Se connecter / S'enregistrer
Votre question

Mon PC semble infecté [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Avril 2009 00:02:22

Bonjour,
je viens chercher de l'aide car mon PC devient instable, lent et perd souvent la connexion internet!
-J'ai passé Spybot quie ne trouve rien
-J'ai passé mon antivirus NOD32 qui mets en quarantaine des infiltrations mais ne résout pas le PB
-j'ai essayé Malwarebytes mais il se plante au bout de quelques secondes!!!

A chaque boot j'ai des messages de NOD32 me disant:
-connexion arrêtée - mis en quarantaine
-cheval de troie
-variante de W32 etc...

Je ne sais plus quoi faire!

Pouvez vous m'aider?

Merci d'avance

Autres pages sur : semble infecte resolu

a c 273 8 Sécurité
2 Avril 2009 00:04:41

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    2 Avril 2009 06:43:53

    Salut et merci pour ton aide.
    Voici les 2 rapports :
    ========================
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-04-02 06:39:03
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 18 GB (44%) free of 40 GB
    Total RAM: 2046 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:39:33, on 02/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\msr.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\NetDrive\wdservice.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\system\msrsys32.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\OV530EM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\regx32.exe
    C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\WINDOWS\system\msrsys32.exe
    C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
    C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system\msrsys32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Downloads\Programs\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
    O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV530EM.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe
    O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\netmon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
    O23 - Service: Microsoft Reverse Proxy Service (msrpxy) - Unknown owner - C:\WINDOWS\system32\msr.exe
    O23 - Service: MSR System Service (msrsys) - Unknown owner - C:\WINDOWS\system\msrsys32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

    --
    End of file - 14282 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
    IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
    SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-16 63048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-22 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16 161352]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-15 1404928]
    "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]
    "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-07 140568]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-03 486856]
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "JWOSetup"=JWOSetup.exe -en []
    "SMKRun"=C:\Program Files\JustWrite Office\ScreenMark.exe [2007-01-08 118784]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
    "Ovt Wia"=C:\WINDOWS\OV530EM.exe [2005-11-14 32768]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
    "TrialReset"=C:\WINDOWS\regx32.exe [2008-07-03 285327]
    "CamserviceDP"=C:\Program Files\Hercules\DualPix Exchange\Camservice.exe [2007-08-10 81920]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
    "CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
    "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-02-21 28672]
    "AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "netmon"=C:\WINDOWS\system\netmon.exe [2009-03-31 101376]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-03 486856]
    "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2007-12-21 931760]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-07 904880]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    C:\WINDOWS\system32\oodtray.exe [2007-06-29 2512128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-07 2620336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    C:\PROGRA~1\Ciel\Starter.exe [2006-07-06 524288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-11-22 161264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^wintp.exe]
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\wintp.exe []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-08-08 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-06-26 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\netmon32]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SVCWINSPOOL]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msrsys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netmon32]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SVCWINSPOOL]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "ForceClassicControlPanel"=1
    "StartMenuLogoff"=1
    "ForceStartMenuLogoff"=0
    "NoResolveTrack"=1
    "NoResolveSearch"=1
    "NoInstrumentation"=1
    "NoStartMenuMFUprogramsList"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "D:\Newsleecher\alt.binaries.gougouland\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe"="D:\Newsleecher\alt.binaries.gougouland\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "D:\A.P.J.T.2008\P2P\MicroTorrent\uTorrent.exe"="D:\A.P.J.T.2008\P2P\MicroTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "D:\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe"="D:\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "Q:\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe"="Q:\A.P.J.T.2008\AIM\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\WINDOWS\system\msrsys32.exe"="C:\WINDOWS\system\msrsys32.exe:*:msrsys"
    "C:\WINDOWS\System32\20.scr"="C:\WINDOWS\System32\20.scr:*:msrsys"
    "C:\WINDOWS\system\msile.exe"="C:\WINDOWS\system\msile.exe:*:msile"
    "C:\WINDOWS\System32\23.scr"="C:\WINDOWS\System32\23.scr:*:msrsys"
    "C:\WINDOWS\TEMP\33.exe"="C:\WINDOWS\TEMP\33.exe:*:msile"
    "C:\WINDOWS\System32\34.scr"="C:\WINDOWS\System32\34.scr:*:msrsys"
    "C:\WINDOWS\System32\18.scr"="C:\WINDOWS\System32\18.scr:*:msrsys"
    "C:\WINDOWS\System32\88.scr"="C:\WINDOWS\System32\88.scr:*:msile"
    "C:\WINDOWS\System32\78.scr"="C:\WINDOWS\System32\78.scr:*:msrsys"
    "C:\WINDOWS\System32\57.scr"="C:\WINDOWS\System32\57.scr:*:msile"
    "C:\WINDOWS\System32\74.scr"="C:\WINDOWS\System32\74.scr:*:msile"
    "C:\WINDOWS\System32\53.scr"="C:\WINDOWS\System32\53.scr:*:msile"
    "C:\WINDOWS\System32\64.scr"="C:\WINDOWS\System32\64.scr:*:msile"
    "C:\WINDOWS\System32\75.scr"="C:\WINDOWS\System32\75.scr:*:Microsoft Enabled"
    "C:\WINDOWS\system\netmon.exe"="C:\WINDOWS\system\netmon.exe:*:Microsoft Enabled"
    "C:\WINDOWS\System32\46.scr"="C:\WINDOWS\System32\46.scr:*:Microsoft Enabled"
    "I:\smartkey.exe"="I:\smartkey.exe:*:Microsoft Enabled"
    "C:\WINDOWS\system\services.exe"="C:\WINDOWS\system\services.exe:*:Microsoft Enabled"
    "C:\WINDOWS\System32\43.scr"="C:\WINDOWS\System32\43.scr:*:msrsys"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0b9fe-31ff-11dd-a6e7-00111137f794}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL smartkey.exe
    shell\default\command - I:\smartkey.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86db078e-6aaa-11dd-a747-00111137f794}]
    shell\AutoRun\command - R:\WD_Windows_Tools\Setup.exe


    ======File associations======

    .scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
    .scr - install -
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-04-02 06:39:03 ----D---- C:\rsit
    2009-04-02 06:39:03 ----D---- C:\Program Files\trend micro
    2009-04-01 23:26:03 ----D---- C:\Documents and Settings\Administrateur\Application Data\Uniblue
    2009-04-01 22:17:10 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-27 22:43:28 ----A---- C:\WINDOWS\system32\msvcrt2.dll
    2009-03-24 20:14:33 ----RSH---- C:\WINDOWS\system32\msr.exe
    2009-03-24 20:14:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-03-23 00:01:10 ----D---- C:\Documents and Settings\All Users\Application Data\BSD
    2009-03-23 00:00:54 ----D---- C:\Documents and Settings\Administrateur\Application Data\BSD Concept
    2009-03-23 00:00:25 ----D---- C:\Documents and Settings\All Users\Application Data\BSD Concept
    2009-03-23 00:00:22 ----D---- C:\Program Files\BSD Concept
    2009-03-22 20:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
    2009-03-22 20:39:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\Babylon
    2009-03-21 20:39:09 ----D---- C:\Program Files\Adobe

    ======List of files/folders modified in the last 1 months======

    2009-04-02 06:39:03 ----RD---- C:\Program Files
    2009-04-02 06:36:47 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-02 06:23:33 ----D---- C:\WINDOWS\system32
    2009-04-02 06:20:11 ----D---- C:\WINDOWS\Temp
    2009-04-02 06:19:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\DMCache
    2009-04-02 06:19:11 ----D---- C:\Documents and Settings\Administrateur\Application Data\WTablet
    2009-04-02 00:12:11 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-01 23:44:09 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-04-01 23:32:50 ----SHD---- C:\WINDOWS\Installer
    2009-04-01 23:32:50 ----SHD---- C:\Config.Msi
    2009-04-01 23:31:37 ----D---- C:\Program Files\Larousse
    2009-04-01 23:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-04-01 23:12:11 ----A---- C:\WINDOWS\WININIT.INI
    2009-04-01 23:10:04 ----D---- C:\WINDOWS\system32\drivers
    2009-04-01 23:00:31 ----SHD---- C:\WINDOWS\CSC
    2009-04-01 22:46:47 ----D---- C:\WINDOWS\Prefetch
    2009-04-01 22:17:10 ----D---- C:\WINDOWS
    2009-04-01 21:52:00 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-04-01 15:08:14 ----D---- C:\WINDOWS\system32\oodag
    2009-03-31 22:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-31 22:42:32 ----D---- C:\WINDOWS\Minidump
    2009-03-31 22:02:43 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-31 21:53:44 ----D---- C:\WINDOWS\system
    2009-03-30 16:02:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thinstall
    2009-03-30 08:18:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-29 22:57:01 ----D---- C:\Program Files\Yahoo!
    2009-03-29 22:33:07 ----D---- C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2009-03-29 09:08:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2009-03-25 19:49:50 ----HD---- C:\WINDOWS\inf
    2009-03-25 19:49:46 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-25 19:49:12 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-25 19:38:18 ----D---- C:\Program Files\ma-config.com
    2009-03-25 19:38:18 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-03-25 19:31:53 ----RSD---- C:\WINDOWS\assembly
    2009-03-25 19:31:53 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-22 21:51:48 ----D---- C:\Program Files\eMule
    2009-03-22 20:38:09 ----D---- C:\Temp
    2009-03-22 16:49:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\gSyncit
    2009-03-22 13:36:32 ----D---- C:\Program Files\Open Cellar
    2009-03-21 20:39:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-21 20:39:11 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-06 10:03:55 ----D---- C:\Program Files\gSyncit

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-08-03 15424]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-07 12032]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
    R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-14 15440]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-14 44384]
    R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-06-26 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-08 3266560]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-01-30 160256]
    R3 camfilt2;camfilt2; C:\WINDOWS\System32\Drivers\camfilt2.sys [2007-05-29 94208]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-21 135040]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-21 6144]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-21 135248]
    R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
    R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2006-12-14 11984]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-21 116000]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-03-26 823616]
    R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
    R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
    R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-06-26 61824]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-22 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-12-24 10368]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-16 9602944]
    R3 sysdrv32;Play Port I/O Driver; \??\C:\WINDOWS\system32\drivers\sysdrv32.sys []
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-08-03 512096]
    S2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS []
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
    S3 a29xgzrt;a29xgzrt; C:\WINDOWS\system32\drivers\a29xgzrt.sys []
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
    S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
    S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
    S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
    S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
    S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
    S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
    S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
    S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2006-05-09 34944]
    S3 ovt530;AV301P; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
    S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-15 732928]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-15 260352]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
    S3 USBAV708;Instant VideoMPX; C:\WINDOWS\SYSTEM32\DRIVERS\USBAV708.SYS [2004-10-11 104704]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-06-26 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-06-26 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []
    S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-07 427288]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-08 573440]
    R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 168432]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 msrpxy;Microsoft Reverse Proxy Service; C:\WINDOWS\system32\msr.exe [2009-03-24 966656]
    R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-06-29 1049856]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
    R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2008-04-03 3024168]
    R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056]
    R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdservice.exe [2003-03-26 94208]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-08 593920]
    S2 msile;microsoft install le; C:\WINDOWS\system\msile.exe []
    S2 msrsys;MSR System Service; C:\WINDOWS\system\msrsys32.exe [2009-03-24 61952]
    S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2007-12-26 77944]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-05-09 86016]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

    -----------------EOF-----------------
    info.txt logfile of random's system information tool 1.06 2009-04-02 06:39:35

    ======Uninstall list======

    -->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /L:FRN
    -->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W /L:FRN
    -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Acronis True Image Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D4ED56E-C3DF-46F6-924B-D6774A766943}\setup.exe" -l0x40c
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
    ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
    AutoCAD 2007 - Français-->MsiExec.exe /I{5783F2D7-5001-040C-0002-0060B0CE6BBA}
    Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
    AV301P-->MsiExec.exe /X{DBAA6058-4960-4A46-8E84-4D71F23F3A84}
    Ballance-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42E0783D-3BA4-454B-B58A-BF26E49EB7DE}\setup.exe"
    Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
    BitSpirit v3.1.0.077 Stable Release-->"C:\Program Files\BitSpirit\unins000.exe"
    Boris Graffiti-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x40c -removeonly
    Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Ciel Gestion Commerciale 13.0-->MsiExec.exe /I{414C215E-F8E2-4235-BE08-B3932F50246D}
    CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
    CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    DVDFab Platinum 4.0.3.0 Final Registered-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    ESET NOD32 Antivirus-->MsiExec.exe /I{6229EFBA-A122-490C-B660-A5409FA15A31}
    FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\UnInstall_14333.exe"
    FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
    FpTest 3.2-->C:\Program Files\FpTest\uninst.exe
    Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
    Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
    FreeGo version 4-->"C:\Program Files\FreeGo\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    gSyncit-->MsiExec.exe /I{67AE0E65-3F0C-4B51-A194-E58145BB6887}
    Hercules DualPix Exchange Webcam-->C:\Program Files\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly
    Hercules WebCam Station-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}\Setup.exe" -l0x40c
    Hercules Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}\Setup.exe" -l0x40c
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP OfficeJet/PSC Scrubber-->C:\WINDOWS\IsUninst.exe -fC:\HPAiOScrubber\Uninst.isu
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
    HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
    Instant VideoMPX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FEBA60E-4DAB-46C4-99E0-197721785DA1}\setup.exe" -l0x40c -removeonly
    Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
    Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
    InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
    Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
    Marsu-Fix 2.5-->"C:\WINDOWS\Marsu-Fix 2.5 Uninstaller.exe"
    Micro Application - Kit d'Impression CD - DVD-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Kit d'Impression CD - DVD\cdl3.isu"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    MozBackup 1.4.6-->"C:\Program Files\MozBackup\unins000.exe"
    Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSXML 4.0 SP2 (KB92797
    Contenus similaires
    a c 273 8 Sécurité
    2 Avril 2009 14:50:59

    1/

  • Cherche ce fichier : C:\Program Files\trend micro\Administrateur.exe
  • Double-clique sur ce fichier.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\netmon.exe

    O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)

    O23 - Service: Microsoft Reverse Proxy Service (msrpxy) - Unknown owner - C:\WINDOWS\system32\msr.exe

    O23 - Service: MSR System Service (msrsys) - Unknown owner - C:\WINDOWS\system\msrsys32.exe


  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Ferme HijackThis.


    2/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe pour le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    msile
    msrsys
    msrpxy
    mchInjDrv

    :files
    C:\WINDOWS\system\msrsys32.exe
    C:\WINDOWS\system\msile.exe
    C:\WINDOWS\system32\msr.exe
    C:\WINDOWS\System32\??.scr
    C:\WINDOWS\system\services.exe
    I:\smartkey.exe
    C:\WINDOWS\system\netmon.exe

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0b9fe-31ff-11dd-a6e7-00111137f794}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system\msrsys32.exe"=-
    "C:\WINDOWS\System32\20.scr"=-
    "C:\WINDOWS\system\msile.exe"=-
    "C:\WINDOWS\System32\23.scr"=-
    "C:\WINDOWS\TEMP\33.exe"=-
    "C:\WINDOWS\System32\34.scr"=-
    "C:\WINDOWS\System32\18.scr"=-
    "C:\WINDOWS\System32\88.scr"=-
    "C:\WINDOWS\System32\78.scr"=-
    "C:\WINDOWS\System32\57.scr"=-
    "C:\WINDOWS\System32\74.scr"=-
    "C:\WINDOWS\System32\53.scr"=-
    "C:\WINDOWS\System32\64.scr"=-
    "C:\WINDOWS\System32\75.scr"=-
    "C:\WINDOWS\system\netmon.exe"=-
    "C:\WINDOWS\System32\46.scr"=-
    "I:\smartkey.exe"=-
    "C:\WINDOWS\system\services.exe"=-
    "C:\WINDOWS\System32\43.scr"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\netmon32]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SVCWINSPOOL]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msrsys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netmon32]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SVCWINSPOOL]

    :commands
    [purity]
    [emptytemp]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    2 Avril 2009 21:22:50

    à noter que la ligne
    O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe (file missing)
    n'existait pas.

    Voici le rapport:
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========

    Service\Driver msile deleted successfully.

    Service\Driver msrsys deleted successfully.

    Service\Driver msrpxy deleted successfully.
    Service\Driver mchInjDrv not found.
    Service\Driver key mchInjDrv deleted successfully.
    ========== FILES ==========
    C:\WINDOWS\system\msrsys32.exe moved successfully.
    File/Folder C:\WINDOWS\system\msile.exe not found.
    C:\WINDOWS\system32\msr.exe moved successfully.
    C:\WINDOWS\System32\18.scr moved successfully.
    C:\WINDOWS\System32\20.scr moved successfully.
    C:\WINDOWS\System32\23.scr moved successfully.
    C:\WINDOWS\System32\43.scr moved successfully.
    C:\WINDOWS\System32\46.scr moved successfully.
    C:\WINDOWS\System32\75.scr moved successfully.
    C:\WINDOWS\System32\78.scr moved successfully.
    File/Folder C:\WINDOWS\system\services.exe not found.
    I:\smartkey.exe moved successfully.
    C:\WINDOWS\system\netmon.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0b9fe-31ff-11dd-a6e7-00111137f794}\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\msrsys32.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\20.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\msile.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\23.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\TEMP\33.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\34.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\18.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\88.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\78.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\57.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\74.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\53.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\64.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\75.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\netmon.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\46.scr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\I:\smartkey.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system\services.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\System32\43.scr deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msrsys\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\netmon32\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SVCWINSPOOL\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msrsys\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netmon32\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SVCWINSPOOL\\ deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_fkdvX1rjSbhu0JLXBNaR scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF22E3.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF22E8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62A0.tmp scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62A5.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04022009_211023

    Files moved on Reboot...
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_fkdvX1rjSbhu0JLXBNaR not found!
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WCESLog.log moved successfully.
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF22E3.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF22E8.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62A0.tmp not found!
    File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62A5.tmp not found!
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\XUL.mfl moved successfully.
    ============================
    a c 273 8 Sécurité
    2 Avril 2009 21:25:58

  • Télécharge DirLook sur ton Bureau.
  • Double-clique sur DirLook.exe pour lance l'outil.
  • Vérifie que les deux cases situées derrière "Show hidden files/folders:" et "BBCode Output:" soient cochées.
  • Copie le texte ci-dessous :

    C:\WINDOWS\system


  • Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
    Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

  • Clique sur le bouton DirLook pour lancer la recherche. Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
    Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

  • Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.
  • Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
    2 Avril 2009 22:28:12

    voici le rapport dirlook:
    =================
    DirLook.exe v2.0 by jpshortstuff
    Log created at 22:25 on 02/04/2009
    ==================================
    Contents of "C:\WINDOWS\system"

    ---FOLDERS---

    (none found)

    ---FILES---

    AVICAP.DLL (70352 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    AVIFILE.DLL (109568 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    COMMDLG.DLL (33904 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    CRLDS3D.DLL (765952 bytes - created on 07/06/2005 at 19:58, modified on 07/06/2005 at 19:58) --a---
    KEYBOARD.DRV (2000 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    LZEXPAND.DLL (9936 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    MCIAVI.DRV (73680 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    MCISEQ.DRV (25280 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    MCIWAVE.DRV (28160 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    MMSYSTEM.DLL (70688 bytes - created on 24/12/2007 at 11:04, modified on 04/08/2004 at 04:37) --a---
    MMTASK.TSK (1152 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    MOUSE.DRV (2032 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    msrsys32.exe (61952 bytes - created on 24/03/2009 at 18:13, modified on 24/03/2009 at 18:13) ------
    MSVIDEO.DLL (127168 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    netmon.exe (101376 bytes - created on 31/03/2009 at 08:09, modified on 31/03/2009 at 08:09) ------
    OLECLI.DLL (83456 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    OLESVR.DLL (24064 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    setup.inf (59167 bytes - created on 07/09/2002 at 00:00, modified on 07/09/2002 at 00:00) --a---
    SHELL.DLL (5120 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    SOUND.DRV (1744 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    stdole.tlb (5532 bytes - created on 07/09/2002 at 00:00, modified on 07/09/2002 at 00:00) --a---
    SYSTEM.DRV (3360 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    TAPI.DLL (19200 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    TIMER.DRV (4096 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    VER.DLL (9104 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    VGA.DRV (2176 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    WFWNET.DRV (13600 bytes - created on 24/12/2007 at 11:04, modified on 07/09/2002 at 00:00) --a---
    WINSPOOL.DRV (146944 bytes - created on 24/12/2007 at 11:04, modified on 04/08/2004 at 04:55) --a---

    ==================================
    =EOF=
    a c 273 8 Sécurité
    2 Avril 2009 22:57:44

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    3 Avril 2009 00:05:11

    voici le rapport:
    ComboFix 09-04-01.01 - Administrateur 2009-04-02 23:53:11.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1282 [GMT 2:00]
    Lancé depuis: d:\downloads\Programs\ComboFix.exe
    * Un nouveau point de restauration a été créé
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\a.bat
    c:\documents and settings\Administrateur\Application Data\inst.exe
    c:\windows\system32\drivers\sysdrv32.sys
    c:\windows\system32\exec1.exe
    I:\autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SYSDRV32
    -------\Service_sysdrv32


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\system32\xircom
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\system32\oobe
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\srchasst
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\program files\microsoft frontpage
    2009-04-02 21:13 . 2009-04-02 21:13 122,272 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-04-02 06:39 . 2009-04-02 06:39 <REP> d-------- C:\rsit
    2009-04-02 06:39 . 2009-04-02 21:07 <REP> d-------- c:\program files\trend micro
    2009-04-01 23:26 . 2009-04-01 23:26 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Uniblue
    2009-03-31 10:09 . 2009-03-31 10:09 101,376 --------- c:\windows\system\netmon.exe
    2009-03-27 22:43 . 2009-03-27 22:43 102,480 --a------ c:\windows\system32\msvcrt2.dll
    2009-03-24 20:14 . 2009-04-02 06:19 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-03-24 20:14 . 2009-03-24 20:14 966,656 --------- c:\windows\system32\msr.exe
    2009-03-24 20:13 . 2009-03-24 20:13 61,952 --------- c:\windows\system\msrsys32.exe
    2009-03-23 00:01 . 2009-03-23 00:01 <REP> d-------- c:\documents and settings\All Users\Application Data\BSD
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\program files\BSD Concept
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\documents and settings\All Users\Application Data\BSD Concept
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\documents and settings\Administrateur\Application Data\BSD Concept
    2009-03-22 20:39 . 2009-03-22 20:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
    2009-03-22 20:39 . 2009-03-22 20:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Babylon

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-02 21:57 --------- d-----w c:\documents and settings\Administrateur\Application Data\WTablet
    2009-04-02 21:56 --------- d-----w c:\program files\SuperCopier2
    2009-04-02 21:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
    2009-04-02 13:52 --------- d-----w c:\program files\Mozilla Thunderbird
    2009-04-02 10:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2009-04-02 05:56 --------- d-----w c:\program files\Open Cellar
    2009-04-01 21:31 --------- d-----w c:\program files\Larousse
    2009-04-01 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-03-31 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-31 20:02 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-30 14:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\Thinstall
    2009-03-29 20:57 --------- d-----w c:\program files\Yahoo!
    2009-03-29 07:08 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss
    2009-03-25 17:49 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-25 17:38 --------- d-----w c:\program files\ma-config.com
    2009-03-25 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-03-22 19:51 --------- d-----w c:\program files\eMule
    2009-03-22 14:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\gSyncit
    2009-03-21 18:39 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-03-06 08:03 --------- d-----w c:\program files\gSyncit
    2009-02-18 13:14 --------- d-----w c:\program files\Free Music Zilla
    2009-02-15 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
    2009-02-12 07:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\IDM
    2009-02-06 08:03 --------- d-----w c:\program files\Fichiers communs\Sage
    2008-09-22 15:45 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
    2008-08-20 06:22 15 ----a-w c:\documents and settings\Administrateur\ip.bat
    .

    ------- Sigcheck -------

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\system32\dllcache\explorer.exe

    2007-06-14 16:31 53080 3a83a45e7dd5276315aa20245e7c32bf c:\windows\LastGood\system32\wuauclt.exe
    2007-07-30 20:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2008-01-03 486856]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
    "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2008-01-03 486856]
    "SMKRun"="c:\program files\JustWrite Office\ScreenMark.exe" [2007-01-08 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "Ovt Wia"="c:\windows\OV530EM.exe" [2005-11-14 32768]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
    "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
    "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "JWOSetup"="JWOSetup.exe" [2007-01-09 c:\windows\JWOSetup.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "CTHelper"="CTHELPER.EXE" [2003-02-21 c:\windows\system32\CTHELPER.EXE]
    "AsioReg"="CTASIO.DLL" [2003-02-21 c:\windows\system32\CTASIO.DLL]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2008-06-27 c:\windows\system32\MIDIDEF.EXE]
    "nltide_3"="advpack.dll" [2007-12-07 c:\windows\system32\advpack.dll]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-30 805392]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "msacm.PLCMg722"= PLCMg722.acm
    "msacm.PLCMg728"= PLCMg728.acm
    "msacm.PLCMg729A"= PLCMg729A.acm
    "msacm.PLCMsiren"= PLCMsiren.acm
    "vidc.mjpg"= pvmjpg30.dll
    "VIDC.I420"= i420vfw.dll
    "VIDC.JDCT"= jl_jdct.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^wintp.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2007-10-07 18:36 904880 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2004-05-12 16:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-02-12 14:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --------- 2007-06-29 00:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    --a------ 2007-10-07 18:01 2620336 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-01-16 00:54 37376 c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 iastor55;iastor55;c:\windows\system32\drivers\iastor55.sys [2007-06-26 874240]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-25 28544]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-01-01 15424]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-04-28 3024168]
    R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [2008-08-08 67032]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-26 89600]
    R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2008-09-05 94208]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-06-16 15144]
    S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS [?]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-05-09 34944]
    S3 ovt530;AV301P;c:\windows\system32\drivers\ov530vid.sys [2008-06-16 161792]
    S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [2008-01-29 104704]
    S4 RFNP32;WebDrive Provider; [x]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86db078e-6aaa-11dd-a747-00111137f794}]
    \Shell\AutoRun\command - r:\wd_windows_tools\Setup.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
    LSP: c:\windows\system32\imon.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT746494&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?hl=fr&tab=wc
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{c2c7c8f0-ab5b-4273-8291-c10737ccdb29}\components\FFAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-02 23:57:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,4a,93,a6,f6,c6,
    99,08,b9,2e,e8,e1,00,eb,16,2b,de,12,67,73,50,99,b2,15,be,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):2b,8b,ac,03,dc,5a,a9,c3,df,59,9e,6d,45,8c,cd,8b,ad,e7,55,b7,28,
    09,07,19,eb,00,6d,5c,a3,62,c3,21,a4,31,d6,85,04,c8,9f,81,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,5f,54,a6,df,d4,
    e8,4c,ac,46,47,15,b0,92,4b,c7,ef,9b,2b,04,71,44,26,aa,db,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1c,c9,f1,71,ca,
    12,db,1f,7a,45,05,fd,91,e8,6f,31,f2,fc,66,2d,59,16,79,fc,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6f477891-f599-4e19-839d-173bd35bb9b2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000122
    "Therad"=dword:0000000f

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,39,1b,5f,5f,5c,
    c8,42,b6,6b,65,49,6a,7e,99,74,f7,5d,cd,71,6e,29,f9,45,41,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):05,93,34,c3,46,24,d3,f0,db,4d,7c,be,0e,f8,91,bf,66,e4,88,34,0f,
    a5,cc,46,71,9b,62,07,b2,c1,53,87,48,bc,0c,04,0e,87,86,b2,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ca,a2,f5,9a,a6,
    89,d6,d2,e9,02,6c,fa,fb,1d,47,57,37,d3,8a,4a,c5,bc,24,97,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,a6,7c,1b,64,a3,
    b6,8b,c9,50,93,e5,ab,ec,6a,4e,ab,a6,58,79,c7,76,22,24,33,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7e,33,7c,53,13,
    75,3f,6f,97,20,4e,9a,c7,f1,35,ee,0a,03,a2,7d,7b,a0,64,c9,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b32c2a29-63a8-49b1-baff-a3ae9867fead}]
    @Denied: (Full) (Everyone)
    "Model"=dword:000000bb
    "Therad"=dword:00000021
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,93,71,2d,a9,eb,b6,35,64,62,f6,27,c7,c2,3d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4a,40,93,d6,33,
    c7,fa,cb,aa,52,c6,00,84,3c,26,64,7a,5d,41,ef,85,84,92,89,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ff,5a,ea,eb,6c,
    8b,19,f3,b2,46,9a,e2,1b,fe,1b,94,69,0f,f8,5b,64,96,3e,46,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,53,1b,83,bb,c7,
    4b,e9,6e,37,a4,aa,c3,a6,15,56,0a,8f,ea,40,dc,2a,89,0a,b9,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c5,64,d9,f8,d1,
    48,da,b2,f8,31,0f,a9,5f,a0,ec,fb,e3,be,ba,99,00,76,a6,db,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,01,6d,53,a3,bc,
    54,f5,1a,05,73,21,dd,54,d8,4a,c5,80,61,35,be,7d,72,66,24,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="AE12DECE89DA4D3614E279CB6611518DEA3E542F2E0B8FF6D74291A78A173C7108F3E63E6DB4C9D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794C038D530D6EB3452A6A0AC4980AC79339F9A2DDB79CC1E19A65B5B171B6A3B615EA3B754ADA5BD149B6984CD6C09D2B81881BE26AB5FBD2181729BDE746BA50A1B1622A126F6ED866994455831AF1F496EA31B1558CF66AB7F9D9FCC0D229A951B64065B54C45B2A5E151B62B84F38C7FE90B8EBD537EBDADB4C44E66E92287E9B764A6C10A16FE9DA6F975C4DA77D346808EDBF7F224863971A4C0A23B97F4D1E6AB8173992B2C57F5F2B8CBEEE74A30D83F8FD3691968E775D5BE5BD82761FE70F016F2F15D54F3350AF8C5E4B43BD952C79E2DDFA1A39819C7B7E51D088A781EA335ED817A9301FE35FCB04D8373E6BDF73825C47B65604921A2B777A512DB7B347209F7C28A133715A0A0AA83EF63F32CF431FD2F3E88DB089984CC894899D581847F09BE9F3A07F23DCCEBD6E4B82E85B6014EF018BF319FD4571FAB7AB85796236BF3F2E0ADCCFA13035907D32ED0046E8B061AD6A4D2391850B4143148BE84A277F2758DAA2CF21BFA38DC93BFCA424BDEBE36F49775BC0814144E6DA893254A52B846F737127511E0514D103ECB9ED17C0A0DD7A12806EB3C01B74A9A4116D1541029DF0892F453248F7B940C2D48100AEBA37E801065F6EBB56E03FBE74E1A742B6B187F074F333DE82C9B944429C57BAC6DC91EC943BD26476C66D020364E7B2349F7E733AB93140EDEC4D7D7F644EEBCD5106C00792D9757263995C938C311F7C7EB11D74568C676CB3E9BC3FE1EDCDCC3F6BADEBD4CFAAB319BF7EB4D3B31386878E424EEB7CD29FD1951668820F7035F2F9A887D7D244186DEDDC2598F621BD9A1A78A2038984A11F66E015946166EBDE006852D4D808710B44B1599D51DD813B6B19850591047D970937934EE748C895DE6976E8A73E87BEFBF87A0971E2A38E2D433C44465BB25B3FF767C6F8329AD10C6CD4965C33127C5EF4E5E45650ECE19FD73EF0AE99B62FDB4746F9BEC2216F1075004266B74057482BAAA0D5C517A2157E3BA523D170F8C80D1A4A391E92EE08CB3F368920B40B2DE28E8E9768D0E2F49F93DB52993CC6807283FA3A6B96F6267C0E9EDDC58475932A88E31A63BEDB3AEADD733D0B6AC51468D2B4E9D6CACE2FD61D8DCD04B998955246BBACE3F6E675D2E230BAC7BECC27A18F03C18F41647C704F791A3D539861712915F49A8303C80C9FB8746E7152F394F357114A7D48FB9FBB39D6D542C1B8DE43D06BBDE453EB91469866A92E71447CEE85F93DF8AE2E02AE0DEB35EC8072395FB75D888D9EA921BCBFE3A195EB79D8A2C5F325A07128"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1160)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(1224)
    c:\windows\system32\relog_ap.dll
    c:\windows\system32\imon.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\system32\oodag.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\WTablet\Pen_TabletUser.exe
    c:\program files\NetDrive\wdService.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-04-03 0:01:44 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-04-02 22:01:41

    Avant-CF: 18 377 682 944 octets libres
    Après-CF: 18,302,746,624 octets libres

    382
    a c 273 8 Sécurité
    3 Avril 2009 00:14:29

    /!\ Seul jlcollet peut suivre cette procédure /!\

    Désactive toute protection résidente (Antivirus...) !

    ---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

    KillAll::

    File::
    c:\windows\system\netmon.exe
    c:\windows\system32\msvcrt2.dll
    c:\windows\system32\msr.exe
    c:\windows\system\msrsys32.exe
    c:\windows\regx32.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TrialReset"=-


    ---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

    - Colle (CTRL+V) le texte dans le Bloc-notes.
    - Enregistre ce fichier dans : Bureau
    - Nom du fichier : CFScript
    - Type du fichier : tous les fichiers !!
    - Clique sur Enregistrer.
    - Quitte le Bloc-notes.

    ---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :



  • Cela va relancer Combofix : au message qui apparaît, accepte.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
  • Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

    ;) 
    3 Avril 2009 09:37:25

    Bonjour
    voici le rapport:
    ===================
    ComboFix 09-04-01.01 - Administrateur 2009-04-03 9:25:52.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1362 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    c:\windows\regx32.exe
    c:\windows\system\msrsys32.exe
    c:\windows\system\netmon.exe
    c:\windows\system32\msr.exe
    c:\windows\system32\msvcrt2.dll
    .
    Les fichiers ci-dessous ont été désactivés pendant l'exécution:
    c:\program files\SuperCopier2\SC2Hook.dll


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\regx32.exe
    c:\windows\system\msrsys32.exe
    c:\windows\system\netmon.exe
    c:\windows\system32\msr.exe
    c:\windows\system32\msvcrt2.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-03 au 2009-04-03 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\system32\xircom
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\system32\oobe
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\windows\srchasst
    2009-04-02 23:56 . 2009-04-02 23:56 <REP> d-------- c:\program files\microsoft frontpage
    2009-04-02 21:13 . 2009-04-02 21:13 122,272 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
    2009-04-02 06:39 . 2009-04-02 06:39 <REP> d-------- C:\rsit
    2009-04-02 06:39 . 2009-04-02 21:07 <REP> d-------- c:\program files\trend micro
    2009-04-01 23:26 . 2009-04-01 23:26 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Uniblue
    2009-03-24 20:14 . 2009-04-02 06:19 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
    2009-03-23 00:01 . 2009-03-23 00:01 <REP> d-------- c:\documents and settings\All Users\Application Data\BSD
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\program files\BSD Concept
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\documents and settings\All Users\Application Data\BSD Concept
    2009-03-23 00:00 . 2009-03-23 00:00 <REP> d-------- c:\documents and settings\Administrateur\Application Data\BSD Concept
    2009-03-22 20:39 . 2009-03-22 20:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
    2009-03-22 20:39 . 2009-03-22 20:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Babylon

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-03 07:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\WTablet
    2009-04-03 07:29 --------- d-----w c:\documents and settings\Administrateur\Application Data\DMCache
    2009-04-03 07:28 --------- d-----w c:\program files\SuperCopier2
    2009-04-03 06:28 --------- d-----w c:\program files\Mozilla Thunderbird
    2009-04-02 10:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
    2009-04-02 05:56 --------- d-----w c:\program files\Open Cellar
    2009-04-01 21:31 --------- d-----w c:\program files\Larousse
    2009-04-01 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2009-03-31 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-31 20:02 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-30 14:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\Thinstall
    2009-03-29 20:57 --------- d-----w c:\program files\Yahoo!
    2009-03-29 07:08 --------- d-----w c:\documents and settings\Administrateur\Application Data\dvdcss
    2009-03-25 17:49 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-25 17:38 --------- d-----w c:\program files\ma-config.com
    2009-03-25 17:38 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
    2009-03-22 19:51 --------- d-----w c:\program files\eMule
    2009-03-22 14:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\gSyncit
    2009-03-21 18:39 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-03-06 08:03 --------- d-----w c:\program files\gSyncit
    2009-02-18 13:14 --------- d-----w c:\program files\Free Music Zilla
    2009-02-15 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
    2009-02-12 07:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\IDM
    2009-02-06 08:03 --------- d-----w c:\program files\Fichiers communs\Sage
    2008-09-22 15:45 47,360 ----a-w c:\documents and settings\Administrateur\Application Data\pcouffin.sys
    2008-08-20 06:22 15 ----a-w c:\documents and settings\Administrateur\ip.bat
    .

    ------- Sigcheck -------

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\system32\dllcache\explorer.exe

    2007-07-30 20:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2008-01-03 486856]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
    "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]
    "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2008-01-03 486856]
    "SMKRun"="c:\program files\JustWrite Office\ScreenMark.exe" [2007-01-08 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
    "Ovt Wia"="c:\windows\OV530EM.exe" [2005-11-14 32768]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
    "CamserviceDP"="c:\program files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
    "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "JWOSetup"="JWOSetup.exe" [2007-01-09 c:\windows\JWOSetup.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "CTHelper"="CTHELPER.EXE" [2003-02-21 c:\windows\system32\CTHELPER.EXE]
    "AsioReg"="CTASIO.DLL" [2003-02-21 c:\windows\system32\CTASIO.DLL]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2008-06-27 c:\windows\system32\MIDIDEF.EXE]
    "nltide_3"="advpack.dll" [2007-12-07 c:\windows\system32\advpack.dll]

    c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-30 805392]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    "StartMenuLogoff"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll
    "msacm.PLCMg722"= PLCMg722.acm
    "msacm.PLCMg728"= PLCMg728.acm
    "msacm.PLCMg729A"= PLCMg729A.acm
    "msacm.PLCMsiren"= PLCMsiren.acm
    "vidc.mjpg"= pvmjpg30.dll
    "VIDC.I420"= i420vfw.dll
    "VIDC.JDCT"= jl_jdct.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^wintp.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    --a------ 2007-10-07 18:36 904880 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    --a------ 2004-05-12 16:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-02-12 14:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    --------- 2007-06-29 00:01 2512128 c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    --a------ 2007-10-07 18:01 2620336 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-01-16 00:54 37376 c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 iastor55;iastor55;c:\windows\system32\drivers\iastor55.sys [2007-06-26 874240]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-25 28544]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-01-01 15424]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-04-28 3024168]
    R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [2008-08-08 67032]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-26 89600]
    R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2008-09-05 94208]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-06-16 15144]
    S2 HWiNFO32;HWiNFO32 Kernel Driver;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS [?]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-05-09 34944]
    S3 ovt530;AV301P;c:\windows\system32\drivers\ov530vid.sys [2008-06-16 161792]
    S3 USBAV708;Instant VideoMPX;c:\windows\system32\drivers\USBAV708.SYS [2008-01-29 104704]
    S4 RFNP32;WebDrive Provider; [x]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86db078e-6aaa-11dd-a747-00111137f794}]
    \Shell\AutoRun\command - r:\wd_windows_tools\Setup.exe
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Télécharger avec &BitSpirit - c:\program files\BitSpirit\bsurl.htm
    LSP: c:\windows\system32\imon.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT746494&SearchSource=3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?hl=fr&tab=wc
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{c2c7c8f0-ab5b-4273-8291-c10737ccdb29}\components\FFAlert.dll
    FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-03 09:29:37
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,4a,93,a6,f6,c6,
    99,08,b9,2e,e8,e1,00,eb,16,2b,de,12,67,73,50,99,b2,15,be,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):2b,8b,ac,03,dc,5a,a9,c3,df,59,9e,6d,45,8c,cd,8b,ad,e7,55,b7,28,
    09,07,19,eb,00,6d,5c,a3,62,c3,21,a4,31,d6,85,04,c8,9f,81,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,5f,54,a6,df,d4,
    e8,4c,ac,46,47,15,b0,92,4b,c7,ef,9b,2b,04,71,44,26,aa,db,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,1c,c9,f1,71,ca,
    12,db,1f,7a,45,05,fd,91,e8,6f,31,f2,fc,66,2d,59,16,79,fc,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6f477891-f599-4e19-839d-173bd35bb9b2}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000122
    "Therad"=dword:0000000f

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,39,1b,5f,5f,5c,
    c8,42,b6,6b,65,49,6a,7e,99,74,f7,5d,cd,71,6e,29,f9,45,41,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):05,93,34,c3,46,24,d3,f0,db,4d,7c,be,0e,f8,91,bf,66,e4,88,34,0f,
    a5,cc,46,71,9b,62,07,b2,c1,53,87,48,bc,0c,04,0e,87,86,b2,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ca,a2,f5,9a,a6,
    89,d6,d2,e9,02,6c,fa,fb,1d,47,57,37,d3,8a,4a,c5,bc,24,97,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:D f,20,58,62,78,6b,cf,c8,a6,7c,1b,64,a3,
    b6,8b,c9,50,93,e5,ab,ec,6a,4e,ab,a6,58,79,c7,76,22,24,33,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7e,33,7c,53,13,
    75,3f,6f,97,20,4e,9a,c7,f1,35,ee,0a,03,a2,7d,7b,a0,64,c9,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b32c2a29-63a8-49b1-baff-a3ae9867fead}]
    @Denied: (Full) (Everyone)
    "Model"=dword:000000bb
    "Therad"=dword:00000021
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,93,71,2d,a9,eb,b6,35,64,62,f6,27,c7,c2,3d,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4a,40,93,d6,33,
    c7,fa,cb,aa,52,c6,00,84,3c,26,64,7a,5d,41,ef,85,84,92,89,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ff,5a,ea,eb,6c,
    8b,19,f3,b2,46,9a,e2,1b,fe,1b,94,69,0f,f8,5b,64,96,3e,46,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,53,1b,83,bb,c7,
    4b,e9,6e,37,a4,aa,c3,a6,15,56,0a,8f,ea,40,dc,2a,89,0a,b9,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c5,64,d9,f8,d1,
    48,da,b2,f8,31,0f,a9,5f,a0,ec,fb,e3,be,ba,99,00,76,a6,db,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,01,6d,53,a3,bc,
    54,f5,1a,05,73,21,dd,54,d8,4a,c5,80,61,35,be,7d,72,66,24,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG10.00.00.01WORKSTATION"="AE12DECE89DA4D3614E279CB6611518DEA3E542F2E0B8FF6D74291A78A173C7108F3E63E6DB4C9D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794C038D530D6EB3452A6A0AC4980AC79339F9A2DDB79CC1E19A65B5B171B6A3B615EA3B754ADA5BD149B6984CD6C09D2B81881BE26AB5FBD2181729BDE746BA50A1B1622A126F6ED866994455831AF1F496EA31B1558CF66AB7F9D9FCC0D229A951B64065B54C45B2A5E151B62B84F38C7FE90B8EBD537EBDADB4C44E66E92287E9B764A6C10A16FE9DA6F975C4DA77D346808EDBF7F224863971A4C0A23B97F4D1E6AB8173992B2C57F5F2B8CBEEE74A30D83F8FD3691968E775D5BE5BD82761FE70F016F2F15D54F3350AF8C5E4B43BD952C79E2DDFA1A39819C7B7E51D088A781EA335ED817A9301FE35FCB04D8373E6BDF73825C47B65604921A2B777A512DB7B347209F7C28A133715A0A0AA83EF63F32CF431FD2F3E88DB089984CC894899D581847F09BE9F3A07F23DCCEBD6E4B82E85B6014EF018BF319FD4571FAB7AB85796236BF3F2E0ADCCFA13035907D32ED0046E8B061AD6A4D2391850B4143148BE84A277F2758DAA2CF21BFA38DC93BFCA424BDEBE36F49775BC0814144E6DA893254A52B846F737127511E0514D103ECB9ED17C0A0DD7A12806EB3C01B74A9A4116D1541029DF0892F453248F7B940C2D48100AEBA37E801065F6EBB56E03FBE74E1A742B6B187F074F333DE82C9B944429C57BAC6DC91EC943BD26476C66D020364E7B2349F7E733AB93140EDEC4D7D7F644EEBCD5106C00792D9757263995C938C311F7C7EB11D74568C676CB3E9BC3FE1EDCDCC3F6BADEBD4CFAAB319BF7EB4D3B31386878E424EEB7CD29FD1951668820F7035F2F9A887D7D244186DEDDC2598F621BD9A1A78A2038984A11F66E015946166EBDE006852D4D808710B44B1599D51DD813B6B19850591047D970937934EE748C895DE6976E8A73E87BEFBF87A0971E2A38E2D433C44465BB25B3FF767C6F8329AD10C6CD4965C33127C5EF4E5E45650ECE19FD73EF0AE99B62FDB4746F9BEC2216F1075004266B74057482BAAA0D5C517A2157E3BA523D170F8C80D1A4A391E92EE08CB3F368920B40B2DE28E8E9768D0E2F49F93DB52993CC6807283FA3A6B96F6267C0E9EDDC58475932A88E31A63BEDB3AEADD733D0B6AC51468D2B4E9D6CACE2FD61D8DCD04B998955246BBACE3F6E675D2E230BAC7BECC27A18F03C18F41647C704F791A3D539861712915F49A8303C80C9FB8746E7152F394F357114A7D48FB9FBB39D6D542C1B8DE43D06BBDE453EB91469866A92E71447CEE85F93DF8AE2E02AE0DEB35EC8072395FB75D888D9EA921BCBFE3A195EB79D8A2C5F325A07128"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1168)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

    - - - - - - - > 'lsass.exe'(1228)
    c:\windows\system32\relog_ap.dll
    c:\windows\system32\imon.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\windows\system32\oodag.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\WTablet\Pen_TabletUser.exe
    c:\program files\NetDrive\wdService.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-04-03 9:33:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-04-03 07:33:38
    ComboFix2.txt 2009-04-02 22:01:46

    Avant-CF: 18 302 087 168 octets libres
    Après-CF: 18,277,376,000 octets libres

    377
    ====================
    Merci
    a c 273 8 Sécurité
    3 Avril 2009 12:38:02

  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Désinstalle les programmes suivants :
    - Java 6 Update 3
    - Java SE Runtime Environment 6 Update 1

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    3 Avril 2009 14:41:36

    Bonjour,
    vraiment merci pour tout!
    Tout d'abord Malwarebytes ne fonctionnait pas avant ton aide : il se plantait au bout de quelques secondes et mainteant il fonctionne : bravo!
    Il a trouvé 3 malwares; je les ai viré, voici le rapport :
    ======================
    Malwarebytes' Anti-Malware 1.35
    Version de la base de données: 1936
    Windows 5.1.2600 Service Pack 2

    03/04/2009 14:29:31
    mbam-log-2009-04-03 (14-28-43).txt

    Type de recherche: Examen rapide
    Eléments examinés: 71138
    Temps écoulé: 2 minute(s), 52 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a c 273 8 Sécurité
    3 Avril 2009 15:20:36

  • Mets à jour Java.

  • Refais un scan RSIT et poste le rapport log.
    3 Avril 2009 18:11:00

    voici les rapports:
    =================
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrateur at 2009-04-03 18:07:34
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 18 GB (44%) free of 40 GB
    Total RAM: 2046 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:07:44, on 03/04/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\OV530EM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Hercules\DualPix Exchange\Camservice.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\NetDrive\wdservice.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\Explorer.EXE
    D:\Downloads\Programs\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "%ProgramFiles%\DAEMON Tools\daemon.exe\" -lang 1033
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
    O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV530EM.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
    O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe

    --
    End of file - 13021 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
    IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
    SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-16 63048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-22 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16 161352]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-08-15 1404928]
    "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]
    "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2007-10-07 140568]
    "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-03 486856]
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "JWOSetup"=JWOSetup.exe -en []
    "SMKRun"=C:\Program Files\JustWrite Office\ScreenMark.exe [2007-01-08 118784]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
    "Ovt Wia"=C:\WINDOWS\OV530EM.exe [2005-11-14 32768]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
    "CamserviceDP"=C:\Program Files\Hercules\DualPix Exchange\Camservice.exe [2007-08-10 81920]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
    "CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
    "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-02-21 28672]
    "AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools\daemon.exe [2008-01-03 486856]
    "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2007-12-21 931760]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-07 904880]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
    C:\WINDOWS\system32\oodtray.exe [2007-06-29 2512128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-10-07 2620336]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
    C:\PROGRA~1\Ciel\Starter.exe [2006-07-06 524288]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-11-22 161264]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^wintp.exe]
    []

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-08-08 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-06-26 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "ForceClassicControlPanel"=1
    "ForceStartMenuLogoff"=0
    "NoResolveTrack"=1
    "NoResolveSearch"=1
    "NoInstrumentation"=1
    "NoStartMenuMFUprogramsList"=1
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
    "C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
    "C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86db078e-6aaa-11dd-a747-00111137f794}]
    shell\AutoRun\command - R:\WD_Windows_Tools\Setup.exe


    ======File associations======

    .js - open - "D:\A.P.J.T.2009\MULTIMEDIA\IMAGES\DreamweaverPortable\App\Dreamweaver\Dreamweaver.exe","%1"
    .scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
    .scr - install -
    .scr - config -

    ======List of files/folders created in the last 1 months======

    2009-04-03 14:23:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2009-04-03 14:23:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-04-03 14:23:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-04-03 14:20:28 ----SHD---- C:\RECYCLER
    2009-04-03 14:17:08 ----D---- C:\ComboFix
    2009-04-03 09:33:49 ----D---- C:\WINDOWS\temp
    2009-04-03 09:33:48 ----A---- C:\ComboFix.txt
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\system32\xircom
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\system32\oobe
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\srchasst
    2009-04-02 23:56:17 ----D---- C:\Program Files\xerox
    2009-04-02 23:56:16 ----D---- C:\Program Files\microsoft frontpage
    2009-04-02 23:50:16 ----D---- C:\WINDOWS\ERDNT
    2009-04-02 22:27:25 ----A---- C:\DirLook1.txt
    2009-04-02 22:25:13 ----A---- C:\DirLook.txt
    2009-04-02 06:39:03 ----D---- C:\rsit
    2009-04-02 06:39:03 ----D---- C:\Program Files\trend micro
    2009-04-01 23:26:03 ----D---- C:\Documents and Settings\Administrateur\Application Data\Uniblue
    2009-03-24 20:14:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-03-23 00:01:10 ----D---- C:\Documents and Settings\All Users\Application Data\BSD
    2009-03-23 00:00:54 ----D---- C:\Documents and Settings\Administrateur\Application Data\BSD Concept
    2009-03-23 00:00:25 ----D---- C:\Documents and Settings\All Users\Application Data\BSD Concept
    2009-03-23 00:00:22 ----D---- C:\Program Files\BSD Concept
    2009-03-22 20:39:32 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
    2009-03-22 20:39:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\Babylon
    2009-03-21 20:39:09 ----D---- C:\Program Files\Adobe

    ======List of files/folders modified in the last 1 months======

    2009-04-03 18:07:42 ----D---- C:\WINDOWS\Prefetch
    2009-04-03 18:00:49 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-03 14:34:53 ----D---- C:\Documents and Settings\Administrateur\Application Data\WTablet
    2009-04-03 14:34:51 ----SHD---- C:\System Volume Information
    2009-04-03 14:34:51 ----D---- C:\WINDOWS\system32\Restore
    2009-04-03 14:34:26 ----D---- C:\Documents and Settings\Administrateur\Application Data\DMCache
    2009-04-03 14:33:54 ----D---- C:\Program Files\SuperCopier2
    2009-04-03 14:33:34 ----D---- C:\WINDOWS\system32\drivers
    2009-04-03 14:33:16 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-03 14:31:28 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-04-03 14:23:38 ----RD---- C:\Program Files
    2009-04-03 14:21:50 ----D---- C:\Program Files\Java
    2009-04-03 14:20:57 ----SHD---- C:\WINDOWS\Installer
    2009-04-03 14:20:57 ----SHD---- C:\Config.Msi
    2009-04-03 14:17:37 ----D---- C:\WINDOWS
    2009-04-03 14:17:32 ----D---- C:\WINDOWS\system32
    2009-04-03 14:17:19 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-03 09:29:48 ----A---- C:\WINDOWS\system.ini
    2009-04-03 09:28:54 ----SHD---- C:\WINDOWS\CSC
    2009-04-03 09:27:34 ----D---- C:\WINDOWS\system32\config
    2009-04-03 09:26:45 ----D---- C:\WINDOWS\AppPatch
    2009-04-03 09:26:43 ----D---- C:\Program Files\Fichiers communs
    2009-04-03 09:25:56 ----D---- C:\WINDOWS\system
    2009-04-03 08:25:03 ----D---- C:\WINDOWS\system32\oodag
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\system32\wbem
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\ime
    2009-04-02 23:56:17 ----D---- C:\WINDOWS\Help
    2009-04-02 23:10:00 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-04-02 23:02:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
    2009-04-02 12:13:09 ----D---- C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2009-04-02 11:44:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-04-02 07:56:47 ----D---- C:\Program Files\Open Cellar
    2009-04-01 23:31:37 ----D---- C:\Program Files\Larousse
    2009-04-01 23:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-04-01 23:12:11 ----A---- C:\WINDOWS\WININIT.INI
    2009-03-31 22:42:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-31 22:42:32 ----D---- C:\WINDOWS\Minidump
    2009-03-31 22:02:43 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-03-30 16:02:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thinstall
    2009-03-30 08:18:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-03-29 22:57:01 ----D---- C:\Program Files\Yahoo!
    2009-03-29 09:08:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2009-03-25 19:49:50 ----HD---- C:\WINDOWS\inf
    2009-03-25 19:49:12 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-25 19:38:18 ----D---- C:\Program Files\ma-config.com
    2009-03-25 19:38:18 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-03-25 19:31:53 ----RSD---- C:\WINDOWS\assembly
    2009-03-25 19:31:53 ----D---- C:\WINDOWS\Microsoft.NET
    2009-03-22 21:51:48 ----D---- C:\Program Files\eMule
    2009-03-22 20:38:09 ----D---- C:\Temp
    2009-03-22 16:49:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\gSyncit
    2009-03-21 20:39:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-03-21 20:39:11 ----D---- C:\Program Files\Fichiers communs\Adobe
    2009-03-06 10:03:55 ----D---- C:\Program Files\gSyncit

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
    R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-08-03 15424]
    R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-07 12032]
    R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
    R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-14 15440]
    R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
    R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]
    R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-02-14 44384]
    R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-06-26 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-08 3266560]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-01-30 160256]
    R3 camfilt2;camfilt2; C:\WINDOWS\System32\Drivers\camfilt2.sys [2007-05-29 94208]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-21 135040]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-21 6144]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-21 135248]
    R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
    R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2006-12-14 11984]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-21 116000]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-03-26 823616]
    R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
    R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
    R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
    R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
    R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
    R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-06-26 61824]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-22 47360]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-12-24 10368]
    R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-16 9602944]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
    R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
    R3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
    R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
    R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
    R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
    S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-08-03 512096]
    S2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\HWiNFO32.SYS []
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
    S3 ael5y0s3;ael5y0s3; C:\WINDOWS\system32\drivers\ael5y0s3.sys []
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
    S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
    S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
    S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
    S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
    S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
    S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
    S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
    S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
    S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2006-05-09 34944]
    S3 ovt530;AV301P; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
    S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2006-08-15 732928]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
    S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-15 260352]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
    S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
    S3 USBAV708;Instant VideoMPX; C:\WINDOWS\SYSTEM32\DRIVERS\USBAV708.SYS [2004-10-11 104704]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-06-26 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-06-26 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp []
    S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-10-07 427288]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-08 573440]
    R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 168432]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-06-29 1049856]
    R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
    R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2008-04-03 3024168]
    R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056]
    R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdservice.exe [2003-03-26 94208]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-08 593920]
    S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2007-12-26 77944]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-05-09 86016]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

    -----------------EOF-----------------
    ================================================
    info.txt logfile of random's system information tool 1.06 2009-04-02 06:39:35

    ======Uninstall list======

    -->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /L:FRN
    -->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W /L:FRN
    -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Acronis True Image Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
    Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D4ED56E-C3DF-46F6-924B-D6774A766943}\setup.exe" -l0x40c
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
    ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
    ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
    AutoCAD 2007 - Français-->MsiExec.exe /I{5783F2D7-5001-040C-0002-0060B0CE6BBA}
    Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
    AV301P-->MsiExec.exe /X{DBAA6058-4960-4A46-8E84-4D71F23F3A84}
    Ballance-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42E0783D-3BA4-454B-B58A-BF26E49EB7DE}\setup.exe"
    Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
    BitSpirit v3.1.0.077 Stable Release-->"C:\Program Files\BitSpirit\unins000.exe"
    Boris Graffiti-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{262BF2CD-601D-4F43-919C-4B00B1D1F338}\setup.exe" -l0x40c -removeonly
    Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Ciel Gestion Commerciale 13.0-->MsiExec.exe /I{414C215E-F8E2-4235-BE08-B3932F50246D}
    CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
    CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    DVDFab Platinum 4.0.3.0 Final Registered-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    ESET NOD32 Antivirus-->MsiExec.exe /I{6229EFBA-A122-490C-B660-A5409FA15A31}
    FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\UnInstall_14333.exe"
    FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
    FpTest 3.2-->C:\Program Files\FpTest\uninst.exe
    Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
    Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
    FreeGo version 4-->"C:\Program Files\FreeGo\unins000.exe"
    Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
    gSyncit-->MsiExec.exe /I{67AE0E65-3F0C-4B51-A194-E58145BB6887}
    Hercules DualPix Exchange Webcam-->C:\Program Files\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly
    Hercules WebCam Station-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}\Setup.exe" -l0x40c
    Hercules Webcam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}\Setup.exe" -l0x40c
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP OfficeJet/PSC Scrubber-->C:\WINDOWS\IsUninst.exe -fC:\HPAiOScrubber\Uninst.isu
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
    HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
    Instant VideoMPX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FEBA60E-4DAB-46C4-99E0-197721785DA1}\setup.exe" -l0x40c -removeonly
    Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
    Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
    InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
    Magic Bullet Looks Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Studio 12\Plugins\RTFx\mblooksstudio.log
    Marsu-Fix 2.5-->"C:\WINDOWS\Marsu-Fix 2.5 Uninstaller.exe"
    Micro Application - Kit d'Impression CD - DVD-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Kit d'Impression CD - DVD\cdl3.isu"
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    MozBackup 1.4.6-->"C:\Program Files\MozBackup\unins000.exe"
    Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
    Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe"
    NetDrive-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
    NewsLeecher v3.9 Beta 4-->"C:\Program Files\NewsLeecher\unins000.exe"
    O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
    Open Cellar-->MsiExec.exe /I{1F0944C8-C099-4E12-8F0C-617316731B58}
    Open Cellar-->MsiExec.exe /I{948B2008-30F9-422F-8919-90ADF47EA70F}
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
    Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
    Pinnacle Studio 12 Ultimate Plugins-->MsiExec.exe /I{D1860E6E-520E-4380-8433-E58E8F88B473}
    Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
    Planète Généalogie-->"C:\Program Files\BSD Concept\Planète Généalogie\unins000.exe"
    proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
    qFreeFax 0.1-->C:\Program Files\qFreeFax\uninst.exe
    QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
    QuickTime Alternative 1.81-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
    SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
    Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x40c
    Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SUPER © Versi
    a c 273 8 Sécurité
    3 Avril 2009 18:39:32

    Ton PC va bien ?

    Tu peux faire un scan complet avec ton antivirus ?
    3 Avril 2009 19:27:34

    Tout d'abord merci pour tout : mon PC semble OK!
    Tu as été très efficace et je t'en remercie; si je epux faire quelque chose pour toi, n'hésite pas à me le demander.

    OK je vais lancer un scan; mais cela est long!

    Puis-je me permettre quelques qestions?
    -D'où provient ce pb? je fais très attention
    -Comment l'éviter à nouveau?
    -Spybot ne trouve jamais rien; et malwarebytes ne fonctionnait pas: est-il plus efficace? (ce n'est pas évident d'après les différents comparatifs)
    -Quid de Java, y était-il pour quelquechose ? Et puis-je le réinstaller?

    Merci pour tout et je te tiens au courant du scan AV.
    a c 273 8 Sécurité
    3 Avril 2009 19:37:35

    Citation :
    -D'où provient ce pb? je fais très attention

    --> J'ai vu eMule donc peut-être que tu as téléchargé un mauvais fichier.

    J'ai une dernière procédure à te donner après ton scan antivirus.

    Pour Java, il faut le tenir à jour pour éviter les failles de sécurité.
    3 Avril 2009 23:52:48

    Voici le résultat du scan:
    4 infiltrations dans \_OTMoveit : smartkey, netmon , 46.scr et 75.scr.
    Mis en quarantaine et virés!
    Le reste est parfait
    a c 273 8 Sécurité
    3 Avril 2009 23:56:50

    1/

  • Désinstalle HijackThis.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner Slim.
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    4 Avril 2009 09:40:33

    voici le rapport ccleaner:
    ====================
    [ Rapport ToolsCleaner version 2.3.3 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\Combofix: trouvé !
    C:\Rsit: trouvé !
    C:\RECYCLER\S-1-5-21-854245398-842925246-839522115-500\Dc3\HijackThis.exe: trouvé !
    C:\RECYCLER\S-1-5-21-854245398-842925246-839522115-500\Dc3\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\RECYCLER\S-1-5-21-854245398-842925246-839522115-500\Dc3\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\RECYCLER\S-1-5-21-854245398-842925246-839522115-500\Dc3\hijackthis.log: supprimé !
    C:\Combofix: supprimé !
    C:\Rsit: supprimé !
    ==================

    Je considére mon pb résolu et t'en remercie; merci aussi pour tes conseils.
    Bonne journée et merci pour ta grande efficacité/disponibilité.
    a c 273 8 Sécurité
    4 Avril 2009 15:37:50

    Tu peux supprimer ToolsCleaner.

    Bonne journée ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS