C:\Program Files\CCleaner
    2009-03-14 18:56:36 ----D---- C:\WINDOWS\pss
    2009-03-14 18:54:14 ----D---- C:\Program Files\Azureus
    2009-03-14 18:49:37 ----N---- C:\WINDOWS\system32\spmsg.dll
    2009-03-14 18:49:23 ----D---- C:\Documents and Settings\Inv\Application Data\vlc
    2009-03-14 18:49:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
    2009-03-14 18:49:07 ----D---- C:\Program Files\Windows Media Connect 2
    2009-03-14 18:48:49 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
    2009-03-14 18:48:32 ----D---- C:\a329a238bf370562155ed998
    2009-03-14 18:48:11 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
    2009-03-14 18:47:58 ----D---- C:\81249e4236f0a777629f
    2009-03-14 18:47:53 ----D---- C:\WINDOWS\system32\LogFiles
    2009-03-14 18:47:42 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
    2009-03-14 18:45:31 ----D---- C:\Program Files\VideoLAN
    2009-03-14 18:32:18 ----A---- C:\WINDOWS\system32\zipfldr.dll.nouninst
    2009-03-14 18:32:18 ----A---- C:\WINDOWS\system32\wuauclt1.exe.nouninst
    2009-03-14 18:32:18 ----A---- C:\WINDOWS\system32\wuauclt.exe.nouninst
    2009-03-14 18:32:18 ----A---- C:\WINDOWS\system32\wmploc.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\winsrv.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\winntbbu.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\WININET.DLL.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\wiaacmgr.exe.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\webcheck.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\uxtheme.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\URLMON.DLL.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\url.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\themeui.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\taskmgr.exe.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\syssetup.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\sysocmgr.exe.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\stobject.dll.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\sndvol32.exe.nouninst
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nswDC.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nswD9.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nsrDB.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nsmDE.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nsmD8.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nshDD.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nsgD7.tmp
    2009-03-14 18:32:17 ----A---- C:\WINDOWS\system32\nscDA.tmp
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\sndrec32.exe.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\SHLWAPI.DLL.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\shimgvw.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\shell32.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\SHDOCVW.DLL.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\shdoclc.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\rasdlg.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\printui.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\occache.dll.nouninst
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\nspD6.tmp
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\nspD5.tmp
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\nspD3.tmp
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\nskD4.tmp
    2009-03-14 18:32:16 ----A---- C:\WINDOWS\system32\nskD2.tmp
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\ntshrui.dll.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\nseD1.tmp
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\nseD0.tmp
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\notepad.exe.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\newdev.dll.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\netshell.dll.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\netid.dll.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\mydocs.dll.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\system32\mspaint.exe.nouninst
    2009-03-14 18:32:15 ----A---- C:\WINDOWS\notepad.exe.nouninst
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\nsnCF.tmp
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\MSHTML.DLL.nouninst
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\msgina.dll.nouninst
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\moricons.dll.nouninst
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\logonui.exe.nouninst
    2009-03-14 18:32:14 ----A---- C:\WINDOWS\system32\keymgr.dll.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\nsfCD.tmp
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\inetcplc.dll.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\fontext.dll.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\credui.dll.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\console.dll.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\cmd.exe.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\system32\cleanmgr.exe.nouninst
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\nsvCE.tmp
    2009-03-14 18:32:13 ----A---- C:\WINDOWS\explorer.exe.nouninst
    2009-03-14 18:32:12 ----A---- C:\WINDOWS\system32\nsuCC.tmp
    2009-03-14 18:32:12 ----A---- C:\WINDOWS\system32\calc.exe.nouninst
    2009-03-14 18:32:12 ----A---- C:\WINDOWS\system32\BROWSEUI.DLL.nouninst
    2009-03-14 18:31:39 ----A---- C:\WINDOWS\system32\nsnB8.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nsxB4.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nsrB5.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nshB2.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nsgB0.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nscB6.tmp
    2009-03-14 18:31:38 ----A---- C:\WINDOWS\system32\nscB3.tmp
    2009-03-14 18:31:37 ----A---- C:\WINDOWS\system32\nsfAB.tmp
    2009-03-14 18:31:37 ----A---- C:\WINDOWS\system32\nsaAE.tmp
    2009-03-14 18:31:36 ----A---- C:\WINDOWS\system32\nsiA5.tmp
    2009-03-14 18:31:35 ----A---- C:\WINDOWS\system32\nswA0.tmp
    2009-03-14 18:31:35 ----A---- C:\WINDOWS\system32\nssA3.tmp
    2009-03-14 18:31:35 ----A---- C:\WINDOWS\system32\nssA2.tmp
    2009-03-14 18:31:35 ----A---- C:\WINDOWS\system32\nsrA1.tmp
    2009-03-14 18:31:35 ----A---- C:\WINDOWS\system32\nsb9F.tmp
    2009-03-14 18:31:34 ----A---- C:\WINDOWS\system32\nsq9C.tmp
    2009-03-14 18:31:34 ----A---- C:\WINDOWS\system32\nsq9B.tmp
    2009-03-14 18:31:33 ----A---- C:\WINDOWS\system32\nsz99.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nsy91.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nsx90.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nsx8C.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nss8E.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nsn93.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\system32\nsi92.tmp
    2009-03-14 18:31:29 ----A---- C:\WINDOWS\nss8D.tmp
    2009-03-14 18:31:27 ----A---- C:\WINDOWS\system32\nsl8A.tmp
    2009-03-14 18:31:27 ----A---- C:\WINDOWS\system32\nsf89.tmp
    2009-03-14 18:31:27 ----A---- C:\WINDOWS\system32\nsf88.tmp
    2009-03-14 18:31:27 ----A---- C:\WINDOWS\system32\nsf87.tmp
    2009-03-14 18:31:27 ----A---- C:\WINDOWS\system32\nse86.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nsy80.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nsx7F.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nsx7E.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nst82.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nss81.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nse84.tmp
    2009-03-14 18:31:26 ----A---- C:\WINDOWS\system32\nsd83.tmp
    2009-03-14 18:31:25 ----A---- C:\WINDOWS\system32\nsr7D.tmp
    2009-03-14 18:31:25 ----A---- C:\WINDOWS\system32\nsb7C.tmp
    2009-03-14 18:31:24 ----A---- C:\WINDOWS\system32\nsu76.tmp
    2009-03-14 18:31:24 ----A---- C:\WINDOWS\system32\nsq7B.tmp
    2009-03-14 18:31:24 ----A---- C:\WINDOWS\system32\nsq78.tmp
    2009-03-14 18:31:24 ----A---- C:\WINDOWS\system32\nsp75.tmp
    2009-03-14 18:31:24 ----A---- C:\WINDOWS\system32\nsa7A.tmp
    2009-03-14 18:31:23 ----A---- C:\WINDOWS\system32\nsu74.tmp
    2009-03-14 18:31:23 ----A---- C:\WINDOWS\system32\nst70.tmp
    2009-03-14 18:31:23 ----A---- C:\WINDOWS\system32\nsj73.tmp
    2009-03-14 18:31:23 ----A---- C:\WINDOWS\system32\nsj71.tmp
    2009-03-14 18:30:35 ----D---- C:\WINDOWS\Packs
    2009-03-14 18:30:35 ----A---- C:\WINDOWS\PackUninst.txt
    2009-03-14 18:23:54 ----D---- C:\Documents and Settings\Inv\Application Data\ATI
    2009-03-14 18:23:54 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
    2009-03-14 18:18:26 ----N---- C:\WINDOWS\system32\ati2sgag.exe
    2009-03-14 18:18:04 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-14 18:18:04 ----D---- C:\Program Files\ATI Technologies
    2009-03-14 18:17:45 ----D---- C:\Program Files\Fichiers communs\InstallShield
    2009-03-14 18:17:27 ----D---- C:\ATI
    2009-03-14 18:16:59 ----D---- C:\Program Files\ASIO4ALL v2
    2009-03-14 18:16:50 ----D---- C:\Program Files\VstPlugins
    2009-03-14 18:16:50 ----A---- C:\WINDOWS\system32\rewire.dll
    2009-03-14 18:16:03 ----D---- C:\Program Files\Outsim
    2009-03-14 18:14:26 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2009-03-14 18:14:26 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
    2009-03-14 18:14:25 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
    2009-03-14 18:14:25 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
    2009-03-14 18:14:12 ----D---- C:\Program Files\Image-Line
    2009-03-14 18:10:43 ----D---- C:\Documents and Settings\Inv\Application Data\Macromedia
    2009-03-14 18:10:43 ----D---- C:\Documents and Settings\Inv\Application Data\Adobe
    2009-03-14 18:06:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-14 18:06:32 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-14 18:04:13 ----D---- C:\Documents and Settings\Inv\Application Data\WinRAR
    2009-03-14 18:03:56 ----D---- C:\Program Files\WinRAR
    2009-03-14 17:48:43 ----D---- C:\Documents and Settings\Inv\Application Data\Mozilla
    2009-03-14 17:47:40 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-14 17:46:23 ----D---- C:\Program Files\Messenger Plus! Live
    2009-03-14 17:45:37 ----D---- C:\Program Files\Microsoft Silverlight
    2009-03-14 17:43:07 ----D---- C:\Program Files\Microsoft
    2009-03-14 17:42:52 ----D---- C:\Program Files\Windows Live SkyDrive
    2009-03-14 17:42:30 ----D---- C:\Program Files\Windows Live
    2009-03-14 17:37:36 ----D---- C:\Program Files\Fichiers communs\Windows Live
    2009-03-14 17:35:41 ----D---- C:\WINDOWS\Prefetch
    2009-03-14 17:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-03-14 17:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2009-03-14 17:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-14 17:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-14 17:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-03-14 17:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-03-14 17:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2009-03-14 17:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-03-14 17:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-03-14 17:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-03-14 17:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-03-14 17:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-03-14 17:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-03-14 17:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-03-14 17:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-03-14 17:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-03-14 17:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-03-14 17:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-03-14 17:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-03-14 17:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-03-14 17:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-03-14 17:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-03-14 17:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-03-14 17:29:10 ----D---- C:\WINDOWS\system32\fr-fr
    2009-03-14 17:29:09 ----D---- C:\WINDOWS\system32\fr
    2009-03-14 17:29:09 ----D---- C:\WINDOWS\system32\bits
    2009-03-14 17:29:09 ----D---- C:\WINDOWS\l2schemas
    2009-03-14 17:27:33 ----D---- C:\WINDOWS\ServicePackFiles
    2009-03-14 17:25:45 ----A---- C:\WINDOWS\system32\h323log.txt
    2009-03-14 17:25:41 ----D---- C:\WINDOWS\network diagnostic
    2009-03-14 17:24:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-03-14 17:23:48 ----A---- C:\WINDOWS\system32\ksuser.dll
    2009-03-14 17:22:19 ----A---- C:\WINDOWS\system32\usbui.dll
    2009-03-14 17:21:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-03-14 17:21:38 ----D---- C:\WINDOWS\EHome
    2009-03-14 17:21:13 ----SHD---- C:\WINDOWS\Installer
    2009-03-14 17:21:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-14 17:21:12 ----D---- C:\Program Files\Fichiers communs\ODBC
    2009-03-14 17:21:12 ----A---- C:\WINDOWS\ODBCINST.INI
    2009-03-14 17:21:09 ----RD---- C:\Program Files
    2009-03-14 17:21:09 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
    2009-03-14 17:21:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-03-14 17:21:09 ----D---- C:\Program Files\Fichiers communs
    2009-03-14 17:21:06 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
    2009-03-14 17:21:06 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
    2009-03-14 17:21:06 ----RA---- C:\WINDOWS\system32\kbdazel.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdycc.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbduzb.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdur.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdtat.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdru1.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdru.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdmon.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdbu.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdblr.dll
    2009-03-14 17:21:04 ----RA---- C:\WINDOWS\system32\kbdaze.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhept.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdhe.dll
    2009-03-14 17:21:02 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
    2009-03-14 17:21:01 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
    2009-03-14 17:21:01 ----RA---- C:\WINDOWS\system32\kbdlv.dll
    2009-03-14 17:21:01 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
    2009-03-14 17:21:01 ----RA---- C:\WINDOWS\system32\kbdlt.dll
    2009-03-14 17:21:01 ----RA---- C:\WINDOWS\system32\kbdest.dll
    2009-03-14 17:21:00 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
    2009-03-14 17:20:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
    2009-03-14 17:20:57 ----A---- C:\WINDOWS\system32\spxcoins.dll
    2009-03-14 17:20:57 ----A---- C:\WINDOWS\system32\irclass.dll
    2009-03-14 17:20:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
    2009-03-14 17:20:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
    2009-03-14 17:20:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
    2009-03-14 17:20:55 ----N---- C:\WINDOWS\system32\CONFIG.TMP
    2009-03-14 17:20:55 ----A---- C:\WINDOWS\TASKMAN.EXE
    2009-03-14 17:20:54 ----A---- C:\WINDOWS\system32\batt.dll
    2009-03-14 17:20:54 ----A---- C:\WINDOWS\notepad.exe
    2009-03-14 17:20:53 ----A---- C:\WINDOWS\system32\storprop.dll
    2009-03-14 17:20:45 ----RA---- C:\WINDOWS\SET29.tmp
    2009-03-14 17:20:45 ----RA---- C:\WINDOWS\SET28.tmp
    2009-03-14 17:20:45 ----RA---- C:\WINDOWS\SET27.tmp
    2009-03-14 17:20:45 ----RA---- C:\WINDOWS\SET26.tmp
    2009-03-14 17:20:45 ----RA---- C:\WINDOWS\SET25.tmp
    2009-03-14 17:20:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
    2009-03-14 17:20:42 ----RA---- C:\WINDOWS\SET8.tmp
    2009-03-14 17:20:40 ----RA---- C:\WINDOWS\SET4.tmp
    2009-03-14 17:20:38 ----RA---- C:\WINDOWS\SET3.tmp
    2009-03-14 17:20:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-14 17:20:33 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-14 17:20:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-03-14 17:20:06 ----SHD---- C:\System Volume Information
    2009-03-14 17:20:06 ----D---- C:\Documents and Settings
    2009-03-14 17:17:31 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    2009-03-14 17:14:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-14 17:14:13 ----RSD---- C:\WINDOWS\Fonts
    2009-03-14 17:14:13 ----RD---- C:\WINDOWS\Web
    2009-03-14 17:14:13 ----HD---- C:\WINDOWS\inf
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\WinSxS
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\twain_32
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Temp
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\wins
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\wbem
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\usmt
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\spool
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\ShellExt
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\Setup
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\ras
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\oobe
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\npp
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\mui
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\inetsrv
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\IME
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\icsxml
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\ias
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\export
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\drivers
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\dhcp
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\config
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\3com_dmi
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\3076
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\2052
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1054
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1042
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1041
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1037
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1036
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1033
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1031
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1028
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32\1025
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system32
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\system
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\security
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Resources
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\repair
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Provisioning
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\PeerNet
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\pchealth
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\OEM
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\mui
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\msapps
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\msagent
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Media
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\java
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\ime
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Help
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Driver Cache
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Debug
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Cursors
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Connection Wizard
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\Config
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\AppPatch
    2009-03-14 17:14:13 ----D---- C:\WINDOWS\addins
    2009-03-14 17:14:13 ----D---- C:\WINDOWS
    2009-03-14 16:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
    2009-03-14 16:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
    2009-03-14 16:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
    2009-03-14 16:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
    2009-03-14 16:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2009-03-14 16:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
    2009-03-14 16:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
    2009-03-14 16:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
    2009-03-14 16:52:58 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-03-14 16:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
    2009-03-14 16:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
    2009-03-14 16:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$
    2009-03-14 16:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
    2009-03-14 16:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2009-03-14 16:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
    2009-03-14 16:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
    2009-03-14 16:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
    2009-03-14 16:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
    2009-03-14 16:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
    2009-03-14 16:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
    2009-03-14 16:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2009-03-14 16:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
    2009-03-14 16:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
    2009-03-14 16:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
    2009-03-14 16:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
    2009-03-14 16:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
    2009-03-14 16:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
    2009-03-14 16:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
    2009-03-14 16:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
    2009-03-14 16:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-03-14 16:43:50 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-14 16:43:28 ----A---- C:\WINDOWS\system32\wpa.bak
    2009-03-14 16:41:17 ----D---- C:\WINDOWS\system32\PreInstall
    2009-03-14 16:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
    2009-03-14 16:41:09 ----D---- C:\Documents and Settings\Inv\Application Data\Sun
    2009-03-14 16:39:34 ----SHD---- C:\RECYCLER
    2009-03-14 16:39:19 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-03-14 16:39:18 ----D---- C:\Documents and Settings\Inv\Application Data\Identities
    2009-03-14 16:39:16 ----HD---- C:\Program Files\Uninstall Information
    2009-03-14 16:39:10 ----SD---- C:\Documents and Settings\Inv\Application Data\Microsoft
    2009-03-14 16:39:10 ----ASH---- C:\Documents and Settings\Inv\Application Data\desktop.ini
    2009-03-14 16:38:21 ----D---- C:\WINDOWS\system32\SoftwareDistribution
    2009-03-14 16:37:19 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-03-14 16:37:06 ----SD---- C:\WINDOWS\system32\Microsoft
    2009-03-14 16:37:06 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-03-14 16:34:19 ----D---- C:\WINDOWS\system32\xircom
    2009-03-14 16:34:19 ----D---- C:\Program Files\xerox
    2009-03-14 16:34:19 ----D---- C:\Program Files\microsoft frontpage
    2009-03-14 16:34:08 ----A---- C:\WINDOWS\system32\OEMINFO.INI
    2009-03-14 16:34:00 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-14 16:34:00 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-14 16:34:00 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-14 16:33:44 ----D---- C:\Program Files\Java
    2009-03-14 16:33:43 ----D---- C:\Program Files\Fichiers communs\Java
    2009-03-14 16:32:49 ----RSD---- C:\WINDOWS\assembly
    2009-03-14 16:32:49 ----D---- C:\WINDOWS\system32\URTTemp
    2009-03-14 16:32:49 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-14 16:31:53 ----D---- C:\WINDOWS\fsc
    2009-03-14 16:31:42 ----D---- C:\AddOn
    2009-03-14 16:31:16 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-14 16:31:10 ----A---- C:\WINDOWS\system32\spupdsvc.exe
    2009-03-14 16:31:01 ----A---- C:\WINDOWS\control.ini
    2009-03-14 16:31:01 ----A---- C:\AUTOEXEC.BAT
    2009-03-14 16:30:48 ----A---- C:\WINDOWS\system32\mapi32.dll
    2009-03-14 16:29:53 ----RD---- C:\WINDOWS\Offline Web Pages
    2009-03-14 16:29:52 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-03-14 16:29:52 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
    2009-03-14 16:29:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
    2009-03-14 16:29:43 ----HD---- C:\Program Files\WindowsUpdate
    2009-03-14 16:29:39 ----D---- C:\Program Files\Services en ligne
    2009-03-14 16:29:26 ----D---- C:\WINDOWS\system32\DirectX
    2009-03-14 16:29:10 ----A---- C:\WINDOWS\system32\atrace.dll
    2009-03-14 16:29:08 ----A---- C:\WINDOWS\system32\desktop.ini
    2009-03-14 16:29:08 ----A---- C:\WINDOWS\desktop.ini
    2009-03-14 16:29:02 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
    2009-03-14 16:29:01 ----D---- C:\Program Files\Fichiers communs\Services
    2009-03-14 16:29:01 ----A---- C:\WINDOWS\system32\acctres.dll
    2009-03-14 16:28:59 ----SD---- C:\WINDOWS\Tasks
    2009-03-14 16:28:59 ----A---- C:\WINDOWS\system32\icfgnt5.dll
    2009-03-14 16:28:58 ----D---- C:\Program Files\Fichiers communs\MSSoap
    2009-03-14 16:28:55 ----D---- C:\WINDOWS\srchasst
    2009-03-14 16:28:54 ----D---- C:\WINDOWS\system32\Macromed
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wuweb.dll
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wups.dll
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wucltui.dll
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wuauserv.dll
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wuaueng1.dll
    2009-03-14 16:28:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\wuauclt1.exe
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\wuapi.dll
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\qmgr.dll
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\bitsprx3.dll
    2009-03-14 16:28:51 ----A---- C:\WINDOWS\system32\bitsprx2.dll
    2009-03-14 16:28:48 ----D---- C:\Program Files\Movie Maker
    2009-03-14 16:28:45 ----A---- C:\WINDOWS\system32\safrslv.dll
    2009-03-14 16:28:45 ----A---- C:\WINDOWS\system32\safrdm.dll
    2009-03-14 16:28:45 ----A---- C:\WINDOWS\system32\safrcdlg.dll
    2009-03-14 16:28:45 ----A---- C:\WINDOWS\system32\racpldlg.dll
    2009-03-14 16:28:42 ----D---- C:\WINDOWS\system32\Restore
    2009-03-14 16:28:42 ----A---- C:\WINDOWS\system32\srsvc.dll
    2009-03-14 16:28:42 ----A---- C:\WINDOWS\system32\srrstr.dll
    2009-03-14 16:28:42 ----A---- C:\WINDOWS\system32\srclient.dll
    2009-03-14 16:28:42 ----A---- C:\WINDOWS\system32\fltmc.exe
    2009-03-14 16:28:42 ----A---- C:\WINDOWS\system32\fltlib.dll
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\nmmkcert.dll
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\msconf.dll
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\mnmdd.dll
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\isrdbg32.dll
    2009-03-14 16:28:41 ----A---- C:\WINDOWS\system32\ils.dll
    2009-03-14 16:28:39 ----D---- C:\Program Files\NetMeeting
    2009-03-14 16:28:39 ----A---- C:\WINDOWS\system32\msoert2.dll
    2009-03-14 16:28:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
    2009-03-14 16:28:38 ----A---- C:\WINDOWS\system32\inetres.dll
    2009-03-14 16:28:38 ----A---- C:\WINDOWS\system32\inetcomm.dll
    2009-03-14 16:28:36 ----D---- C:\Program Files\Outlook Express
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\mstinit.exe
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\mstask.dll
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\isign32.dll
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\inetcfg.dll
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\icwphbk.dll
    2009-03-14 16:28:36 ----A---- C:\WINDOWS\system32\icwdial.dll
    2009-03-14 16:28:31 ----D---- C:\Program Files\Fichiers communs\System
    2009-03-14 16:28:29 ----D---- C:\Program Files\Internet Explorer
    2009-03-14 16:28:19 ----D---- C:\Program Files\ComPlus Applications
    2009-03-14 16:28:17 ----A---- C:\WINDOWS\vbaddin.ini
    2009-03-14 16:28:17 ----A---- C:\WINDOWS\vb.ini
    2009-03-14 16:28:13 ----D---- C:\WINDOWS\Registration
    2009-03-14 16:27:47 ----D---- C:\Program Files\Windows Media Player
    2009-03-14 16:27:47 ----D---- C:\Program Files\Online Services
    2009-03-14 16:27:43 ----D---- C:\Program Files\Messenger
    2009-03-14 16:27:40 ----D---- C:\Program Files\MSN Gaming Zone
    2009-03-14 16:27:40 ----A---- C:\WINDOWS\system32\write.exe
    2009-03-14 16:27:33 ----A---- C:\WINDOWS\system32\sndvol32.exe
    2009-03-14 16:27:32 ----A---- C:\WINDOWS\system32\winchat.exe
    2009-03-14 16:27:32 ----A---- C:\WINDOWS\system32\hticons.dll
    2009-03-14 16:27:32 ----A---- C:\WINDOWS\system32\avwav.dll
    2009-03-14 16:27:32 ----A---- C:\WINDOWS\system32\avtapi.dll
    2009-03-14 16:27:32 ----A---- C:\WINDOWS\system32\avmeter.dll
    2009-03-14 16:27:27 ----A---- C:\WINDOWS\system32\getuname.dll
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\winmine.exe
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\sol.exe
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\mshearts.exe
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\freecell.exe
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\charmap.exe
    2009-03-14 16:27:26 ----A---- C:\WINDOWS\system32\calc.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\usrlogon.cmd
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\tsshutdn.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\tslabels.ini
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\tskill.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\tsdiscon.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\tscon.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\shadow.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\rwinsta.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\reset.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\regini.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\qwinsta.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\qappsrv.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\msg.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\logoff.exe
    2009-03-14 16:27:25 ----A---- C:\WINDOWS\system32\cdmodem.dll
    2009-03-14 16:27:24 ----A---- C:\WINDOWS\system32\mtxlegih.dll
    2009-03-14 16:27:24 ----A---- C:\WINDOWS\system32\mtxex.dll
    2009-03-14 16:27:24 ----A---- C:\WINDOWS\system32\mtxdm.dll
    2009-03-14 16:27:24 ----A---- C:\WINDOWS\system32\msdtcprf.ini
    2009-03-14 16:27:24 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
    2009-03-14 16:27:23 ----A---- C:\WINDOWS\system32\stclient.dll
    2009-03-14 16:27:23 ----A---- C:\WINDOWS\system32\comsnap.dll
    2009-03-14 16:27:23 ----A---- C:\WINDOWS\system32\comrepl.dll
    2009-03-14 16:27:23 ----A---- C:\WINDOWS\system32\comaddin.dll
    2009-03-14 16:27:19 ----A---- C:\WINDOWS\system32\wmimgmt.msc
    2009-03-14 16:27:11 ----D---- C:\Program Files\MSN
    2009-03-14 16:27:10 ----A---- C:\WINDOWS\system32\sndrec32.exe
    2009-03-14 16:27:10 ----A---- C:\WINDOWS\system32\mplay32.exe
    2009-03-14 16:27:10 ----A---- C:\WINDOWS\system32\hypertrm.dll
    2009-03-14 16:27:10 ----A---- C:\WINDOWS\system32\accwiz.exe
    2009-03-14 16:27:09 ----D---- C:\Program Files\Windows NT
    2009-03-14 16:27:09 ----A---- C:\WINDOWS\system32\spider.exe
    2009-03-14 16:27:09 ----A---- C:\WINDOWS\system32\mspaint.exe
    2009-03-14 16:27:09 ----A---- C:\WINDOWS\system32\clipbrd.exe
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\tscupgrd.exe
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\sessmgr.exe
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\remotepg.dll
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\rdshost.exe
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\rdsaddin.exe
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\rdchost.dll
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\mstscax.dll
    2009-03-14 16:27:08 ----A---- C:\WINDOWS\system32\mstsc.exe
    2009-03-14 16:27:07 ----D---- C:\WINDOWS\system32\MsDtc
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\termsrv.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\qprocess.exe
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\mtxoci.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\icaapi.dll
    2009-03-14 16:27:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
    2009-03-14 16:27:06 ----D---- C:\WINDOWS\system32\Com
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\xolehlp.dll
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\msdtctm.dll
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\msdtclog.dll
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\msdtc.exe
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\colbact.dll
    2009-03-14 16:27:06 ----A---- C:\WINDOWS\system32\catsrvps.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\comuid.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\clbcatq.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\clbcatex.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\catsrvut.dll
    2009-03-14 16:27:05 ----A---- C:\WINDOWS\system32\catsrv.dll
    2009-03-14 16:27:01 ----A---- C:\WINDOWS\system32\servdeps.dll
    2009-03-14 16:27:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
    2009-03-14 16:27:00 ----A---- C:\WINDOWS\system32\licwmi.dll
    2009-03-14 16:27:00 ----A---- C:\WINDOWS\system32\cmprops.dll

    ======List of files/folders modified in the last 1 months======

    2009-03-25 00:01:41 ----A---- C:\WINDOWS\win.ini
    2009-03-25 00:01:41 ----A---- C:\WINDOWS\system.ini
    2009-03-24 23:37:20 ----A---- C:\WINDOWS\system32\svchost.exe
    2009-03-14 19:06:08 ----A---- C:\WINDOWS\system32\uxtheme.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-17 5632]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 ae5mm4ui;ae5mm4ui; C:\WINDOWS\system32\drivers\ae5mm4ui.sys []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-14 152984]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-24 14336]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
    S2 FCF;FCF; C:\WINDOWS\system32\svchost.exe [2009-03-24 14336]
    S2 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2009-03-24 14336]
    S2 Tvyat;Tvyat; C:\WINDOWS\System32\svchost.exe [2009-03-24 14336]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-15 68096]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
    S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2009-03-24 14336]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 Kmihidht;Kmihidht; C:\WINDOWS\system32\drivers\rootmdm.sys [2004-08-05 5888]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------




    Et voici le Info.txt :

    info.txt logfile of random's system information tool 1.06 2009-03-25 08:55:59

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    1.0-->"C:\Program Files\gPotato.eu\Street Gears\unins000.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Agere Systems PCI Soft Modem-->agrsmdel
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3837
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Deckadance-->C:\Program Files\VstPlugins\Deckadance\uninstall.exe
    FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    HijackThis 2.0.2-->"C:\Documents and Settings\Inv\Mes documents\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Dig
    Contenus similaires
    a c 295 8 Sécurité
    a b 9 Windows
    25 Mars 2009 14:02:15

    Citation :
    2009-03-24 23:35:53 ----A---- C:\WINDOWS\system32\reader_s.exe

    ---> Tu es infecté par Virut. Si l'infection est trop avancée, le formatage sera inévitable.

  • Fais un scan Dr.Web CureIt! puis poste le rapport ici :
    http://www.commentcamarche.net/faq/sujet-16138-comment-...
    25 Mars 2009 19:05:25

    Merci d'avance :)  Le scan a mis des heures :s

    ovfsthoqxflfixlhdtjxslrixxyoxmdonmjtpt.dll;C:\WINDOWS\system32;BackDoor.Tdss.118;Supprimé.;
    ovfsthoyplfhebsfnnekfeeftairiyhkcpltpg.dll;C:\WINDOWS\system32;BackDoor.Tdss.118;Supprimé.;
    ovfsthpyjaeatkmanirdsphgvsbnfhligouxea.dll;C:\WINDOWS\system32;BackDoor.Tdss.115;Irréparable.Quarantaine.;



    Voila ce que j'ai eu comme rapport.
    a c 295 8 Sécurité
    a b 9 Windows
    25 Mars 2009 19:07:38

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    25 Mars 2009 19:42:13

    ComboFix 09-03-23.01 - Inv 2009-03-25 19:30:58.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.407 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Inv\Mes documents\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\drivers\ntndis.sys

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://au.download.windj+|Cv+@J:NGD_DQ{zcxLJS@b#6O)sWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXu2D2D2D2DUcxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvowsupdate.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_icf
    -------\Service_ICF


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-25 15:10 . 2009-03-25 15:13 <REP> d-------- c:\documents and settings\Inv\DoctorWeb
    2009-03-25 10:27 . 2009-03-25 11:06 <REP> d--h----- C:\$AVG8.VAULT$
    2009-03-25 10:24 . 2009-03-25 18:51 <REP> d-------- c:\windows\system32\drivers\Avg
    2009-03-25 10:24 . 2009-03-25 10:24 <REP> d-------- c:\program files\AVG
    2009-03-25 10:24 . 2009-03-25 11:21 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-25 10:24 . 2009-03-25 10:24 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
    2009-03-25 10:24 . 2009-03-25 10:24 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
    2009-03-25 10:24 . 2009-03-25 10:24 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-03-25 08:55 . 2009-03-25 08:55 <REP> d-------- C:\rsit
    2009-03-24 23:55 . 2009-03-25 10:18 <REP> d-------- c:\documents and settings\Inv\.housecall6.6
    2009-03-24 23:41 . 2009-03-24 23:41 0 --a------ c:\windows\system32\drivers\ovfsth.sys
    2009-03-24 23:40 . 2009-03-25 12:24 43 --a------ c:\windows\system32\ovfsthhwcgeekvwxlvioutdbdftqopdjcowfwu.dat
    2009-03-24 23:38 . 2009-03-24 23:38 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
    2009-03-24 23:36 . 2009-03-25 16:19 0 --a------ c:\windows\system32\drivers\c6e9c443.sys
    2009-03-24 23:35 . 2009-03-25 12:24 12,640 --a------ c:\windows\system32\ovfsthetwmfwtumsvesryektaituejspcyjjxl.dat
    2009-03-21 23:27 . 2009-03-21 23:27 <REP> d-------- c:\windows\Sun
    2009-03-20 12:19 . 2009-03-23 17:39 23 --a------ c:\windows\BlendSettings.ini
    2009-03-19 13:26 . 2009-03-19 13:26 <REP> d-------- c:\program files\Common Files
    2009-03-19 13:26 . 2003-07-16 07:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
    2009-03-19 13:26 . 2004-12-30 22:43 4,682 --a------ c:\windows\system32\npptNT2.sys
    2009-03-19 11:35 . 2009-03-19 11:35 <REP> d-------- c:\program files\gPotato.eu
    2009-03-19 11:17 . 2009-03-20 11:44 <REP> d-------- c:\program files\Bethesda Softworks
    2009-03-19 11:16 . 2009-03-19 11:16 <REP> d-------- c:\windows\system32\xlive
    2009-03-19 11:15 . 2009-03-19 11:15 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Pro
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-03-19 11:13 . 2009-03-19 11:14 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:15 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:01 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2009-03-19 09:08 . 2009-03-19 09:08 <REP> d-------- c:\windows\Logs
    2009-03-19 09:08 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
    2009-03-19 09:06 . 2009-03-20 21:20 <REP> d----c--- c:\windows\system32\DRVSTORE
    2009-03-17 16:49 . 2009-03-17 16:49 <REP> d-------- c:\documents and settings\Inv\Application Data\Samsung
    2009-03-17 16:31 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
    2009-03-17 16:31 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
    2009-03-17 16:31 . 2005-08-30 01:49 94,000 --a------ c:\windows\system32\drivers\ssm_mdm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 58,320 --a------ c:\windows\system32\drivers\ssm_bus.sys
    2009-03-17 16:31 . 2005-08-30 01:49 8,336 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_whnt.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_wh.sys
    2009-03-17 16:30 . 2009-03-17 16:31 <REP> d-------- c:\windows\system32\Samsung_USB_Drivers
    2009-03-17 16:30 . 2009-03-17 16:30 <REP> d-------- c:\program files\Samsung
    2009-03-17 16:30 . 2009-03-17 16:41 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
    2009-03-17 16:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
    2009-03-17 15:47 . 2009-03-17 15:47 <REP> d-------- c:\program files\Audacity
    2009-03-16 03:00 . 2009-03-16 03:00 <REP> d-------- c:\program files\MSXML 4.0
    2009-03-15 23:39 . 2009-03-15 23:39 <REP> d-------- c:\program files\SFR
    2009-03-15 16:20 . 2009-03-15 16:20 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\temp\HP_WebRelease
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- C:\temp
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\program files\HP
    2009-03-15 16:09 . 2009-03-15 16:21 103,537 --a------ c:\windows\hpoins04.dat
    2009-03-15 16:09 . 2004-06-22 08:04 17,176 --------- c:\windows\hpomdl04.dat
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-03-15 12:46 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
    2009-03-15 12:41 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-15 12:41 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-15 09:09 . 2009-03-25 18:17 69 --a------ c:\windows\NeroDigital.ini
    2009-03-15 09:01 . 2009-03-15 09:34 <REP> d-------- c:\documents and settings\Inv\Application Data\Ahead
    2009-03-15 09:00 . 2009-03-15 09:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\program files\Nero
    2009-03-15 08:59 . 2009-03-15 09:00 <REP> d-------- c:\program files\Fichiers communs\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
    2009-03-15 08:48 . 2009-03-25 19:37 <REP> d-------- c:\documents and settings\Inv\Application Data\Azureus
    2009-03-15 08:48 . 2009-03-15 08:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
    2009-03-15 08:40 . 2009-03-18 08:17 <REP> d-------- c:\program files\Fichiers communs\Adobe
    2009-03-15 00:51 . 2009-03-24 21:02 <REP> d-------- c:\program files\Mozilla Thunderbird
    2009-03-15 00:51 . 2009-03-15 00:51 <REP> d-------- c:\documents and settings\Inv\Application Data\Thunderbird
    2009-03-14 23:52 . 2009-03-14 23:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-03-14 19:57 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\windows\system32\XPSViewer
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\Reference Assemblies
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\MSBuild
    2009-03-14 19:51 . 2009-03-14 19:51 <REP> d-------- C:\e651012c6c3a06737048a8820569d0
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-03-14 19:51 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-14 19:50 . 2009-03-14 19:54 <REP> d-------- c:\documents and settings\Inv\Application Data\dvdcss
    2009-03-14 19:46 . 2008-12-20 23:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2009-03-14 19:46 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2009-03-14 19:46 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2009-03-14 19:46 . 2008-12-20 23:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2009-03-14 19:46 . 2008-12-20 23:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2009-03-14 19:46 . 2008-12-20 23:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2009-03-14 19:46 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2009-03-14 19:46 . 2008-12-20 23:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-03-14 19:46 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2009-03-14 19:19 . 2009-03-14 19:19 385 --a------ c:\windows\ODBC.INI
    2009-03-14 19:18 . 2009-03-14 19:18 <REP> d-------- c:\windows\ShellNew
    2009-03-14 19:06 . 2009-03-14 19:06 65,428 --a------ c:\windows\BricoPackUninst.cmd
    2009-03-14 19:04 . 2009-03-14 19:04 <REP> d-------- c:\windows\BricoPacks
    2009-03-14 19:04 . 2009-03-14 19:06 6,110 --a------ c:\windows\BricoPackFoldersDelete.cmd
    2009-03-14 19:02 . 2009-03-14 19:02 <REP> d-------- c:\program files\CCleaner
    2009-03-14 18:54 . 2009-03-15 08:53 <REP> d-------- c:\program files\Azureus
    2009-03-14 18:49 . 2009-03-14 18:49 <REP> d-------- c:\program files\Windows Media Connect 2
    2009-03-14 18:49 . 2009-03-15 09:45 <REP> d-------- c:\documents and settings\Inv\Application Data\vlc
    2009-03-14 18:48 . 2009-03-14 18:49 <REP> d-------- C:\a329a238bf370562155ed998
    2009-03-14 18:47 . 2009-03-14 18:47 <REP> d-------- c:\windows\system32\LogFiles
    2009-03-14 18:47 . 2009-03-20 14:38 <REP> d-------- c:\windows\system32\drivers\UMDF
    2009-03-14 18:47 . 2009-03-14 18:48 <REP> d-------- C:\81249e4236f0a777629f
    2009-03-14 18:45 . 2009-03-14 18:45 <REP> d-------- c:\program files\VideoLAN
    2009-03-14 18:31 . 2008-12-12 18:02 5,283,840 --a------ c:\windows\system32\nse86.tmp
    2009-03-14 18:30 . 2009-03-14 18:30 <REP> d-------- c:\windows\Packs
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\Inv\Application Data\ATI
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
    2009-03-14 18:22 . 2009-03-14 18:22 0 --a------ c:\windows\ativpsrm.bin
    2009-03-14 18:18 . 2009-03-20 11:12 <REP> d--h----- c:\program files\InstallShield Installation Information
    2009-03-14 18:18 . 2009-03-14 18:19 <REP> d-------- c:\program files\ATI Technologies
    2009-03-14 18:18 . 2009-02-03 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
    2009-03-14 18:17 . 2009-03-14 18:18 <REP> d-------- c:\program files\Fichiers communs\InstallShield
    2009-03-14 18:17 . 2009-03-14 18:17 <REP> d-------- C:\ATI
    2009-03-14 18:16 . 2009-03-14 18:19 <REP> d-------- c:\program files\VstPlugins
    2009-03-14 18:16 . 2009-03-14 18:16 <REP> d-------- c:\program files\Outsim

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-24 22:38 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
    2009-03-14 18:59 --------- d-----w c:\program files\Microsoft Silverlight
    2009-03-14 16:46 --------- d-----w c:\program files\Messenger Plus! Live
    2009-03-14 16:45 --------- d-----w c:\program files\Windows Live
    2009-03-14 16:43 --------- d-----w c:\program files\Microsoft
    2009-03-14 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-14 16:37 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-03-14 15:43 --------- d-----w c:\program files\Java
    2009-03-14 15:34 --------- d-----w c:\program files\microsoft frontpage
    2009-03-14 15:33 --------- d-----w c:\program files\Fichiers communs\Java
    2009-03-14 15:29 --------- d-----w c:\program files\Services en ligne
    2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
    2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
    .

    ------- Sigcheck -------

    2004-08-05 13:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
    2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe

    2004-08-05 13:00 112640 46990969761352f53b2310d266e2f1df c:\windows\$NtServicePackUninstall$\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Inv\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-25 10:24 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
    R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 107912]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
    S1 c6e9c443;c6e9c443;c:\windows\system32\drivers\c6e9c443.sys [2009-03-24 0]
    S2 FCF;FCF;c:\windows\system32\svchost.exe:exe.exe --> c:\windows\system32\svchost.exe:exe.exe [?]
    S2 Tvyat;Tvyat;c:\windows\System32\svchost.exe -k netsvcs [2004-08-05 14336]
    S4 Kmihidht;Kmihidht;c:\windows\system32\drivers\rootmdm.sys [2004-08-05 5888]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Tvyat
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-Run - c:\documents and settings\Inv\Application Data\Adobe\Manager.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Inv\Application Data\Mozilla\Firefox\Profiles\bscm564x.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-25 19:39:16
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FCF]
    "ImagePath"="c:\windows\system32\svchost.exe:exe.exe"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(584)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\scecli.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-25 19:41:09 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-25 18:41:06

    Avant-CF: 148 480 335 872 octets libres
    Après-CF: 148,445,806,592 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    285 --- E O F --- 2009-03-20 10:33:07




    Voici le rapport, merci :) 
    a c 295 8 Sécurité
    a b 9 Windows
    25 Mars 2009 20:30:51

    /!\ Seul Phomos peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    Driver::
    c6e9c443

    File::
    c:\windows\system32\drivers\ovfsth.sys
    c:\windows\system32\ovfsthhwcgeekvwxlvioutdbdftqopdjcowfwu.dat
    c:\windows\system32\ovfsthetwmfwtumsvesryektaituejspcyjjxl.dat
    c:\windows\system32\drivers\c6e9c443.sys


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    25 Mars 2009 21:02:37

    ComboFix 09-03-23.01 - Inv 2009-03-25 20:48:55.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.304 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Inv\Mes documents\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Inv\Mes documents\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\drivers\c6e9c443.sys
    c:\windows\system32\drivers\ovfsth.sys
    c:\windows\system32\ovfsthetwmfwtumsvesryektaituejspcyjjxl.dat
    c:\windows\system32\ovfsthhwcgeekvwxlvioutdbdftqopdjcowfwu.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\c6e9c443.sys
    c:\windows\system32\drivers\ntndis.sys
    c:\windows\system32\drivers\ovfsth.sys
    c:\windows\system32\ovfsthetwmfwtumsvesryektaituejspcyjjxl.dat
    c:\windows\system32\ovfsthhwcgeekvwxlvioutdbdftqopdjcowfwu.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_c6e9c443


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-25 au 2009-03-25 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-25 15:10 . 2009-03-25 15:13 <REP> d-------- c:\documents and settings\Inv\DoctorWeb
    2009-03-25 10:27 . 2009-03-25 11:06 <REP> d--h----- C:\$AVG8.VAULT$
    2009-03-25 10:24 . 2009-03-25 18:51 <REP> d-------- c:\windows\system32\drivers\Avg
    2009-03-25 10:24 . 2009-03-25 10:24 <REP> d-------- c:\program files\AVG
    2009-03-25 10:24 . 2009-03-25 11:21 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-25 10:24 . 2009-03-25 10:24 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
    2009-03-25 10:24 . 2009-03-25 10:24 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
    2009-03-25 10:24 . 2009-03-25 10:24 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-03-25 08:55 . 2009-03-25 08:55 <REP> d-------- C:\rsit
    2009-03-24 23:55 . 2009-03-25 10:18 <REP> d-------- c:\documents and settings\Inv\.housecall6.6
    2009-03-24 23:38 . 2009-03-24 23:38 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
    2009-03-21 23:27 . 2009-03-21 23:27 <REP> d-------- c:\windows\Sun
    2009-03-20 12:19 . 2009-03-23 17:39 23 --a------ c:\windows\BlendSettings.ini
    2009-03-19 13:26 . 2009-03-19 13:26 <REP> d-------- c:\program files\Common Files
    2009-03-19 13:26 . 2003-07-16 07:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
    2009-03-19 13:26 . 2004-12-30 22:43 4,682 --a------ c:\windows\system32\npptNT2.sys
    2009-03-19 11:35 . 2009-03-19 11:35 <REP> d-------- c:\program files\gPotato.eu
    2009-03-19 11:17 . 2009-03-20 11:44 <REP> d-------- c:\program files\Bethesda Softworks
    2009-03-19 11:16 . 2009-03-19 11:16 <REP> d-------- c:\windows\system32\xlive
    2009-03-19 11:15 . 2009-03-19 11:15 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Pro
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-03-19 11:13 . 2009-03-19 11:14 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:15 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:01 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2009-03-19 09:08 . 2009-03-19 09:08 <REP> d-------- c:\windows\Logs
    2009-03-19 09:08 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
    2009-03-19 09:06 . 2009-03-20 21:20 <REP> d----c--- c:\windows\system32\DRVSTORE
    2009-03-17 16:49 . 2009-03-17 16:49 <REP> d-------- c:\documents and settings\Inv\Application Data\Samsung
    2009-03-17 16:31 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
    2009-03-17 16:31 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
    2009-03-17 16:31 . 2005-08-30 01:49 94,000 --a------ c:\windows\system32\drivers\ssm_mdm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 58,320 --a------ c:\windows\system32\drivers\ssm_bus.sys
    2009-03-17 16:31 . 2005-08-30 01:49 8,336 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_whnt.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_wh.sys
    2009-03-17 16:30 . 2009-03-17 16:31 <REP> d-------- c:\windows\system32\Samsung_USB_Drivers
    2009-03-17 16:30 . 2009-03-17 16:30 <REP> d-------- c:\program files\Samsung
    2009-03-17 16:30 . 2009-03-17 16:41 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
    2009-03-17 16:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
    2009-03-17 15:47 . 2009-03-17 15:47 <REP> d-------- c:\program files\Audacity
    2009-03-16 03:00 . 2009-03-16 03:00 <REP> d-------- c:\program files\MSXML 4.0
    2009-03-15 23:39 . 2009-03-15 23:39 <REP> d-------- c:\program files\SFR
    2009-03-15 16:20 . 2009-03-15 16:20 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\temp\HP_WebRelease
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- C:\temp
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\program files\HP
    2009-03-15 16:09 . 2009-03-15 16:21 103,537 --a------ c:\windows\hpoins04.dat
    2009-03-15 16:09 . 2004-06-22 08:04 17,176 --------- c:\windows\hpomdl04.dat
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-03-15 12:46 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
    2009-03-15 12:41 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-15 12:41 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-15 09:09 . 2009-03-25 18:17 69 --a------ c:\windows\NeroDigital.ini
    2009-03-15 09:01 . 2009-03-15 09:34 <REP> d-------- c:\documents and settings\Inv\Application Data\Ahead
    2009-03-15 09:00 . 2009-03-15 09:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\program files\Nero
    2009-03-15 08:59 . 2009-03-15 09:00 <REP> d-------- c:\program files\Fichiers communs\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
    2009-03-15 08:48 . 2009-03-25 20:48 <REP> d-------- c:\documents and settings\Inv\Application Data\Azureus
    2009-03-15 08:48 . 2009-03-15 08:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
    2009-03-15 08:40 . 2009-03-18 08:17 <REP> d-------- c:\program files\Fichiers communs\Adobe
    2009-03-15 00:51 . 2009-03-24 21:02 <REP> d-------- c:\program files\Mozilla Thunderbird
    2009-03-15 00:51 . 2009-03-15 00:51 <REP> d-------- c:\documents and settings\Inv\Application Data\Thunderbird
    2009-03-14 23:52 . 2009-03-14 23:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-03-14 19:57 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\windows\system32\XPSViewer
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\Reference Assemblies
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\MSBuild
    2009-03-14 19:51 . 2009-03-14 19:51 <REP> d-------- C:\e651012c6c3a06737048a8820569d0
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-03-14 19:51 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-14 19:50 . 2009-03-14 19:54 <REP> d-------- c:\documents and settings\Inv\Application Data\dvdcss
    2009-03-14 19:46 . 2008-12-20 23:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2009-03-14 19:46 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2009-03-14 19:46 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2009-03-14 19:46 . 2008-12-20 23:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2009-03-14 19:46 . 2008-12-20 23:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2009-03-14 19:46 . 2008-12-20 23:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2009-03-14 19:46 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2009-03-14 19:46 . 2008-12-20 23:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-03-14 19:46 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2009-03-14 19:19 . 2009-03-14 19:19 385 --a------ c:\windows\ODBC.INI
    2009-03-14 19:18 . 2009-03-14 19:18 <REP> d-------- c:\windows\ShellNew
    2009-03-14 19:06 . 2009-03-14 19:06 65,428 --a------ c:\windows\BricoPackUninst.cmd
    2009-03-14 19:04 . 2009-03-14 19:04 <REP> d-------- c:\windows\BricoPacks
    2009-03-14 19:04 . 2009-03-14 19:06 6,110 --a------ c:\windows\BricoPackFoldersDelete.cmd
    2009-03-14 19:02 . 2009-03-14 19:02 <REP> d-------- c:\program files\CCleaner
    2009-03-14 18:54 . 2009-03-15 08:53 <REP> d-------- c:\program files\Azureus
    2009-03-14 18:49 . 2009-03-14 18:49 <REP> d-------- c:\program files\Windows Media Connect 2
    2009-03-14 18:49 . 2009-03-15 09:45 <REP> d-------- c:\documents and settings\Inv\Application Data\vlc
    2009-03-14 18:48 . 2009-03-14 18:49 <REP> d-------- C:\a329a238bf370562155ed998
    2009-03-14 18:47 . 2009-03-14 18:47 <REP> d-------- c:\windows\system32\LogFiles
    2009-03-14 18:47 . 2009-03-20 14:38 <REP> d-------- c:\windows\system32\drivers\UMDF
    2009-03-14 18:47 . 2009-03-14 18:48 <REP> d-------- C:\81249e4236f0a777629f
    2009-03-14 18:45 . 2009-03-14 18:45 <REP> d-------- c:\program files\VideoLAN
    2009-03-14 18:31 . 2008-12-12 18:02 5,283,840 --a------ c:\windows\system32\nse86.tmp
    2009-03-14 18:30 . 2009-03-14 18:30 <REP> d-------- c:\windows\Packs
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\Inv\Application Data\ATI
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
    2009-03-14 18:22 . 2009-03-14 18:22 0 --a------ c:\windows\ativpsrm.bin
    2009-03-14 18:18 . 2009-03-20 11:12 <REP> d--h----- c:\program files\InstallShield Installation Information
    2009-03-14 18:18 . 2009-03-14 18:19 <REP> d-------- c:\program files\ATI Technologies
    2009-03-14 18:18 . 2009-02-03 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
    2009-03-14 18:17 . 2009-03-14 18:18 <REP> d-------- c:\program files\Fichiers communs\InstallShield
    2009-03-14 18:17 . 2009-03-14 18:17 <REP> d-------- C:\ATI
    2009-03-14 18:16 . 2009-03-14 18:19 <REP> d-------- c:\program files\VstPlugins
    2009-03-14 18:16 . 2009-03-14 18:16 <REP> d-------- c:\program files\Outsim
    2009-03-14 18:16 . 2009-03-14 18:16 <REP> d-------- c:\program files\ASIO4ALL v2
    2009-03-14 18:16 . 2002-07-07 23:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
    2009-03-14 18:16 . 2006-06-20 09:56 225,280 --a------ c:\windows\system32\rewire.dll
    2009-03-14 18:14 . 2009-03-14 18:14 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-24 22:38 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
    2009-03-14 18:59 --------- d-----w c:\program files\Microsoft Silverlight
    2009-03-14 16:46 --------- d-----w c:\program files\Messenger Plus! Live
    2009-03-14 16:45 --------- d-----w c:\program files\Windows Live
    2009-03-14 16:43 --------- d-----w c:\program files\Microsoft
    2009-03-14 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-14 16:37 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-03-14 15:43 --------- d-----w c:\program files\Java
    2009-03-14 15:34 --------- d-----w c:\program files\microsoft frontpage
    2009-03-14 15:33 --------- d-----w c:\program files\Fichiers communs\Java
    2009-03-14 15:29 --------- d-----w c:\program files\Services en ligne
    2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
    2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
    .

    ------- Sigcheck -------

    2004-08-05 13:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
    2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe

    2004-08-05 13:00 112640 46990969761352f53b2310d266e2f1df c:\windows\$NtServicePackUninstall$\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-03-25_19.40.20.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-03-25 19:57:37 16,384 ----atw c:\windows\temp\Perflib_Perfdata_3ac.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Inv\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-25 10:24 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
    R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 107912]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
    S2 FCF;FCF;c:\windows\system32\svchost.exe:exe.exe --> c:\windows\system32\svchost.exe:exe.exe [?]
    S2 Tvyat;Tvyat;c:\windows\System32\svchost.exe -k netsvcs [2004-08-05 14336]
    S4 Kmihidht;Kmihidht;c:\windows\system32\drivers\rootmdm.sys [2004-08-05 5888]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Tvyat
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Inv\Application Data\Mozilla\Firefox\Profiles\bscm564x.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-25 20:57:58
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FCF]
    "ImagePath"="c:\windows\system32\svchost.exe:exe.exe"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(584)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\scecli.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-25 21:00:18 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-25 20:00:14
    ComboFix2.txt 2009-03-25 18:41:10

    Avant-CF: 148 384 296 960 octets libres
    Après-CF: 148,373,254,144 octets libres

    282 --- E O F --- 2009-03-20 10:33:07



    Par contre j'ai bien désactivé AVG, strange :p  Merci d'avance :) 
    a c 295 8 Sécurité
    a b 9 Windows
    25 Mars 2009 21:05:46

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    25 Mars 2009 21:49:08

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1897
    Windows 5.1.2600 Service Pack 3

    25/03/2009 21:38:28
    mbam-log-2009-03-25 (21-38-28).txt

    Type de recherche: Examen rapide
    Eléments examinés: 62891
    Temps écoulé: 4 minute(s), 54 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FCF (Rootkit.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)



    Voici mon scan :) 
    a c 295 8 Sécurité
    a b 9 Windows
    25 Mars 2009 22:03:41

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Fais un scan AVPTool et poste le rapport.
    27 Mars 2009 08:48:47

    Up :)  Merci.
    a c 295 8 Sécurité
    a b 9 Windows
    27 Mars 2009 15:10:48

    Je te réponds dans la soirée.
    27 Mars 2009 16:19:17

    Merci Destrio :) 
    27 Mars 2009 16:47:36

    :hello:  Phomos,

    Je vais prendre la relève.

    As-tu bien sauvegardé tes données les plus vitales ? Veille à ne sauvegarder aucun fichier dont l'extension est .exe, .scr, .zip, .rar.

    Je t'envoie un MP pour la suite des instructions. Tu posteras le rapport, ici, sur le forum.

    ;) 
    27 Mars 2009 21:24:15

    Bonjour Egwene :) 

    Oui j'ai tout save, j'ai reformaté il y'a peu :p 


    Merci pour les instructions je te tiens au courant :) 
    28 Mars 2009 13:08:13

    ComboFix 09-03-27.02 - Inv 2009-03-28 13:02:13.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.595 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Inv\Mes documents\KittyFix.exe

    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOTDRV
    -------\Service_botdrv
    -------\Service_PCIDump


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-28 ))))))))))))))))))))))))))))))))))))
    .

    2009-03-28 12:49 . 2009-03-28 12:49 <REP> d-------- c:\program files\Free Audio Pack
    2009-03-25 21:22 . 2009-03-25 21:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-25 21:22 . 2009-03-25 21:22 <REP> d-------- c:\documents and settings\Inv\Application Data\Malwarebytes
    2009-03-25 21:22 . 2009-03-25 21:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-25 21:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-25 21:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-03-25 15:10 . 2009-03-25 15:13 <REP> d-------- c:\documents and settings\Inv\DoctorWeb
    2009-03-25 10:27 . 2009-03-25 11:06 <REP> d--h----- C:\$AVG8.VAULT$
    2009-03-25 10:24 . 2009-03-28 09:40 <REP> d-------- c:\windows\system32\drivers\Avg
    2009-03-25 10:24 . 2009-03-25 10:24 <REP> d-------- c:\program files\AVG
    2009-03-25 10:24 . 2009-03-25 11:21 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8
    2009-03-25 10:24 . 2009-03-25 10:24 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
    2009-03-25 10:24 . 2009-03-25 10:24 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
    2009-03-25 10:24 . 2009-03-25 10:24 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2009-03-25 08:55 . 2009-03-25 08:55 <REP> d-------- C:\rsit
    2009-03-24 23:55 . 2009-03-25 10:18 <REP> d-------- c:\documents and settings\Inv\.housecall6.6
    2009-03-24 23:38 . 2009-03-24 23:38 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
    2009-03-21 23:27 . 2009-03-21 23:27 <REP> d-------- c:\windows\Sun
    2009-03-20 12:19 . 2009-03-27 17:18 23 --a------ c:\windows\BlendSettings.ini
    2009-03-19 13:26 . 2009-03-19 13:26 <REP> d-------- c:\program files\Common Files
    2009-03-19 13:26 . 2003-07-16 07:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
    2009-03-19 13:26 . 2004-12-30 22:43 4,682 --a------ c:\windows\system32\npptNT2.sys
    2009-03-19 11:35 . 2009-03-19 11:35 <REP> d-------- c:\program files\gPotato.eu
    2009-03-19 11:17 . 2009-03-20 11:44 <REP> d-------- c:\program files\Bethesda Softworks
    2009-03-19 11:16 . 2009-03-19 11:16 <REP> d-------- c:\windows\system32\xlive
    2009-03-19 11:15 . 2009-03-19 11:15 107,888 --a------ c:\windows\system32\CmdLineExt.dll
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Pro
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools
    2009-03-19 11:14 . 2009-03-19 11:14 <REP> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2009-03-19 11:13 . 2009-03-19 11:14 <REP> d-------- c:\program files\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:15 <REP> d-------- c:\documents and settings\Inv\Application Data\DAEMON Tools Lite
    2009-03-19 11:01 . 2009-03-19 11:01 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2009-03-19 09:08 . 2009-03-19 09:08 <REP> d-------- c:\windows\Logs
    2009-03-19 09:08 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
    2009-03-19 09:06 . 2009-03-20 21:20 <REP> d----c--- c:\windows\system32\DRVSTORE
    2009-03-17 16:49 . 2009-03-17 16:49 <REP> d-------- c:\documents and settings\Inv\Application Data\Samsung
    2009-03-17 16:31 . 2003-02-21 18:42 348,160 --a------ c:\windows\system32\msvcr71.dll
    2009-03-17 16:31 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
    2009-03-17 16:31 . 2005-08-30 01:49 94,000 --a------ c:\windows\system32\drivers\ssm_mdm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 58,320 --a------ c:\windows\system32\drivers\ssm_bus.sys
    2009-03-17 16:31 . 2005-08-30 01:49 8,336 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
    2009-03-17 16:31 . 2005-08-30 01:49 6,176 --a------ c:\windows\system32\drivers\ssm_cm.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_whnt.sys
    2009-03-17 16:31 . 2005-08-30 01:47 5,840 --a------ c:\windows\system32\drivers\ssm_wh.sys
    2009-03-17 16:30 . 2009-03-17 16:31 <REP> d-------- c:\windows\system32\Samsung_USB_Drivers
    2009-03-17 16:30 . 2009-03-17 16:30 <REP> d-------- c:\program files\Samsung
    2009-03-17 16:30 . 2009-03-17 16:41 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
    2009-03-17 16:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
    2009-03-17 15:47 . 2009-03-17 15:47 <REP> d-------- c:\program files\Audacity
    2009-03-16 03:00 . 2009-03-16 03:00 <REP> d-------- c:\program files\MSXML 4.0
    2009-03-15 23:39 . 2009-03-15 23:39 <REP> d-------- c:\program files\SFR
    2009-03-15 16:20 . 2009-03-15 16:20 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2009-03-15 16:10 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\temp\HP_WebRelease
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- C:\temp
    2009-03-15 16:09 . 2009-03-15 16:09 <REP> d-------- c:\program files\HP
    2009-03-15 16:09 . 2009-03-15 16:21 103,537 --a------ c:\windows\hpoins04.dat
    2009-03-15 16:09 . 2004-06-22 08:04 17,176 --------- c:\windows\hpomdl04.dat
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
    2009-03-15 16:01 . 2008-04-13 19:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
    2009-03-15 12:46 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
    2009-03-15 12:41 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
    2009-03-15 12:41 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
    2009-03-15 09:09 . 2009-03-28 12:45 69 --a------ c:\windows\NeroDigital.ini
    2009-03-15 09:01 . 2009-03-15 09:34 <REP> d-------- c:\documents and settings\Inv\Application Data\Ahead
    2009-03-15 09:00 . 2009-03-15 09:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\program files\Nero
    2009-03-15 08:59 . 2009-03-15 09:00 <REP> d-------- c:\program files\Fichiers communs\Ahead
    2009-03-15 08:59 . 2009-03-15 08:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Nero
    2009-03-15 08:48 . 2009-03-27 23:24 <REP> d-------- c:\documents and settings\Inv\Application Data\Azureus
    2009-03-15 08:48 . 2009-03-15 08:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
    2009-03-15 08:41 . 2009-03-15 08:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
    2009-03-15 08:40 . 2009-03-18 08:17 <REP> d-------- c:\program files\Fichiers communs\Adobe
    2009-03-15 00:51 . 2009-03-27 13:10 <REP> d-------- c:\program files\Mozilla Thunderbird
    2009-03-15 00:51 . 2009-03-15 00:51 <REP> d-------- c:\documents and settings\Inv\Application Data\Thunderbird
    2009-03-14 23:52 . 2009-03-14 23:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
    2009-03-14 19:57 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\windows\system32\XPSViewer
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\Reference Assemblies
    2009-03-14 19:52 . 2009-03-14 19:52 <REP> d-------- c:\program files\MSBuild
    2009-03-14 19:51 . 2009-03-14 19:51 <REP> d-------- C:\e651012c6c3a06737048a8820569d0
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-14 19:51 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-14 19:51 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
    2009-03-14 19:51 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-14 19:50 . 2009-03-14 19:54 <REP> d-------- c:\documents and settings\Inv\Application Data\dvdcss
    2009-03-14 19:46 . 2008-12-20 23:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2009-03-14 19:46 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2009-03-14 19:46 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2009-03-14 19:46 . 2008-12-20 23:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2009-03-14 19:46 . 2008-12-20 23:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2009-03-14 19:46 . 2008-12-20 23:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2009-03-14 19:46 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2009-03-14 19:46 . 2008-12-20 23:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-03-14 19:46 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2009-03-14 19:19 . 2009-03-14 19:19 385 --a------ c:\windows\ODBC.INI
    2009-03-14 19:18 . 2009-03-14 19:18 <REP> d-------- c:\windows\ShellNew
    2009-03-14 19:06 . 2009-03-14 19:06 65,428 --a------ c:\windows\BricoPackUninst.cmd
    2009-03-14 19:04 . 2009-03-14 19:04 <REP> d-------- c:\windows\BricoPacks
    2009-03-14 19:04 . 2009-03-14 19:06 6,110 --a------ c:\windows\BricoPackFoldersDelete.cmd
    2009-03-14 19:02 . 2009-03-14 19:02 <REP> d-------- c:\program files\CCleaner
    2009-03-14 18:54 . 2009-03-15 08:53 <REP> d-------- c:\program files\Azureus
    2009-03-14 18:49 . 2009-03-14 18:49 <REP> d-------- c:\program files\Windows Media Connect 2
    2009-03-14 18:49 . 2009-03-15 09:45 <REP> d-------- c:\documents and settings\Inv\Application Data\vlc
    2009-03-14 18:48 . 2009-03-14 18:49 <REP> d-------- C:\a329a238bf370562155ed998
    2009-03-14 18:47 . 2009-03-14 18:47 <REP> d-------- c:\windows\system32\LogFiles
    2009-03-14 18:47 . 2009-03-20 14:38 <REP> d-------- c:\windows\system32\drivers\UMDF
    2009-03-14 18:47 . 2009-03-14 18:48 <REP> d-------- C:\81249e4236f0a777629f
    2009-03-14 18:45 . 2009-03-14 18:45 <REP> d-------- c:\program files\VideoLAN
    2009-03-14 18:31 . 2008-12-12 18:02 5,283,840 --a------ c:\windows\system32\nse86.tmp
    2009-03-14 18:30 . 2009-03-14 18:30 <REP> d-------- c:\windows\Packs
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\Inv\Application Data\ATI
    2009-03-14 18:23 . 2009-03-14 18:23 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
    2009-03-14 18:22 . 2009-03-14 18:22 0 --a------ c:\windows\ativpsrm.bin
    2009-03-14 18:18 . 2009-03-20 11:12 <REP> d--h----- c:\program files\InstallShield Installation Information
    2009-03-14 18:18 . 2009-03-14 18:19 <REP> d-------- c:\program files\ATI Technologies
    2009-03-14 18:18 . 2009-02-03 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
    2009-03-14 18:17 . 2009-03-14 18:18 <REP> d-------- c:\program files\Fichiers communs\InstallShield
    2009-03-14 18:17 . 2009-03-14 18:17 <REP> d-------- C:\ATI

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-24 22:38 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
    2009-03-14 18:59 --------- d-----w c:\program files\Microsoft Silverlight
    2009-03-14 16:46 --------- d-----w c:\program files\Messenger Plus! Live
    2009-03-14 16:45 --------- d-----w c:\program files\Windows Live
    2009-03-14 16:43 --------- d-----w c:\program files\Microsoft
    2009-03-14 16:42 --------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-14 16:37 --------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-03-14 15:43 --------- d-----w c:\program files\Java
    2009-03-14 15:34 --------- d-----w c:\program files\microsoft frontpage
    2009-03-14 15:33 --------- d-----w c:\program files\Fichiers communs\Java
    2009-03-14 15:29 --------- d-----w c:\program files\Services en ligne
    2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
    2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
    .

    ------- Sigcheck -------

    2004-08-05 13:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
    2009-03-24 23:38 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
    2008-04-14 03:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe

    2004-08-05 13:00 112640 46990969761352f53b2310d266e2f1df c:\windows\$NtServicePackUninstall$\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\ServicePackFiles\i386\wuauclt.exe
    2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wuauclt.exe
    2008-10-16 14:09 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-03-25_19.40.20.04 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-02-24 11:10:10 2,084,864 ----a-w c:\windows\system32\AudDesign.dll
    + 2005-02-24 11:10:30 417,792 ----a-w c:\windows\system32\AudDisplay.dll
    + 2005-03-11 16:37:10 1,986,560 ----a-w c:\windows\system32\AudFile.dll
    + 2005-02-24 11:11:06 1,212,416 ----a-w c:\windows\system32\AudioInfos.dll
    + 2005-03-10 15:00:30 454,656 ----a-w c:\windows\system32\AudioRecord.dll
    + 2005-02-24 11:11:56 479,232 ----a-w c:\windows\system32\AudioVisu.dll
    + 2005-02-24 14:21:12 458,752 ----a-w c:\windows\system32\AudPlayer.dll
    + 1998-07-12 18:00:00 32,768 ----a-w c:\windows\system32\CMDLGFR.DLL
    + 1998-07-12 22:00:00 15,360 ----a-w c:\windows\system32\inetfr.DLL
    + 2003-08-07 14:01:50 237,568 ----a-w c:\windows\system32\lame_enc.dll
    + 2003-03-18 20:20:00 1,060,864 ----a-w c:\windows\system32\MFC71.dll
    + 1998-07-12 22:00:00 59,904 ----a-w c:\windows\system32\Mscc2fr.dll
    + 1998-07-12 22:00:00 141,312 ----a-w c:\windows\system32\MSCMCFR.DLL
    + 1998-06-16 22:00:00 516,173 ----a-w c:\windows\system32\MSVCP60D.DLL
    + 2000-11-29 01:07:30 307,200 ----a-w c:\windows\system32\msvcr70.dll
    + 1998-06-16 22:00:00 385,100 ----a-w c:\windows\system32\MSVCRTD.DLL
    + 1998-07-12 22:00:00 21,504 ----a-w c:\windows\system32\TABCTFR.DLL
    + 2000-10-01 18:00:00 119,568 ----a-w c:\windows\system32\VB6FR.DLL
    + 1999-03-25 18:00:00 101,888 ----a-w c:\windows\system32\VB6STKIT.DLL
    + 2005-02-24 10:51:38 348,160 ----a-w c:\windows\system32\WMAFile.dll
    + 2009-03-28 12:05:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a8.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Inv\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-25 10:24 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-06-27 19:03 152872 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-12-29 11:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)

    R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-25 325640]
    R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-25 107912]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-25 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-25 298264]
    S2 Tvyat;Tvyat;c:\windows\System32\svchost.exe -k netsvcs [2004-08-05 14336]
    S4 Kmihidht;Kmihidht;c:\windows\system32\drivers\rootmdm.sys [2004-08-05 5888]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Tvyat
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Inv\Application Data\Mozilla\Firefox\Profiles\bscm564x.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-28 13:05:39
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(564)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(624)
    c:\windows\system32\scecli.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-03-28 13:07:35 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-03-28 12:07:32
    ComboFix2.txt 2009-03-25 18:41:10

    Avant-CF: 123 119 927 296 octets libres
    Après-CF: 123,292,680,192 octets libres

    288 --- E O F --- 2009-03-20 10:33:07



    Voici le rapport :)  Merci d'avance!
    29 Mars 2009 10:41:36

    Ti Up :) 
    1 Avril 2009 19:46:53

    Je up, toujours personne ? Je pense que mon pc est clean mais j'aimerais en être sur merci :) 
    a c 295 8 Sécurité
    a b 9 Windows
    2 Avril 2009 18:31:51

  • Refais un scan RSIT et poste le rapport log.
    3 Avril 2009 21:41:30

    Up :) 
    a c 295 8 Sécurité
    a b 9 Windows
    4 Avril 2009 00:15:55

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

    Tu as quoi comme antivirus ?
    4 Avril 2009 11:29:15

    J'ai un message d'erreur "Windows ne trouve pas 'combofix'..."

    J'ai Kaspersky Antivirus, j'avais AVG avant de reformater mon pc, j'ai décidé de changer.

    Merci !

    Ps : J'ai même fait un scan complet + suppression de toutes les infections en mode sans échec + anti spyware + Ccleaner + défragmentation mdr
    a c 295 8 Sécurité
    a b 9 Windows
    4 Avril 2009 16:01:18

    Citation :
    J'ai un message d'erreur "Windows ne trouve pas 'combofix'..."

    ---> C'est normal, tu as renommé ComboFix en KittyFix.


  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    botdrv
    restore
    dwshd

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    5 Avril 2009 10:00:04

    Voici le rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Service\Driver botdrv not found.
    Service\Driver botdrv not found.
    Service\Driver restore not found.
    Service\Driver restore not found.
    Service\Driver dwshd not found.
    Service\Driver dwshd not found.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}\\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Inv\LOCALS~1\Temp\e4j63.tmp_dir15804\exe4jlib.jar scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Inv\LOCALS~1\Temp\~DF85FB.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Inv\Local Settings\Temporary Internet Files\Content.IE5\UWHOSBYN\browse[1].htm scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Inv\Local Settings\Temporary Internet Files\Content.IE5\OSTKVVL3\ThirdpartyMedRect[1].htm scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Inv\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_880.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_095726

    Files moved on Reboot...
    C:\DOCUME~1\Inv\LOCALS~1\Temp\e4j63.tmp_dir15804\exe4jlib.jar moved successfully.
    File C:\DOCUME~1\Inv\LOCALS~1\Temp\~DF85FB.tmp not found!
    File C:\Documents and Settings\Inv\Local Settings\Temporary Internet Files\Content.IE5\UWHOSBYN\browse[1].htm not found!
    File C:\Documents and Settings\Inv\Local Settings\Temporary Internet Files\Content.IE5\OSTKVVL3\ThirdpartyMedRect[1].htm not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_880.dat not found!


    Merci :) 


    PS : les not found c'est normal j'ai fait une première suppression mais le rapport n'est pas sorti, petit bug alors j'ai recommencé :)  Mais tout a été supprimé.
    a c 295 8 Sécurité
    a b 9 Windows
    5 Avril 2009 12:59:48

    Ton PC va bien ?

    Tu peux me poster le rapport info situé dans C:\rsit ?
    5 Avril 2009 14:14:30

    Voici le rapport :) 

    info.txt logfile of random's system information tool 1.06 2009-03-25 08:55:59

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    1.0-->"C:\Program Files\gPotato.eu\Street Gears\unins000.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Agere Systems PCI Soft Modem-->agrsmdel
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3837
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Deckadance-->C:\Program Files\VstPlugins\Deckadance\uninstall.exe
    FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    HijackThis 2.0.2-->"C:\Documents and Settings\Inv\Mes documents\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
    Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======System event log======

    Computer Name: PLATEFORM
    Event Code: 15007
    Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée.

    Record Number: 5
    Source Name: HTTP
    Time Written: 20090314162941.000000+060
    Event Type: Informations
    User:

    Computer Name: PLATEFORM
    Event Code: 1005
    Message: Votre ordinateur a détecté que l'adresse IP 192.168.1.20 pour la carte
    avec l'adresse réseau 00112F21D84E est déjà utilisée sur le réseau.
    Votre ordinateur va automatiquement essayer d'obtenir une nouvelle adresse.

    Record Number: 4
    Source Name: Dhcp
    Time Written: 20090314162606.000000+060
    Event Type: Avertissement
    User:

    Computer Name: PLATEFORM
    Event Code: 6011
    Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers PLATEFORM.

    Record Number: 3
    Source Name: EventLog
    Time Written: 20090314162556.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20090314172013.000000+060
    Event Type: Informations
    User:

    Computer Name: MACHINENAME
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20090314172013.000000+060
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: PLATEFORM
    Event Code: 1001
    Message: Détecteur d'erreurs 941474795.

    Record Number: 347
    Source Name: Application Hang
    Time Written: 20090319115123.000000+060
    Event Type: erreur
    User:

    Computer Name: PLATEFORM
    Event Code: 1002
    Message: Application bloquée Fallout3.exe, version 1.0.0.12, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Record Number: 346
    Source Name: Application Hang
    Time Written: 20090319115120.000000+060
    Event Type: erreur
    User:

    Computer Name: PLATEFORM
    Event Code: 1000
    Message: Application défaillante fallout3.exe, version 1.0.0.12, module défaillant fallout3.exe, version 1.0.0.12, adresse de défaillance 0x00748d95.

    Record Number: 345
    Source Name: Application Error
    Time Written: 20090319115001.000000+060
    Event Type: erreur
    User:

    Computer Name: PLATEFORM
    Event Code: 4097
    Message: L'application, C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe, a généré une erreur d'application
    L'erreur s'est produite le 03/19/2009 à 11:45:36.140
    L'exception générée était c0000005 à l'adresse 00B48D95 (Fallout3)

    Record Number: 344
    Source Name: DrWatson
    Time Written: 20090319114536.000000+060
    Event Type: Informations
    User:

    Computer Name: PLATEFORM
    Event Code: 1000
    Message: Application défaillante fallout3.exe, version 1.0.0.12, module défaillant fallout3.exe, version 1.0.0.12, adresse de défaillance 0x00748d95.

    Record Number: 343
    Source Name: Application Error
    Time Written: 20090319114531.000000+060
    Event Type: erreur
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------


    Oui tout va bien excepté de gros ralentissements parfois au niveau du net mais je crois que c'est à cause de ces *** de chez Neuf :p 

    Merci beaucoup Destrio :) 
    a c 295 8 Sécurité
    a b 9 Windows
    5 Avril 2009 14:21:48

  • Désinstalle les programmes suivants :
    - J2SE Runtime Environment 5.0
    - Java 6 Update 11

  • Mets à jour Java.

  • Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

  • En bas à droite, clique sur Démarrer Online-scanner.

  • Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

  • Accepte les Contrôles ActiveX.

  • Choisis Poste de travail pour le scan.

  • Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

  • Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS